I found 2 tuto to create Letsencrypt certificates for ISPCONFIG domains: https://evolvedigital.co.uk/news/2015/how-to-get-letsencrypt-working-with-ispconfig-3/ https://tomlankhorst.nl/free-ssl-certificates-use-lets-encrypt-with-ispconfig/ Both methods, by symlinks or by copy/paste are a little heavy if you have to do that for every domain I used the very simple letsencryot original method, a year ago, to automaticaly create certificates for all vhosts present in Apache that worked fine Code: certbot-auto --apache Why should I rely thoose certificates to ISPCONFIG as it only adds overhead ?
Both tutorials are completely outdated and therefore wrong. Why don't you just follow the official ISPConfig documentation and manual? Creating a LE cert for a site is so easy, all you have to do is to login to ispconfig, go to the website settings of the site where you want to have an LE SSL cert, enable the SSL and let's encrypt checkbox of the site. That's all.
That's what I expected but when I do that and save, no message is shown but it doesn't work. When I come back to the website's panel the checboxes LE and SSL that I checed earlier are unchecked ispconfig.log is empty
Possible reasons why LE rejects to issue a cert have been explained many times and there is also an FAQ for that, so no reason to start another thread on that topic. https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Thanks for the link. I have put ispconfig in debug mode and now I get the ispconfig.log message: Code: Failed authorization procedure. www.webologix.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.webologix.com/.well-known/acme-challenge/zQpBgbEvTaxdJ2Bf66sQ6JRY5vqn_XG-GGyA0yioEuU: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" But when I reach the page www.webologix.com in a browser or wget since the server I get the index.html I created "Bienvenue à webologix.com" (php pages do not work for now cause of problems with php5.6)
As you said initially, you originally setup your certificates outside of ispconfig, so the setup is incompatible with what ISPConfig uses. What I would do is try to remove the old setup and use ISPConfig going forward. Try turning the ssl and letsencrypt checkboxes off for both sites and save the settings. Then rename the current /etc/letsencrypt directory, and install certbot according to the Perfect Server guide for your OS. Then either re-run update.php from the ISPConfig installation files and let it reconfigure services, or at least verify that there is an alias for your web server pointing /.well-known/acme-challenge to the /usr/local/ispconfig/interface/acme/.well-known/acme-challenge directory (eg. in /etc/apache2/sites-enabled/000-ispconfig.conf on debian with apache). Then enable the ssl and letsencrypt checkbox for one of your sites and see if it works. Don't ever use the --apache option, it is incompatible with ISPConfig (both certbot and ISPConfig will make changes to the vhost files that are incompatible with the other).
