Debian 10 Multiserver setup

yes, i created a test.txt file and put text inside. then accessed by mobile phone that extension, something like http://panel.tlwebservices.co.uk/.well-known/acme-challenge/test.txt and it worked showing me text entered..
and no, i have reformatted it like 3 or 4 times since trying different things.
usual saying - Hurry up and wait!!!

 

Till, im going to install a fresh copy and then check the cert before doing anything else

 

So, have done so.. wipe, setup partitions etc..

Code:

wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system

installer runs and says done, i try logging in. have not done anything else at all... states "invalid cert.."
try it

Code:

https://panel.tlwebservices.co.uk:8080/

 

That is still a self signed certificate.

Where is your dns hosted? fast hosts or on your own private name servers?

 

Also it seems that you have been using the same FQDN in this experiment, though you should also note that LE put some limits for requesting the FQDN again and again.

Best way to identify your problem is by checking the installer log as mentioned above.

 

fast hosts

 

I have to use fast hosts DNS to start with as the dns servers arent built or tied in to ispconfig as yet

 

running the clean install now

Code:

setup-log
13.08.2021-16:45:45 - /lib/os/class.ISPConfigDebianOS.inc.php:523: [INFO] Checking hostname.
13.08.2021-16:45:45 - /lib/os/class.ISPConfigDebianOS.inc.php:284: [INFO] Enabling contrib and non-free repositories.
13.08.2021-16:45:47 - /lib/os/class.ISPConfigDebianOS.inc.php:555: [INFO] Updating packages
13.08.2021-16:45:47 - /lib/os/class.ISPConfigDebianOS.inc.php:559: [INFO] Updated packages
13.08.2021-16:45:47 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
13.08.2021-16:45:59 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
13.08.2021-16:45:59 - /lib/os/class.ISPConfigDebianOS.inc.php:302: [INFO] Activating GoAccess repository.
13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:606: [INFO] Updating packages (after enabling 3rd party repos).
13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:610: [INFO] Updated packages
13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:677: [INFO] Default shell is currently dash.
13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:679: [INFO] Setting bash as default shell.
13.08.2021-16:46:02 - /lib/os/class.ISPConfigDebianOS.inc.php:688: [INFO] Default shell is now bash.
13.08.2021-16:46:02 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebianOS.inc.php:732: [INFO] Generating mySQL password.
13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebian10OS.inc.php:9: [INFO] Writing MySQL config files.
13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebianOS.inc.php:802: [INFO] Restarting postfix
13.08.2021-16:46:46 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:835: [INFO] (Re)starting Bind.
13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:839: [INFO] Disabling spamassassin daemon.
13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:864: [INFO] Checking local dns resolver.
13.08.2021-16:47:11 - /lib/os/class.ISPConfigDebianOS.inc.php:870: [WARN] Unexpected resolver response: Server:       79.79.79.77
13.08.2021-16:47:11 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
13.08.2021-16:47:16 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
13.08.2021-16:47:16 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:956: [INFO] Disabling conflicting apache modules.
13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:964: [INFO] Enabling apache modules.
13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:972: [INFO] Enabling default PHP-FPM config.
13.08.2021-16:47:48 - /lib/os/class.ISPConfigDebian10OS.inc.php:52: [INFO] Setting default system php version.
13.08.2021-16:47:48 - /lib/os/class.ISPConfigDebian10OS.inc.php:125: [INFO] Installing package phpmyadmin
13.08.2021-16:47:50 - /lib/os/class.ISPConfigDebianOS.inc.php:1001: [INFO] HTTPoxy config.
13.08.2021-16:47:50 - /lib/os/class.ISPConfigDebianOS.inc.php:1017: [INFO] Installing acme.sh (Let's Encrypt).
13.08.2021-16:47:53 - /lib/os/class.ISPConfigDebianOS.inc.php:1023: [INFO] acme.sh (Let's Encrypt) installed.
13.08.2021-16:47:53 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
13.08.2021-16:48:21 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
13.08.2021-16:48:21 - /lib/os/class.ISPConfigDebianOS.inc.php:1083: [INFO] Adding quota to fstab.
13.08.2021-16:48:22 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
13.08.2021-16:48:31 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
13.08.2021-16:48:31 - /lib/os/class.ISPConfigDebianOS.inc.php:1116: [INFO] Enabling TLS for pureftpd
13.08.2021-16:48:31 - /lib/os/class.ISPConfigDebianOS.inc.php:1141: [INFO] Disabling awstats cron.
13.08.2021-16:48:40 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages fail2ban, ufw
13.08.2021-16:48:47 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages fail2ban, ufw
13.08.2021-16:48:48 - /lib/os/class.ISPConfigDebianOS.inc.php:223: [INFO] Fixing dbconfig-common if neccessary
13.08.2021-16:48:48 - /lib/os/class.ISPConfigDebianOS.inc.php:1194: [INFO] Installing ISPConfig3.
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1301: [INFO] Adding php versions to ISPConfig.
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1329: [INFO] Checking all services are running.
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] mysql: OK</green>
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] clamav-daemon: OK</green>
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] postfix: OK</green>
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] bind9: OK</green>
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] pureftpd: OK</green>
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] apache2: OK</green>
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1370: [INFO] Installation ready.
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1376: [INFO] Your ISPConfig admin password is: ................
13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1378: [INFO] Your MySQL root password is: ...................
13.08.2021-16:49:12 - /lib/class.ISPConfig.inc.php:374: [INFO] Warning:</lightred> Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!

