Hi, Is there a way to replace all ssl certificates with a let's encrypt one as users are getting cert pop ups on their mail clients and also the site is not letting them access their back end panel because of the security certificate. ]I'm running the latest version from 2 days ago when i built the machine. Thank you in advance.
ah wicked i'll pop on my reading glasses and go through it. thank you till once again you have helped me.
Please go trough all the steps in the FAQ and look ath the letsencrypt.log file and use ispconfig debug mode. Most likely the server hostname does not point to the server Ip and therefore a lets encrypt ssl cert can not be issued.
im getting this on the steps. root@mail:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak mv: cannot stat 'ispserver.pem': No such file or directory root@mail:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt root@mail:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key root@mail:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem cat: ispserver.key: No such file or directory cat: ispserver.crt: No such file or directory root@mail:/usr/local/ispconfig/interface/ssl#
This means that you don't have got a LE ssl cert, see my post above and the FAQ for possible reasons and how to find out why LE was unable to issue you a cert.
all i get in the log is this. 2019-02-26 03:00:17,716EBUG:certbot.main:certbot version: 0.23.0 2019-02-26 03:00:17,722EBUG:certbot.main:Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"] 2019-02-26 03:00:17,723EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2019-02-26 03:00:17,740EBUG:certbot.log:Root logging level set at 20 2019-02-26 03:00:17,741:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2019-02-26 03:00:17,782EBUG:certbot.renewal:no renewal failures 2019-02-26 03:43:13,421EBUG:certbot.main:certbot version: 0.23.0 2019-02-26 03:43:13,426EBUG:certbot.main:Arguments: ['-q'] 2019-02-26 03:43:13,427EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2019-02-26 03:43:13,444EBUG:certbot.log:Root logging level set at 30 2019-02-26 03:43:13,447:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2019-02-26 03:43:13,449EBUG:certbot.renewal:no renewal failures 2019-02-26 20:30:20,948EBUG:certbot.main:certbot version: 0.23.0 2019-02-26 20:30:20,954EBUG:certbot.main:Arguments: ['-q'] 2019-02-26 20:30:20,955EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2019-02-26 20:30:20,974EBUG:certbot.log:Root logging level set at 30 2019-02-26 20:30:20,975:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2019-02-26 20:30:20,978EBUG:certbot.renewal:no renewal failures 2019-02-27 03:00:17,688EBUG:certbot.main:certbot version: 0.23.0 2019-02-27 03:00:17,694EBUG:certbot.main:Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"] 2019-02-27 03:00:17,695EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2019-02-27 03:00:17,714EBUG:certbot.log:Root logging level set at 20 2019-02-27 03:00:17,715:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2019-02-27 03:00:17,719EBUG:certbot.renewal:no renewal failures 2019-02-27 08:52:18,436EBUG:certbot.main:certbot version: 0.23.0 2019-02-27 08:52:18,441EBUG:certbot.main:Arguments: ['-q'] 2019-02-27 08:52:18,442EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2019-02-27 08:52:18,459EBUG:certbot.log:Root logging level set at 30 2019-02-27 08:52:18,460:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2019-02-27 08:52:18,462EBUG:certbot.renewal:no renewal failures
Bit of an odd one now i get this: Feb 27 11:07: servername.web.com sshd[8416]: Received disconnect from 115.159.216.187 port 38930:11: Bye Bye [preauth] Feb 27 11:07:13 servername.web.com sshd[8416]: Disconnected from invalid user zu 115.159.216.187 port 38930 [preauth] Feb 27 11:07:15 servername.web.com postfix/smtpd[8418]: warning: cannot get RSA private key from file "/etc/postfix/smtpd.key": disabling TLS support Feb 27 11:07:15 servername.web.com postfix/smtpd[8418]: warning: TLS library problem: error:2807106B:UI routines:UI_processrocessing error:../crypto/ui/ui_lib.c:493:while reading strings: Feb 27 11:07:15 servername.web.com postfix/smtpd[8418]: warning: TLS library problem: error:0906406DEM routinesEM_def_callbackroblems getting password:../crypto/pem/pem_lib.c:64: Feb 27 11:07:15 servername.web.com postfix/smtpd[8418]: warning: TLS library problem: error:0906A068EM routinesEM_do_header:bad password read:../crypto/pem/pem_lib.c:418: Feb 27 11:07:15 servername.web.com postfix/smtpd[8418]: warning: TLS library problem: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_fileEM lib:../ssl/ssl_rsa.c:550: Feb 27 11:07:15 servername.web.com postfix/smtpd[8418]: connect from unknown[209.14.0.42] ~ But i never set a key for this cert
You get these error messages because there was no let's encrypt ssl cert issued. when you login to ispconfig, is the let's encrypt checkbox for the website of the server hostname still enabled? If no, then the server hostname probably does not has a correct dns setup which means that LE can not verify it and issue a cert.
You have to put it only on the external dns server if that's the one which is authoritative for the zone.
