Hello all again. We are testing the lets encrypt feature to be able to offer our clients the option to have ssl sites. Sometimes its works and sometimes not, i tried adding ssl to a test domain, however i see an error in the ispconfig cron log I then received an email stating.... 20.10.2016-08:37 - WARNING - Let's Encrypt SSL Cert for: lumpyjunk.com could not be issued. Am I doing something wrong? Thanks Thu Oct 20 08:37:02 EDT 2016 Included cronjob_letsencrypt from /usr/local/ispconfig/server/lib/classes/cron.d/900-letsencrypt.inc.php -> will now run job. Thu Oct 20 08:37:02 EDT 2016 Called run() for class cronjob_letsencrypt Thu Oct 20 08:37:02 EDT 2016 Job has schedule: 0 3 * * * Thu Oct 20 08:37:02 EDT 2016 Called onPrepare() for class cronjob_letsencrypt Thu Oct 20 08:37:02 EDT 2016 Called onBeforeRun() for class cronjob_letsencrypt Thu Oct 20 08:37:02 EDT 2016 Jobs next run is 2016-10-21 03:00:00 Thu Oct 20 08:37:02 EDT 2016 Date compare of 1477033200 and 1476967021 is -1 Thu Oct 20 08:37:02 EDT 2016 Called onCompleted() for class cronjob_letsencrypt Thu Oct 20 08:37:02 EDT 2016 run job (cronjob_letsencrypt) done. Thu Oct 20 08:37:02 EDT 2016 finished. Thu Oct 20 08:37:10 EDT 2016 Failed authorization procedure. lumpyjunk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://lumpyjunk.com/.well-known/acme-challenge/WZooR BXB7_o89X4emlrtumg_-pasoObfJUPTjqma6R0: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" Thu Oct 20 08:37:10 EDT 2016 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> Thu Oct 20 08:37:10 EDT 2016 <ht", www.lumpyjunk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.lumpyjunk.com/.well-known/acme-challenge/UScIYfmbKQEa-xcvSOQldnY cOVQVc62OS_dpqcDoE7U: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" Thu Oct 20 08:37:10 EDT 2016 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> Thu Oct 20 08:37:10 EDT 2016 <ht" Thu Oct 20 08:37:30 EDT 2016 finished.
Ok, so now its pointed to my 3 dns serves and entered in ispconfig, and i get same error. What should i check for next?
I don't think that it propagates this fast to all DNS servers. It's the Letsencrypt DNS servers that need to know the domain->ip until the verification will work. So I would propose to wait at least a few hours.
FYI I tired it with another domain i am not using, and it worked.... both point to same dns server and both work fine form the web via a browser. weird....
I was reading the FAQ for letsencrypt here --> https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ It say make sure letsencrypt is installed, but does not refer to a link or doc, does that mean just have the binary certbot-auto installed?
The installation is described din each of the perfect server guides for ispconfig 3.1 and the ispconfig manual. Beside that, you posted already in #7 of this thread that it worked for your other domain, so this implias that you installed it correctly as you wont have got a letsencrypt ssl cert otherwise.
I reposted because sometimes it works and sometimes no.... i cannot find anything in common so i wanted to make sure about the letsencryypt install procedure, i will check the manual again , for detailed install instructions for letsencrypt, and do more testing and get back to you. Thanks,,
Letsencrypt is installed correctly as you won't get a single cert when it was not installed correctly. So don't mess around with the letsencrypt install if you don't want to break your setup! If you get a cert or not for a domain simply depends on the fact if letsencrypt can reach that domain on your server or not and dns changes can take 34 hours, so don't try to activate letsencrypt on a domain where not all dns caches have the new IP yet. You can see the details in the letsencrypt log file.