 

I know and found out 3 days ago

 

output of installer

Code:

root@panel:/tmp# wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system
--2021-08-13 16:44:32--  https://get.ispconfig.org/
Resolving get.ispconfig.org (get.ispconfig.org)... 104.26.10.246, 104.26.11.246, 172.67.75.112, ...
Connecting to get.ispconfig.org (get.ispconfig.org)|104.26.10.246|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2004 (2.0K) [application/octet-stream]
Saving to: ‘STDOUT’

-                                     100%[========================================================================>]   1.96K  --.-KB/s    in 0s     

2021-08-13 16:44:32 (56.4 MB/s) - written to stdout [2004/2004]

PHP cli missing, trying to install.
Selecting previously unselected package libsodium23:amd64.
(Reading database ... 35815 files and directories currently installed.)
Preparing to unpack .../0-libsodium23_1.0.17-1_amd64.deb ...
Unpacking libsodium23:amd64 (1.0.17-1) ...
Selecting previously unselected package psmisc.
Preparing to unpack .../1-psmisc_23.2-1_amd64.deb ...
Unpacking psmisc (23.2-1) ...
Selecting previously unselected package php-common.
Preparing to unpack .../2-php-common_2%3a69_all.deb ...
Unpacking php-common (2:69) ...
Selecting previously unselected package php7.3-common.
Preparing to unpack .../3-php7.3-common_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-common (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-json.
Preparing to unpack .../4-php7.3-json_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-json (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-opcache.
Preparing to unpack .../5-php7.3-opcache_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-opcache (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-readline.
Preparing to unpack .../6-php7.3-readline_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-readline (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-cli.
Preparing to unpack .../7-php7.3-cli_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-cli (7.3.29-1~deb10u1) ...
Selecting previously unselected package php-cli.
Preparing to unpack .../8-php-cli_2%3a7.3+69_all.deb ...
Unpacking php-cli (2:7.3+69) ...
Setting up libsodium23:amd64 (1.0.17-1) ...
Setting up psmisc (23.2-1) ...
Setting up php-common (2:69) ...
Created symlink /etc/systemd/system/timers.target.wants/phpsessionclean.timer → /lib/systemd/system/phpsessionclean.timer.
Setting up php7.3-common (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/calendar.ini with new version

