Hi Forum, the ISPConfig server.sh script doesn't add the SSL related part to the vhost config file ( <VirtualHost *:443> ) after activation SSL / Lets Encrypt. Background: Want to move my ISPConfig to a new VM. I freshly installed ISPConfig 3.2.2 on a freshly installed Debian 10 using the perfect server howto. I then manually copied /var/www and /var/vmail from my existing server, as well as the dbispconfig database. Manually deactivated SSL/LE SSL on any website, since I wanted ISPConfig to use acme.sh and reissue all certs, instead of using existing ones. Also wanted the apache vhost config files to be newly generated, I didn't copy any /etc/apache2/ configs from the existing server. /usr/local/ispconfig/server/server.sh gives me the following output: Code: /usr/local/ispconfig/server/server.sh 10.02.2021-00:14 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 10.02.2021-00:14 - DEBUG - Found 1 changes, starting update process. 10.02.2021-00:14 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 10.02.2021-00:14 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 10.02.2021-00:14 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client10/web73' - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client10/web73' - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client10/web73'|awk 'END{print $2,$NF}' - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: setquota -u 'web73' '0' '0' 0 0 -a &> /dev/null - return code: 0 setquota: Not setting block grace time on /dev/mapper/hosting02--vg-root because softlimit is not exceeded. setquota: Not setting inode grace time on /dev/mapper/hosting02--vg-root because softlimit is not exceeded. 10.02.2021-00:14 - DEBUG - safe_exec cmd: setquota -T -u 'web73' 604800 604800 -a &> /dev/null - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client10/web73' - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 10.02.2021-00:14 - DEBUG - Create Let's Encrypt SSL Cert for: orangeblau.com 10.02.2021-00:14 - DEBUG - Let's Encrypt SSL Cert domains: 10.02.2021-00:14 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d orangeblau.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert -d orangeblau.com --key-file '/var/www/clients/client10/web73/ssl/orangeblau.com-le.key' --fullchain-file '/var/www/clients/client10/web73/ssl/orangeblau.com-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C ; fi sh: 1: [[: not found sh: 1: 0: not found sh: 1: [[: not found 10.02.2021-00:14 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 10.02.2021-00:14 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web73/.php-fcgi-starter' - return code: 0 10.02.2021-00:14 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web73/.php-fcgi-starter 10.02.2021-00:14 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web73/.php-fcgi-starter' - return code: 0 10.02.2021-00:14 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/orangeblau.com.vhost 10.02.2021-00:14 - DEBUG - Apache status is: running 10.02.2021-00:14 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 10.02.2021-00:14 - DEBUG - Restarting httpd: systemctl restart apache2.service 10.02.2021-00:14 - DEBUG - Apache restart return value is: 0 10.02.2021-00:14 - DEBUG - Apache online status after restart is: running 10.02.2021-00:14 - DEBUG - Processed datalog_id 5170 10.02.2021-00:14 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. I assume an error while calling acme.sh - even though the certificates are generated perfectly fine. /var/log/ispconfig/acme.log: Code: [Wed 10 Feb 2021 12:14:20 AM CET] Running cmd: issue [Wed 10 Feb 2021 12:14:20 AM CET] _main_domain='orangeblau.com' [Wed 10 Feb 2021 12:14:20 AM CET] _alt_domains='no' [Wed 10 Feb 2021 12:14:20 AM CET] Using config home:/root/.acme.sh [Wed 10 Feb 2021 12:14:20 AM CET] default_acme_server ... [Wed 10 Feb 2021 12:14:23 AM CET] keyauthorization='verified_ok' [Wed 10 Feb 2021 12:14:23 AM CET] dvlist='orangeblau.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10738615429/3srdNw#http-01#/usr/local/ispconfig/interface/acme' [Wed 10 Feb 2021 12:14:23 AM CET] d [Wed 10 Feb 2021 12:14:23 AM CET] vlist='orangeblau.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/10738615429/3srdNw#http-01#/usr/local/ispconfig/interface/acme,' [Wed 10 Feb 2021 12:14:23 AM CET] d='orangeblau.com' [Wed 10 Feb 2021 12:14:23 AM CET] orangeblau.com is already verified, skip http-01. [Wed 10 Feb 2021 12:14:23 AM CET] ok, let's start to verify ... [Wed 10 Feb 2021 12:14:24 AM CET] Cert success. [Wed 10 Feb 2021 12:14:24 AM CET] Your cert is in /root/.acme.sh/orangeblau.com/orangeblau.com.cer [Wed 10 Feb 2021 12:14:24 AM CET] Your cert key is in /root/.acme.sh/orangeblau.com/orangeblau.com.key [Wed 10 Feb 2021 12:14:24 AM CET] v2 chain. [Wed 10 Feb 2021 12:14:24 AM CET] The intermediate CA cert is in /root/.acme.sh/orangeblau.com/ca.cer [Wed 10 Feb 2021 12:14:24 AM CET] And the full chain certs is there: /root/.acme.sh/orangeblau.com/fullchain.cer [Wed 10 Feb 2021 12:14:24 AM CET] _on_issue_success Any hint is welcome.
Try disabling letsencrypt for a site, then remove the symlinks in that site's ssl/ directory, then enable ssl again. You will also need to make sure all your web# users and client# groups have the same IDs, and group membership is correct.
Did you switch the system shell to /bin/bash instead of /bin/dash as described in the perfect server installation guide?
Thank you all for your really quick replies! My shell was wrong, I must have missed this step, ouch. Thank you Till. Fixing that alone didn't solve the issue. Pretty sure my IDs and/or permissions were wrong. Thanks again, had some difficulties after 3 years "Elternzeit". A Resync did the trick. Jonas