Beta 2 Server Letsencrypt issue.

Returning the symlinks alone to previous state didn't work.

It looks like when it tries to install the new certificate - it puts in the symlinks to itself - it then displays the cat errors as no certificate can be found. It looks like this error is recorded in dbipsconfig so it doesn't read the symlinks when corrected. Hence a restore was required to fix it (I couldn't investigate via phpMyAdmin as that required a working certificate to access). And yes I did service apache restart.

Hi - are you in Croydon? I'm in Sydenham.

 

Yes. This what the directory looked like. (bak is the original self-certs created by the email bug)

drwxr-x--- 2 root root 4096 Sep 24 18:23 bak
-rwxr-x--- 1 root root 45 Sep 28 12:37 empty.dir
lrwxrwxrwx 1 root root 48 Sep 28 12:37 ispserver.crt -> /usr/local/ispconfig/interface/ssl/ispserver.crt
lrwxrwxrwx 1 root root 58 Sep 24 18:24 ispserver.crt-20200928123706.bak -> /etc/letsencrypt/live/server.example.com/fullchain.pem
lrwxrwxrwx 1 root root 48 Sep 28 12:37 ispserver.key -> /usr/local/ispconfig/interface/ssl/ispserver.key
lrwxrwxrwx 1 root root 56 Sep 24 18:26 ispserver.key-20200928123706.bak -> /etc/letsencrypt/live/server.example.com/privkey.pem
-rwxr-x--- 1 root root 0 Sep 28 12:37 ispserver.pem
-rwxr-x--- 1 root root 5418 Sep 25 12:48 ispserver.pem-20200928123706.bak

 

Those lines are very strange. Will have to look into this.
Are you using certbot or acme.sh?

 

certbot. Installed via Debian Perfect Server tutorial.

Here is the relevant output of the updater:

Create new ISPConfig SSL certificate (yes,no) [no]: yes
Checking / creating certificate for server.example.com
Using certificate path /etc/letsencrypt/live/server.example.com
Using apache for certificate validation
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
cat: /usr/local/ispconfig/interface/ssl/ispserver.key: No such file or directory
cat: /usr/local/ispconfig/interface/ssl/ispserver.crt: No such file or directory
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]:

 

@croyden : I am sticking to the instructions as closely as possible. I did not execute install/update.php. I would not have thought to do so.

 

Okay, thanks . Guess the issue with that one is fixed. But not the other with certbot issue.

 

No Just searched the English dictionary for some nice possible usernames.

Okay, that seems to be fixed with the latest MR and such should be okay in tomorrow's nightly.

 

Oh dear. You may have heard of David Bowie who lived in nearby Beckenham. He said in an interview in 1999: “It was my nemesis, I hated Croydon with a real vengeance. It represented everything I didn't want in my life, everything I wanted to get away from. I think it's the most derogatory thing I can say about somebody or something: ‘God, it's so f**king Croydon!’”.

But don't think of changing your username to Sydenham 'cos that's also a nasty disease: https://en.wikipedia.org/wiki/Sydenham's_chorea

Thanks, for fixing it. Looking forward to general release.

 

Not really, but this username is somehow outdated already ;-) Using something like "StrathCole" (Strathclyde + Coleraine) now most of the time ;-) – but we are sliding off topic

 

Just to confirm, as of right now with the current nightly, I'm still seeing this:

Waiting for verification...
Cleaning up challenges
cat: /usr/local/ispconfig/interface/ssl/ispserver.key: No such file or directory
cat: /usr/local/ispconfig/interface/ssl/ispserver.crt: No such file or directory
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]:​

I'm just confirming the issue. I see this should be fixed soon and I'm happy to wait. I'll continue to move forward, installing other systems for web, DNS, etc. Thanks All!!!

 

Yup. From my noobish perspective, there are no more issues with the install. So far I have three systems running and connected via ISPConfig. I broke my DNS - systems are internet-accessible but it's not all quite right yet ... but that's a topic for a separate thread.
Thanks for all of the efforts!

Side notes:
XMPP is still a prompt in the install. There is a prompt for configuring Rspamd but no info about it yet.
Personally I have had a lot of confusion with specific aspects of the install (mostly for multi-server), but after doing the install about 20 times I think I get it now.
- There are users and passwords for MySQL root, ispconfig, phpmyadmin. And we need to be aware of the primary controller's MySQL root password, which is entered in both the secondary and the primary for each new server.
- To setup a secondary system we need to issue commands on the primary controller. It would be cool if a new server could make an HTTP web service call from secondary to primary so that the primary can issue its own user creation and setting privileges.
- DNS must be configured and firewall ports left open Before installing a secondary system.
- With all of the advice that server names Must be a FQDN, so far it looks like it's OK if systems within a network are referenced by hostname-only. For example, from web01 to ns01.
- There doesn't seem to be a defined way to exit from the install.php prompts other than ^C. For example, on repeated failure to connect a secondary (web) server to a primary (db) server, we might want to break out and reboot or do something else. The immediate question is "will this continue where it left off or do I need to clean up first?". Having done this many times now, it seems like we can run install many times, until it's actually complete, and then we need to use update.php. But I don't see any docs for how to handle that.

I think that's it for me. Again, doing this a few times helps to establish the patterns, but so far this knowledge comes from experimentation, not documentation. I have my Allinstall scripts doing everything now, up to the login into ISPConfig where we can then start configuring. I look forward to getting into API details to see what we can automate there too (create user, create client, create server, create DNS zone, create site, and all of the mail operations...).

Regards