Creating config file /etc/php/7.3/mods-available/ctype.ini with new version

Creating config file /etc/php/7.3/mods-available/exif.ini with new version

Creating config file /etc/php/7.3/mods-available/fileinfo.ini with new version

Creating config file /etc/php/7.3/mods-available/ftp.ini with new version

Creating config file /etc/php/7.3/mods-available/gettext.ini with new version

Creating config file /etc/php/7.3/mods-available/iconv.ini with new version

Creating config file /etc/php/7.3/mods-available/pdo.ini with new version

Creating config file /etc/php/7.3/mods-available/phar.ini with new version

Creating config file /etc/php/7.3/mods-available/posix.ini with new version

Creating config file /etc/php/7.3/mods-available/shmop.ini with new version

Creating config file /etc/php/7.3/mods-available/sockets.ini with new version

Creating config file /etc/php/7.3/mods-available/sysvmsg.ini with new version

Creating config file /etc/php/7.3/mods-available/sysvsem.ini with new version

Creating config file /etc/php/7.3/mods-available/sysvshm.ini with new version

Creating config file /etc/php/7.3/mods-available/tokenizer.ini with new version
Setting up php7.3-opcache (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/opcache.ini with new version
Setting up php7.3-json (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/json.ini with new version
Setting up php7.3-readline (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/readline.ini with new version
Setting up php7.3-cli (7.3.29-1~deb10u1) ...
update-alternatives: using /usr/bin/php7.3 to provide /usr/bin/php (php) in auto mode
update-alternatives: using /usr/bin/phar7.3 to provide /usr/bin/phar (phar) in auto mode
update-alternatives: using /usr/bin/phar.phar7.3 to provide /usr/bin/phar.phar (phar.phar) in auto mode

Creating config file /etc/php/7.3/cli/php.ini with new version
Setting up php-cli (2:7.3+69) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for libc-bin (2.28-10) ...
Selecting previously unselected package php7.3-mbstring.
(Reading database ... 35998 files and directories currently installed.)
Preparing to unpack .../php7.3-mbstring_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-mbstring (7.3.29-1~deb10u1) ...
Selecting previously unselected package php-mbstring.
Preparing to unpack .../php-mbstring_2%3a7.3+69_all.deb ...
Unpacking php-mbstring (2:7.3+69) ...
Setting up php7.3-mbstring (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/mbstring.ini with new version
Setting up php-mbstring (2:7.3+69) ...
WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue: yes
[INFO] Starting perfect server setup for Debian GNU/Linux 10 (buster)
[INFO] Checking hostname.
[INFO] Enabling contrib and non-free repositories.
[INFO] Updating packages
[INFO] Updated packages
[INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
[INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
[INFO] Activating GoAccess repository.
[INFO] Updating packages (after enabling 3rd party repos).
[INFO] Updated packages
[INFO] Default shell is currently dash.
[INFO] Setting bash as default shell.
[INFO] Default shell is now bash.
[INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
[INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
[INFO] Generating mySQL password.
[INFO] Writing MySQL config files.
[INFO] Restarting postfix
[INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
[INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
[INFO] (Re)starting Bind.
[INFO] Disabling spamassassin daemon.
[INFO] Checking local dns resolver.
[WARN] Unexpected resolver response: Server:       79.79.79.77 (/lib/os/class.ISPConfigDebianOS.inc.php:870)
[INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
[INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
[INFO] Installing packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
[INFO] Installed packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
[INFO] Disabling conflicting apache modules.
[INFO] Enabling apache modules.
[INFO] Enabling default PHP-FPM config.
[INFO] Setting default system php version.
[INFO] Installing package phpmyadmin
[INFO] HTTPoxy config.
[INFO] Installing acme.sh (Let's Encrypt).
[INFO] acme.sh (Let's Encrypt) installed.
[INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
[INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
[INFO] Adding quota to fstab.
[INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
[INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
[INFO] Enabling TLS for pureftpd
[INFO] Disabling awstats cron.
[INFO] Installing packages fail2ban, ufw
[INFO] Installed packages fail2ban, ufw
[INFO] Installing ISPConfig3.
[INFO] Adding php versions to ISPConfig.
[INFO] Checking all services are running.
[INFO] mysql: OK
[INFO] clamav-daemon: OK
[INFO] postfix: OK
[INFO] bind9: OK
[INFO] pureftpd: OK
[INFO] apache2: OK
[INFO] Installation ready.

