Can't get Let's Encrypt working on the hosting panel

Discussion in 'Installation/Configuration' started by johannes1985, Aug 29, 2019.

  1. johannes1985

    johannes1985 Member

    Hi,

    I have followed both of these without success:
    https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
    https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/


    With the first one, I create the site for example my fqdn is web1.example.com, then I create a site with the fqdn web1.example.com.
    I create a new DNS zone, also web1.example.com, I also added and A record to the original DNS zone, web1 point to the server ip.

    And the steps up to "Changing ISPConfig 3 Control Panel (Port 8080)".

    The ssl certificates does get generated and when I visit the panel the error I receive is that it does not correspond with the current address (I can't remember the error message exactly, but it summarize to that), when I check the certificate in the browser it does state it is a let's encrypt certificate with the domain as web1.example.com.

    So I started over fresh with the second guide from ahrasis, the scripts completes and then nothing works, ftp, imap and smtp down. I had to start over again.

    I am on the latest version of ISP Config and using Apache.

    Please help as I am starting to pull my hair out.
     
    Last edited: Aug 29, 2019
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    According to that you create website web1.example.com twice. In addition to that, if you already have FQDN web1.example.com, you can not create domain web1.example.com.
    Have you verified you DNS is correctly set up? If DNS does not work properly, that is one reason why Let's Encrypt fails.
     
  3. johannes1985

    johannes1985 Member

    Let's encrypt is working perfectly, I did it exactly as on the tutorial.

    Here is the error it gives me:
    NET::ERR_CERT_COMMON_NAME_INVALID

    https://web1.relianx.com/

    Note: I have not tried it again, this is only the A record pointing to the hosting. Should I remove the A record from the one zone and only add it to the other?
     
  4. johannes1985

    johannes1985 Member

    It gives exactly the same error when I remove the web1 A record from zone relianx.com and create a new zone with web1.relianx.com
     
  5. johannes1985

    johannes1985 Member

    In summary my setup are as follows:

    DNS Zones:
    relianx.com (with an A record for web1)
    web1.relianx.com

    Sites:
    relianx.com
    web1.relianx.com

    SSL:
    The certificate for relianx.com is created on the panel.
    the certificate for web1.relianx.com is created via ssh exactly as on the tutorial.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The tutorial creates the LE cert in the panel too. I'll cite the chapter:

    So if you did not create the cert in the panel as described in the tutorial, then the whole setup can not work.
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Do you now remember the exact error message?
     
  8. johannes1985

    johannes1985 Member

    That was also done, I am referring to these commands at the ssh terminal:

    Code:
    cd /usr/local/ispconfig/interface/ssl/
    mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
    ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
    cat ispserver.{key,crt} > ispserver.pem
    chmod 600 ispserver.pem
    Every step works fine, even after the above command. Yet going to https://relianx.com:8080 I am greeted with NET::ERR_CERT_COMMON_NAME_INVALID.

    Checked the certificate is does show web1.relianx.com and that the issuer is let's encrypt.
     
  9. johannes1985

    johannes1985 Member

    NET::ERR_CERT_COMMON_NAME_INVALID. <-- On chrome (Checked the certificate is does show web1.relianx.com and that the issuer is let's encrypt.)
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no problem with your setup at all. You just made a typo while accessing ISPConfig. The control panel has to be accessed through the server hostname and there you entered a wrong URL. You entered:

    https://relianx.com:8080

    which is wrong as it's not the hostname of the server. Your browser noticed the mistake and warned you with the message "NET::ERR_CERT_COMMON_NAME_INVALID".

    The correct URL to access ISPConfig is:

    https://web1.relianx.com:8080
     
  11. johannes1985

    johannes1985 Member

    Thank you Till, I will quickly test it again later tonight and provide feedback.
     
  12. ledufakademy

    ledufakademy Member

    i'm lost here ...
    i just need to put ISPConfig pannel (8080) with a true let's encrypt cert.
    After install is done how can i put the panel with let's encrypt ?

    (my pannel is at https://gestion.domain.com:8080)
     
  13. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

  14. ledufakademy

    ledufakademy Member

  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  16. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Sorry, there have been numerous posts with ways to set it up, I probably sent the 'wrong' (outdated or less preferred) one.
     
    Th0m likes this.
  17. ledufakademy

    ledufakademy Member

    humm, not only !
    this how to is done for single server setup.
    i have multi server , so my panel is hosted on webmaster (server), not on web1, we2 , mail1, 2 etc : servers !
    AND : mail servers , are with FQDN : mail1.domain.com , mail2.domain.com
    web servers : web1.domain.local, web2.domain.local (for client website, let's encrypt is workling perfectly !)
    so i'm pretty lost ;-) ...

    ls -alh /etc/letsencrypt
    ls: cannot access '/etc/letsencrypt': No such file or directory
    (certbot is installed, but after creating website , with domain : domain.com and Auto-subdomain : * ... no let's encrypt cert ....)
     
    Last edited: Aug 25, 2020
  18. ledufakademy

    ledufakademy Member

  19. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    on panel, set up panel.example.com, on web1, set up web1.example.com, etc. Only follow the guides for the related services, e.g. if a server is mail only, only follow it for postfix and dovecot.
     
  20. ledufakademy

    ledufakademy Member

    hello th0m, thank answering.
    Why on web1 ? my panel is only installed on webmaster server ?
    let's encrypt cert (etc) will then created on web1 ... not on webmaster ...
    so ...
     

Share This Page