I tried to install let's encrypt using this guide - https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt Only the part for let's Encrypt. but while installing ./certbot-auto I am encountered with these errors: Code: Get:1 Changelog for libssl1.0.0 (http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1-4ubuntu5.38/changelog) [122 kB] openssl (1.0.1-4ubuntu5.38) precise-security; urgency=medium * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883) - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow check in crypto/bn/bn_print.c. -- Marc Deslauriers <[email protected]> Fri, 23 Sep 2016 07:59:32 -0400 openssl (1.0.1-4ubuntu5.37) precise-security; urgency=medium * SECURITY UPDATE: Constant time flag not preserved in DSA signing - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in crypto/dsa/dsa_ossl.c. - CVE-2016-2178 * SECURITY UPDATE: DTLS buffered message DoS - debian/patches/CVE-2016-2179.patch: fix queue handling in ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c, ssl/ssl_locl.h. - CVE-2016-2179 * SECURITY UPDATE: OOB read in TS_OBJ_print_bio() - debian/patches/CVE-2016-2180.patch: fix text handling in crypto/ts/ts_lib.c. - CVE-2016-2180 * SECURITY UPDATE: DTLS replay protection DoS - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed records in ssl/d1_pkt.c. - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c. - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h. - CVE-2016-2181 * SECURITY UPDATE: OOB write in BN_bn2dec() - debian/patches/CVE-2016-2182.patch: don't overflow buffer in crypto/bn/bn_print.c. - CVE-2016-2182 * SECURITY UPDATE: SWEET32 Mitigation - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH to MEDIUM in ssl/s3_lib.c. - CVE-2016-2183 * SECURITY UPDATE: Malformed SHA512 ticket DoS - debian/patches/CVE-2016-6302.patch: sanity check ticket length in ssl/t1_lib.c. - CVE-2016-6302 : How can I resolve it to move further?
Ok Croydon, Now I am facing this problem when running apt-get upgrade Code: E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem. root@server1:/home/pawan# sudo dpkg --configure -a dpkg: dependency problems prevent configuration of libssl-dev: libssl-dev depends on libssl1.0.0 (= 1.0.1-4ubuntu5.38); however: Version of libssl1.0.0 on system is 1.0.1-4ubuntu5.36. dpkg: error processing libssl-dev (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: libssl-dev root@server1:/home/pawan# How to address thsi?
Hi Croydon I have run that command as well as apt-get update and apt-get upgrade. Now I am getting this error Code: E: Internal Error, No file name for libssl1.0.0 I am really stuck with this and couldn't find a solution.
I think I have resolved it. I have run these commands and reboot the system then run the update commands Code: sudo rm /var/lib/apt/lists/lock sudo rm /var/cache/apt/archives/lock Now when installing let's Encrypt I am presented with a dialogue box with all the names of my websites asking which names would like to activate HTTPS for what I should choose, don't have any idea. As I suppose that I can activate HTTPS for any website from within ISPCONFIG. So what I should do here, please guide.
Thanks Croydon. I did that as you suggested. Now Please tell me, how I can use let's encrypt in ISPCONFIG to generate the certificates. I mean how and where I should configure ispconfig3.1.
Go to the website settings, enable the letsencrypt checkbox for the website and press the save button.
Till, I have Checked for one website, but now non of mywebsite including IPSCONFIG control panel can be reached.
I have tried to reatart apache in terminal, but it failed. MY Apache log is like this: Code: [Thu Sep 29 15:30:24 2016] [error] [client 192.168.0.10] client denied by server configuration: /var/www/ispconfig/datalogstatus.php, referer: http://server1.mywebsolutions.co.in:8080/index.php [Thu Sep 29 15:30:25 2016] [error] [client 192.168.0.10] client denied by server configuration: /var/www/ispconfig/datalogstatus.php, referer: http://server1.mywebsolutions.co.in:8080/ [Thu Sep 29 15:31:24 2016] [notice] caught SIGTERM, shutting down [Thu Sep 29 15:31:25 2016] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Sep 29 15:31:25 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Thu Sep 29 15:31:25 2016] [notice] Digest: generating secret for digest authentication ... [Thu Sep 29 15:31:25 2016] [notice] Digest: done [Thu Sep 29 15:31:25 2016] [notice] FastCGI: process manager initialized (pid 27184) [Thu Sep 29 15:31:26 2016] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu Sep 29 15:31:26 2016] [notice] Apache/2.2.22 (Ubuntu) DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.6 PHP/5.3.10-1ubuntu3.24 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2011-06-30) mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations [Thu Sep 29 15:31:31 2016] [notice] caught SIGTERM, shutting down
The specific site for which I was trying to generate was cbsindia.in I removed the SSL code from the vhost of cbsindia and restarted apache. Not it restarted without any problem. Ok Let me try to recreate the problem, then I will post the output of the command.
Ok, First I deleted the certificate and saved. Next create certificate and saved. Now my websites are running without any problem. but when I am trying to access https://cbsindia.in it is raising security exception and telling that it is a self signed certificate. Also the SSL Key and SSL bundle field is remain blank. Code: cbsindia.in uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER
To get a letsencrypt certificate, all you do is to enable the letsencrypt checkbox and the ssl checkbox, nothing maore. if you wizld create a ssl cert manually on the ssl tab, then letsencrypt gets overwritten by your manual ssl cert.