 

Okay, so if my understanding of how acme.sh works

Request Cert
>> DNS Challenge
>>>> Pass: issue cert
>>>> Fail: Move to Acme Challenge
>> Acme Challenge
>>>> Pass: Issue cert
>>>> Fail: Revert to self signed

So you are getting fails and reverting to self signed (Note you do not have to accept a self signed) pressing ctrl + c will exit our of the installer).

So lets break it down:
DNS challenge requires an LE record in your DNS zone file. When you are running ISPConfig multi server configuration, you likely will have two or more servers running DNS, bind probably. When this is the case ISPConfig handles the addition of the appropriate record. When you are using an external DNS host such as fast host, you have to handle the record creation manually.

I forget now if there is an option in ispconfig/acme.sh to run manually in this way, but I do recall recently seeing some version of LE cert creation that allows for this exact scenario.

Basically the request uses DNS challenge in interactive mode, what happens is you are prompted with the correct record to add to your DNS zone file. At this point it just waits for you to tell it to continue. So, you add the record to your zone, allow time for propagation and then instruct it to continue. Result should be dns challenge passes and you get a cert. I am not sure however where this falls for auto renewals whether the current record is sufficient for it to pass for renewal or a new record must be created each time. I am sorry to say I didn't dig that far into it as it wasn't suitable for my situation.

Acme Challenge (http 01) requires an A record for the host in DNS that is pointing to the server that is requesting the certificate AND a website for the hostname to be accessible [on that same server] for example it is not going to work is server1 requests a cert but its hostname resolves to server2 [unless you use my work around but that should be considered the final resort when all other avenues are exhausted].

Also, as ahrasis pointed out, LE rate limits certificate requests per host name. a fail, renew create all add to your request rate and you could already have hit the rate limit for the host name. If thats the case, you have two options. Well three but one is just to perform a dry run.

Option 1: Wait for around a week (last i checked) and attempt your LE cert request again.
Option 2: Use an alternate hostname. Lets say, control-panel.example.com

Either of these will solve the rate limit issue. The dry run option just tests whether your current configuration will yield a successful request. If it does, you should probably just wait.

 

Firstly, I said you could ctrl + c out of the installer as I did here. Don't unless you want to begin a fresh installation including the server, I re-ran the installer and it failed likely due to attempting to reinstall mysql and not having ISPConfig completely configured at that point.

In any case, you are correct
It is an either or situation, its not failover as I thought it was. It makes sense though, performing a dns attempt would add an attempt needlessly.

Code:

Do you want to create SSL certs for your server? (y,n) [y]:

Checking / creating certificate for dev.example.com
Using certificate path /etc/letsencrypt/live/dev.example.com
Server's public ip(s) (x.x.x.x) not found in A/AAAA records for dev.example.com: 127.0.1.1, 10.0.2.8
Ignore DNS check and continue to request certificate? (y,n) [n]: y

Using apache for certificate validation
acme.sh is installed, overriding certificate path to use /root/.acme.sh/dev.example.com
[Fri 13 Aug 18:00:50 UTC 2021] Please add '--debug' or '--log' to check more details.
[Fri 13 Aug 18:00:50 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
Could not issue letsencrypt certificate, falling back to self-signed.
Generating a RSA private key
................................++++
...............................................................................................++++
writing new private key to '/usr/local/ispconfig/interface/ssl/ispserver.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:^C
root@dev:/home/chris#

 

thanks.
so the dns..
output of dig

Code:

bash-4.2$ dig panel.tlwebservices.co.uk

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> panel.tlwebservices.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6022
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;panel.tlwebservices.co.uk.   IN   A

