Get SSL certificate for ISPConfig admin from LetsEncrypt?

GarGamel55 · Apr 12, 2018

Jesse Norell said: ↑

That tutorial says to run 'apt-get install certbot', in which case you could run "certbot renew" to request renewal. However, if that is indeed how you installed certbot, then the "/root/.local/share/letsencrypt/bin/letsencrypt" command you posted would never have worked; if you are positive that it did, perhaps you followed multiple instructions and installed both the certbot package and installed letsencrypt from source? (I suppose it's also possible that tutorial had different instructions at one time and they were changed to simplify installation.)
Click to expand...

I found
In the folder : /etc/letsencrypt/renewal/
My servername.conf file has been renamed to servername.conf~backup

I deleted the ~backup

then i ran the command:
certbot certonly --manual -d servername
Restarted apache ...

and oh ... the pretty green padlock came back

Thanks

Roberto Pensa · Aug 8, 2018

Can anybody explain me the inbuild Lets encrypt support inispconfig (latest Version stable version just updated with success). I followed the lets encrypt how to and got the following error logs:
root@myserver:~# cd /usr/local/ispconfig/interface/ssl/
root@myserver:/usr/local/ispconfig/interface/ssl# mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
root@myserver:/usr/local/ispconfig/interface/ssl# mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
root@myserver:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
mv: cannot stat 'ispserver.pem': No such file or directory
root@myserver:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
root@myserver:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
root@myserver:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem
cat: ispserver.key: No such file or directory
cat: ispserver.crt: No such file or directory
root@myserver:/usr/local/ispconfig/interface/ssl# chmod 600 ispserver.pem
root@myserver:/usr/local/ispconfig/interface/ssl# cd /etc/postfix/
root@myserver:/etc/postfix# nano /etc/dovecot/dovecot.conf
root@myserver:/etc/postfix# mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
root@myserver:/etc/postfix# mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
root@myserver:/etc/postfix# ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert
root@myserver:/etc/postfix# ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key
root@myserver:/etc/postfix# service postfix restart
root@myserver:/etc/postfix# service dovecot restart
Job for dovecot.service failed because the control process exited with error code. See "systemctl status dovecot.service" and "journalctl -xe" for details.
root@myserver:/etc/postfix# systemctl status dovecot.service
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago
Docs: man:dovecot(1)

Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
Main PID: 10122 (code=exited, status=0/SUCCESS)

Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server...
Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89
Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state.
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'.
ESCOC
guration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smtpd.cert: No such file or directory
ited, code=exited status=89
mail server.
d state.
'exit-code'.
~
~
ESCOD
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago
Docs: man:dovecot(1)

Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
Main PID: 10122 (code=exited, status=0/SUCCESS)
Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server...
Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89
Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state.
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'.
~
~
ESCOC
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago
Docs: man:dovecot(1)

Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
Main PID: 10122 (code=exited, status=0/SUCCESS)
Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server...
Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89
Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state.
Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'.

The mistake is clear: The link to the cert file was ok but the link (ln) to the key file was not ok.
So i tried without success to ln the postfix key file direct to th.

What is wrong with this how to???

till · Aug 8, 2018

Roberto Pensa said: ↑

What is wrong with this how to???
Click to expand...

There is nothing wrong with the howto, used it several times myself with success. My guess is that you did not create a website for the hostname of the server or the ssl creation with LE for that website failed or the hostname of your server is configured wrong so that 'hostname -f' command returns a wrong hostname.

SamTzu · Sep 20, 2018

So many times now I have run in to problems with these because of different DNS providers.
When dealing with certbot/letsencrypt SSL certs problems the first thing you should do is check your DNS query from both ends.
Do you use same settings on both workstation/browser and the server end?
I recommend using Google DNS servers for debugging. 8.8.8.8 & 8.8.4.4.
Is your server using a slit DNA with different WAN/LAN IP's?
After you have checked these you can start debugging server config.

Log in or Sign up

Get SSL certificate for ISPConfig admin from LetsEncrypt?

GarGamel55 Member

Roberto Pensa New Member

till Super Moderator Staff Member ISPConfig Developer

SamTzu Active Member

Share This Page

Log in or Sign up

Get SSL certificate for ISPConfig admin from LetsEncrypt?

GarGamel55 Member

Roberto Pensa New Member

till Super Moderator Staff Member ISPConfig Developer

SamTzu Active Member

Share This Page

Useful Searches