latest ispconfig centos7.6 create a new site, tick the ssl/lets encrypt boxes lets encrypt log shows success and downloads the files into /etc/letsencrypt/live/domain-name/ 2019-10-04 22:01:18,442EBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/domainname.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/domainname.com/privkey.pem Your cert will expire on 2020-01-03. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" But it never puts the files in the var/www/domain/ssl folder, and never creates a .crt file. The domain .vhost file in sites-enable only has the NON SSL section, seems that that the SSL section that starts with <VirtualHost *:443> just never gets written. If I re-tick the ssl/lets encrypt boxes, its goes through the renew process, which it doesnt need, and ends up doing the same thing. Currently have 3 domains that work fine, and have valid certs, but ispconfig just wont cooperate. Suggestions? I feel like certbot is failing to move files to the right place, or ispcofig is failing at something, but I'm not sure where the line is between the two things.
04.10.2019-22:01 - DEBUG - Adding the user: web71 04.10.2019-22:01 - DEBUG - Creating symlink: ln -s /var/www/clients/client1/web71/ /var/www/domainname.com 04.10.2019-22:01 - DEBUG - Creating symlink: ln -s /var/www/clients/client1/web71/ /var/www/clients/client1/domainname.com 04.10.2019-22:01 - DEBUG - exec: chown -R web71:client1 /var/www/clients/client1/web71/web 04.10.2019-22:01 - DEBUG - exec: chown web71:client1 /var/www/clients/client1/web71/web 04.10.2019-22:01 - DEBUG - exec: usermod --groups sshusers web71 2>/dev/null 04.10.2019-22:01 - DEBUG - Writing the vhost file: /etc/httpd/conf/sites-available/domainname.com.vhost 04.10.2019-22:01 - DEBUG - Creating symlink: /etc/httpd/conf/sites-enabled/100-domainname.com.vhost->/etc/httpd/conf/sites-available/domainname.com.vhost 04.10.2019-22:01 - DEBUG - Created AWStats config file: /etc/awstats/awstats.domainname.com.conf 04.10.2019-22:01 - DEBUG - Apache status is: running 04.10.2019-22:01 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 04.10.2019-22:01 - DEBUG - Restarting httpd: systemctl restart httpd.service 04.10.2019-22:01 - DEBUG - Apache restart return value is: 0 04.10.2019-22:01 - DEBUG - Apache online status after restart is: running 04.10.2019-22:01 - DEBUG - Processed datalog_id 2960 04.10.2019-22:01 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 04.10.2019-22:01 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 04.10.2019-22:01 - DEBUG - Verified domain domainname.com should be reachable for letsencrypt. 04.10.2019-22:01 - DEBUG - Verified domain www.domainname.com should be reachable for letsencrypt. 04.10.2019-22:01 - DEBUG - Create Let's Encrypt SSL Cert for: domainname.com 04.10.2019-22:01 - DEBUG - Let's Encrypt SSL Cert domains: --domains domainname.com --domains www.domainname.com 04.10.2019-22:01 - DEBUG - exec: /bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains domainname.com --domains www.domainname.com --webroot-path /usr/local/ispconfig/interface/acme 04.10.2019-22:01 - DEBUG - Let's Encrypt Cert file: does not exist. 04.10.2019-22:01 - DEBUG - Writing the vhost file: /etc/httpd/conf/sites-available/domainname.com.vhost 04.10.2019-22:01 - DEBUG - Apache status is: running 04.10.2019-22:01 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 04.10.2019-22:01 - DEBUG - Restarting httpd: systemctl restart httpd.service 04.10.2019-22:01 - DEBUG - Apache restart return value is: 0 04.10.2019-22:01 - DEBUG - Apache online status after restart is: running 04.10.2019-22:01 - DEBUG - Processed datalog_id 2961
Sorry, was posting that just as you replied. Contents of the renewal file for the domain # renew_before_expiry = 30 days version = 0.38.0 archive_dir = /etc/letsencrypt/archive/domainname.com cert = /etc/letsencrypt/live/domainname.com/cert.pem privkey = /etc/letsencrypt/live/domainname.com/privkey.pem chain = /etc/letsencrypt/live/domainname.com/chain.pem fullchain = /etc/letsencrypt/live/domainname.com/fullchain.pem # Options used in the renewal process [renewalparams] account = d96377783318765671714b7af1c7cdff server = https://acme-v02.api.letsencrypt.org/directory authenticator = webroot rsa_key_size = 4096 webroot_path = /usr/local/ispconfig/interface/acme, [[webroot_map]]
There should be domain name(s) under this otherwise your LE SSL option box will become unticked. What is your ISPConfig and certbot version, because this was aready fixed since some version ago.
Ok, I think I have it resolved. In my efforts to fix some show stopper problems with amavis, I restored to a backup that was running 3.1.13 / 38 of certbot I have since upgraded to latest of both, which has corrected 2 of the 3 sites I having problems with. The 3rd still behaves similarly. Will keep working on sorting out whats on with the 3rd. I assume this problem was corrected before 3.1.13 as I never saw it, but whatever the upgrade to 3.1.15 seems to have fixed most of it. Update. the 3rd domain has failed because of rate limits with letsencrypt passed during testing. So I'll have to wait a few days and try again with that 3rd site.