;; ANSWER SECTION:
panel.tlwebservices.co.uk. 300   IN   A   212.159.153.2

;; Query time: 9 msec
;; SERVER: 79.79.79.77#53(79.79.79.77)
;; WHEN: Sat Aug 14 10:37:10 BST 2021
;; MSG SIZE  rcvd: 70

set panel.tlswebservices to 212.159.153.2 and others, but panel for this. see image. verified with external check https://dnschecker.org/#A/panel.tlwebservices.co.uk and https://mxtoolbox.com/SuperTool.aspx?action=mx:tlwebservices.co.uk&run=toolpage
So, dns is correct. im not using IPV6, i will investigate this next week and create AAAA records then.

i can access the server with panel.tlwebservices.co.uk so it resolves on external devices, you have also connected. so dns must be right, other wise you wouldnt be able to connect.. i have only 7 entries in my dns, all are the hostnames of new servers untill all up and running them will impliment dns.tlwebservices.co.uk and point fast hosts to use them as name servers. -
isnt this the correct way?
so, now wiping again adding --debug to script. next post wil be output.

thanks

 

running script

Code:

root@panel:~# wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system --debug
--2021-08-14 10:03:25--  https://get.ispconfig.org/
Resolving get.ispconfig.org (get.ispconfig.org)... 172.67.75.112, 104.26.11.246, 104.26.10.246, ...
Connecting to get.ispconfig.org (get.ispconfig.org)|172.67.75.112|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2004 (2.0K) [application/octet-stream]
Saving to: ‘STDOUT’

-                                                    100%[=====================================================================================================================>]   1.96K  --.-KB/s    in 0s     


2021-08-14 10:03:25 (65.1 MB/s) - written to stdout [2004/2004]

PHP cli missing, trying to install.
Selecting previously unselected package libsodium23:amd64.
(Reading database ... 37684 files and directories currently installed.)
Preparing to unpack .../0-libsodium23_1.0.17-1_amd64.deb ...
Unpacking libsodium23:amd64 (1.0.17-1) ...
Selecting previously unselected package psmisc.
Preparing to unpack .../1-psmisc_23.2-1_amd64.deb ...
Unpacking psmisc (23.2-1) ...
Selecting previously unselected package php-common.
Preparing to unpack .../2-php-common_2%3a69_all.deb ...
Unpacking php-common (2:69) ...
Selecting previously unselected package php7.3-common.
Preparing to unpack .../3-php7.3-common_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-common (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-json.
Preparing to unpack .../4-php7.3-json_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-json (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-opcache.
Preparing to unpack .../5-php7.3-opcache_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-opcache (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-readline.
Preparing to unpack .../6-php7.3-readline_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-readline (7.3.29-1~deb10u1) ...
Selecting previously unselected package php7.3-cli.
Preparing to unpack .../7-php7.3-cli_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-cli (7.3.29-1~deb10u1) ...
Selecting previously unselected package php-cli.
Preparing to unpack .../8-php-cli_2%3a7.3+69_all.deb ...
Unpacking php-cli (2:7.3+69) ...
Setting up libsodium23:amd64 (1.0.17-1) ...
Setting up psmisc (23.2-1) ...
Setting up php-common (2:69) ...
Created symlink /etc/systemd/system/timers.target.wants/phpsessionclean.timer → /lib/systemd/system/phpsessionclean.timer.
Setting up php7.3-common (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/calendar.ini with new version

