I posted SSL part from vhost file, because @sjau asked about look ispc vhost file. I have there Code: # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle here is SSLCipherSuite and SSLHonorCipherOrder On and nothing more about ssl certificates.
Hi. I am sorry if my question already have been covered in this thread, but I have some SSL issues and I really can't find out how to fix them. When I installed ispConfig, i did make a self signed SSL certificate through SSH, I would like to have a new one created, the company name have changed. More importantly, I want to use Let's Encrypt for all sites I host through ispconfig. But whenever i enable either ssl or ssl + lets encrypt, ispconfig updates settings, but nothing is happening. When i go back into the site settings, both checkboxes are disabled, and of course no SSL has been generated. I am sorry if this is a noob question, but I hope that you can help me out. I've spend a lot of time reading through this thread and others, unable to learn what I need to do. I do have live customer pages online on the server now, and it is just now that the need for ssl is important. Best regards, Anders
Since you say you have the LE checkbox in the ISPC Interface I assume you do have at least ISPC 3.1. In order to use LE with ISPC 3.1+ you need to get the client. See the following link on how to do that. https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt Once you have the LE client (nowadays called certbot), it should automagically work for websites by using the webinterface. As for getting valid cert for your ISPC installation itself, it's a bit more complicated. I prefer meanwhile the DNS-01 method and have written a little howto here: https://www.howtoforge.com/communit...utomated-dns-01-challenge-for-ispc-3-1.74850/ Here's a bit more detailed setup using certbot: https://www.howtoforge.com/communit...ntrol-panel-with-lets-encrypt-free-ssl.75554/
@sjau : Just wondering whether one has to manually add a crontab job for renewal check in ISPconfig 3.1.5 or UI takes care of renewal every 90 days once the SSL and Let's Encrypt tabs are selected under Sites >> Domains? In the former case what is the ideal command to append the crontab if the server is nginx? Thanks!
@Sir Henry, thanks for prompt reply. But in my case, that didn't reflected in real till I was running ISPC 3.1.2. I cannot say now after upgrading to 3.1.5.
Sometimes ISPC has problems with existing symbolic links from an earlier manual LE installation or with wrong permissions. If the renewal does not work, you will find the reason in the ISPC logs.
Hi, I've a problem enabling Let's Encrypt flag into ISPConfig 3. Let's Encrypt works, i've correctly performed the "perfect installation" with certbot-auto, SSL Certificates are ok for my site... But ISPConfig won't update the flag... Why?
You mean you created the SSL cert manually with certbot-auto instead of doing this trough ISPConfig? In this case, LE will not work in ISPConfig anymore until you remove the config and SSL cert that certbot added. Then you can create a new SSL cert within ISPConfig. The reason is that certbot does not understand the apache config correctly and messes it up, it adds a duplicate config file which then blocks all website config changes.
Hi Till, thank you for your reply. But, can you tell me what i must delete? At the /etc/letsencrypt/live there are some folder who contains SSL certs... This one?
Search for files and folders with that domain name in /etc/letsencrypt and delet them (make a backup of the whole /etc/letsencrypt folder before you do that). Then search in the apache vhost folders (/etc/apache2/sites-enabled and /etc/apache2/sites-available if there are any files with '-le' in the file name, these are created by certbot and need to be removed, then restart apache.
I've tried... but it doesn't work for me... I'm sure that those file are completely removed, but the Let's Encrypt flag was disable. How can i also check? p.s.: the SSL certs was rebuilt correctly on /etc/letsencrypt subfolders... live, archive and renewal conf...
You can see in debug mode, why the setting was disabled again. https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
Hi Till, i've read the guide on faqforge, but the .sh return no error. §(eg.:"Finished") This on ispconfig cron.log: Fri Sep 1 07:49:03 UTC 2017 Saving debug log to /var/log/letsencrypt/letsencrypt.log Fri Sep 1 07:49:04 UTC 2017 Obtaining a new certificate Fri Sep 1 07:49:04 UTC 2017 Performing the following challenges: Fri Sep 1 07:49:04 UTC 2017 http-01 challenge for XXX.XXX Fri Sep 1 07:49:04 UTC 2017 http-01 challenge for XXX.XXX.XXX Fri Sep 1 07:49:04 UTC 2017 Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains. Fri Sep 1 07:49:04 UTC 2017 Waiting for verification... Fri Sep 1 07:49:08 UTC 2017 Cleaning up challenges Fri Sep 1 07:49:08 UTC 2017 Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge Fri Sep 1 07:49:15 UTC 2017 finished. "Unable to clean up challenge directory"... is this the error? Thank you.
No, that's ok. Please do a debug as described in the debug instructions. This will show you if the changes in the vhost.conf file could not be applied.
Hi till, sorry but i've done that described in the debug istructions... the report shown is the same of the cron.log file.
The output that you posted is not the output from server.sh file in debug mode as described in the debug instructions. The dbeug output looks like this: Code: root@server1:~# /usr/local/ispconfig/server/server.sh _ 13.08.2017-00:35 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 13.08.2017-00:35 - DEBUG - Found 1 changes, starting update process. 13.08.2017-00:35 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 13.08.2017-00:35 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 13.08.2017-00:36 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/c1.tld.vhost 13.08.2017-00:36 - DEBUG - Apache status is: running 13.08.2017-00:36 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 13.08.2017-00:36 - DEBUG - Restarting httpd: systemctl restart apache2.service 13.08.2017-00:36 - DEBUG - Apache restart return value is: 0 13.08.2017-00:36 - DEBUG - Apache online status after restart is: running 13.08.2017-00:36 - DEBUG - Processed datalog_id 123 13.08.2017-00:36 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished. root@server1:~#
Hi, everyone! I'm curious as to the inner-workings of ISPConfig's Let's Encrypt implementation. Specifically, how and when does ISPConfig attempt to renew certificates issued via Let's Encrypt? Is it every time I modify and save a website? Is it on a set schedule via cron or similar? Thanks for any insight here!
