I found In the folder : /etc/letsencrypt/renewal/ My servername.conf file has been renamed to servername.conf~backup I deleted the ~backup then i ran the command: certbot certonly --manual -d servername Restarted apache ... and oh ... the pretty green padlock came back Thanks
Can anybody explain me the inbuild Lets encrypt support inispconfig (latest Version stable version just updated with success). I followed the lets encrypt how to and got the following error logs: root@myserver:~# cd /usr/local/ispconfig/interface/ssl/ root@myserver:/usr/local/ispconfig/interface/ssl# mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak root@myserver:/usr/local/ispconfig/interface/ssl# mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak root@myserver:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak mv: cannot stat 'ispserver.pem': No such file or directory root@myserver:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt root@myserver:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key root@myserver:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem cat: ispserver.key: No such file or directory cat: ispserver.crt: No such file or directory root@myserver:/usr/local/ispconfig/interface/ssl# chmod 600 ispserver.pem root@myserver:/usr/local/ispconfig/interface/ssl# cd /etc/postfix/ root@myserver:/etc/postfix# nano /etc/dovecot/dovecot.conf root@myserver:/etc/postfix# mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak root@myserver:/etc/postfix# mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak root@myserver:/etc/postfix# ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert root@myserver:/etc/postfix# ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key root@myserver:/etc/postfix# service postfix restart root@myserver:/etc/postfix# service dovecot restart Job for dovecot.service failed because the control process exited with error code. See "systemctl status dovecot.service" and "journalctl -xe" for details. root@myserver:/etc/postfix# systemctl status dovecot.service ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago Docs: man:dovecot(1) Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS) Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89) Main PID: 10122 (code=exited, status=0/SUCCESS) Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server... Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89 Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server. Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state. Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'. ESCOC guration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smtpd.cert: No such file or directory ited, code=exited status=89 mail server. d state. 'exit-code'. ~ ~ ESCOD ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago Docs: man:dovecot(1) Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS) Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89) Main PID: 10122 (code=exited, status=0/SUCCESS) Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server... Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89 Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server. Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state. Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'. ~ ~ ESCOC ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago Docs: man:dovecot(1) Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS) Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89) Main PID: 10122 (code=exited, status=0/SUCCESS) Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server... Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89 Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server. Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state. Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'. The mistake is clear: The link to the cert file was ok but the link (ln) to the key file was not ok. So i tried without success to ln the postfix key file direct to th. What is wrong with this how to???
There is nothing wrong with the howto, used it several times myself with success. My guess is that you did not create a website for the hostname of the server or the ssl creation with LE for that website failed or the hostname of your server is configured wrong so that 'hostname -f' command returns a wrong hostname.
So many times now I have run in to problems with these because of different DNS providers. When dealing with certbot/letsencrypt SSL certs problems the first thing you should do is check your DNS query from both ends. Do you use same settings on both workstation/browser and the server end? I recommend using Google DNS servers for debugging. 8.8.8.8 & 8.8.4.4. Is your server using a slit DNA with different WAN/LAN IP's? After you have checked these you can start debugging server config.