Creating config file /etc/php/7.3/mods-available/ctype.ini with new version

Creating config file /etc/php/7.3/mods-available/exif.ini with new version

Creating config file /etc/php/7.3/mods-available/fileinfo.ini with new version

Creating config file /etc/php/7.3/mods-available/ftp.ini with new version

Creating config file /etc/php/7.3/mods-available/gettext.ini with new version

Creating config file /etc/php/7.3/mods-available/iconv.ini with new version

Creating config file /etc/php/7.3/mods-available/pdo.ini with new version

Creating config file /etc/php/7.3/mods-available/phar.ini with new version


Creating config file /etc/php/7.3/mods-available/posix.ini with new version

Creating config file /etc/php/7.3/mods-available/shmop.ini with new version

Creating config file /etc/php/7.3/mods-available/sockets.ini with new version

Creating config file /etc/php/7.3/mods-available/sysvmsg.ini with new version

Creating config file /etc/php/7.3/mods-available/sysvsem.ini with new version

Creating config file /etc/php/7.3/mods-available/sysvshm.ini with new version

Creating config file /etc/php/7.3/mods-available/tokenizer.ini with new version
Setting up php7.3-opcache (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/opcache.ini with new version
Setting up php7.3-json (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/json.ini with new version
Setting up php7.3-readline (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/readline.ini with new version
Setting up php7.3-cli (7.3.29-1~deb10u1) ...
update-alternatives: using /usr/bin/php7.3 to provide /usr/bin/php (php) in auto mode
update-alternatives: using /usr/bin/phar7.3 to provide /usr/bin/phar (phar) in auto mode
update-alternatives: using /usr/bin/phar.phar7.3 to provide /usr/bin/phar.phar (phar.phar) in auto mode

Creating config file /etc/php/7.3/cli/php.ini with new version
Setting up php-cli (2:7.3+69) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for libc-bin (2.28-10) ...
Selecting previously unselected package php7.3-mbstring.
(Reading database ... 37867 files and directories currently installed.)
Preparing to unpack .../php7.3-mbstring_7.3.29-1~deb10u1_amd64.deb ...
Unpacking php7.3-mbstring (7.3.29-1~deb10u1) ...
Selecting previously unselected package php-mbstring.
Preparing to unpack .../php-mbstring_2%3a7.3+69_all.deb ...
Unpacking php-mbstring (2:7.3+69) ...
Setting up php7.3-mbstring (7.3.29-1~deb10u1) ...

Creating config file /etc/php/7.3/mods-available/mbstring.ini with new version
Setting up php-mbstring (2:7.3+69) ...
WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue: yes
[INFO] Starting perfect server setup for Debian GNU/Linux 10 (buster)
[INFO] Checking hostname.
[INFO] Enabling contrib and non-free repositories.
[INFO] Updating packages
[INFO] Updated packages
[INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
[INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
[INFO] Activating GoAccess repository.
[INFO] Updating packages (after enabling 3rd party repos).
[INFO] Updated packages
[INFO] Default shell is currently dash.
[INFO] Setting bash as default shell.
[INFO] Default shell is now bash.
[INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
[INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
[INFO] Generating mySQL password.
[INFO] Writing MySQL config files.
[INFO] Restarting postfix
[INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
[INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
[INFO] (Re)starting Bind.
[INFO] Disabling spamassassin daemon.
[INFO] Checking local dns resolver.
[WARN] Unexpected resolver response: Server:       79.79.79.77 (/lib/os/class.ISPConfigDebianOS.inc.php:870)
[INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
[INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
[INFO] Installing packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
[INFO] Installed packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
[INFO] Disabling conflicting apache modules.
[INFO] Enabling apache modules.
[INFO] Enabling default PHP-FPM config.
[INFO] Setting default system php version.
[INFO] Installing package phpmyadmin
[INFO] HTTPoxy config.
[INFO] Installing acme.sh (Let's Encrypt).
[INFO] acme.sh (Let's Encrypt) installed.
[INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
[INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
[INFO] Adding quota to fstab.
[INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
[INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
[INFO] Enabling TLS for pureftpd
[INFO] Disabling awstats cron.
[INFO] Installing packages fail2ban, ufw
[INFO] Installed packages fail2ban, ufw
[INFO] Installing ISPConfig3.
[INFO] Adding php versions to ISPConfig.
[INFO] Checking all services are running.
[INFO] mysql: OK
[INFO] clamav-daemon: OK
[INFO] postfix: OK
[INFO] bind9: OK
[INFO] pureftpd: OK
[INFO] apache2: OK
[INFO] Installation ready.

 

setup.log - too big for window.
setup.log

 

Correct, there was no A/AAAA record because I was just testing how the cert part worked to post the results here.