Internal error 500 lets encrypt

Discussion in 'Installation/Configuration' started by geegz, Dec 28, 2016.

  1. geegz

    geegz New Member

    Same behavior...

    Should I do the whole tar xfz ISPConfig-3-stable.tar.gz thing? Or do I need to do an update?

    I just tried to redo the install starting a wget but it said it found another installation and to do an update instead, will try that now
  2. cbj4074

    cbj4074 Member

    Ahh, okay... yeah, you may need to do an upgrade instead of an install, even if you're "upgrading" to the same version. (And you probably can't do "", because it'll tell you that you're already on the latest version [assuming that is in fact the case].)

    You should be able to do something like this (if you haven't discovered this already):

    cd /tmp
    tar xvfz ISPConfig-3.1.1p1.tar.gz
    cd ispconfig3_install/install
    php -q update.php
    I would accept the default options during the wizard.
  3. geegz

    geegz New Member

    So after I did that, I'm now getting the directory is not empty error when lets encrypt is cleaning up... weird:
    To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP add$
    2017-01-06 21:07:09,832:INFO:certbot.auth_handler:Cleaning up challenges
    2017-01-06 21:07:09,833:DEBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/iz7biOw2GwjpSy8w4_vEqZR$
    2017-01-06 21:07:09,833:INFO:certbot.plugins.webroot:Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-chal$
    2017-01-06 21:07:09,833:DEBUG:certbot.plugins.webroot:Error was: [Errno 39] Directory not empty: '/usr/local/ispconfig/interface/acme/.well-known/acm$
    2017-01-06 21:07:09,836:DEBUG:certbot.main:Exiting abnormally:
    Re-ran nginx -t and vhost checks out
  4. cbj4074

    cbj4074 Member

  5. geegz

    geegz New Member

  6. cbj4074

    cbj4074 Member

    Okay, wow, that's incredible... so, you still see the "access denied by rule" and all the recursive error page stuff?!

    That just doesn't make any sense to me.

    If you jam some invalid junk in your vhost config, by editing the file directly on the filesystem, save the file, and then "nginx -t", does it complain about the invalid junk?

    It really feels to me like either a) you are looking at the wrong vhost file, or b) requests to your domain are resolving to a vhost other than the one you expect.

    Something truly bizarre is going on there!
  7. geegz

    geegz New Member

    I restored that err vhost file and reran the nginx -t command and it complained

    For A: I only have the one site installed via ispconfig, would that matter?

    For B: would removing the site and then re-adding help in clearing that out if its actually that?
    would removing the site itself remove my emails? The all important question lol

    I also have rainloop (webmail client) installed if thats important
  8. cbj4074

    cbj4074 Member

    Hi! Sorry for the delayed reply.

    Hmm, okay; if you restored the .err file and nginx complained, then the file does seem to be effective.

    The fact that you have only one site installed via ISPConfig does matter. But to be clear, do you have other sites on the same server, that aren't handled by ISPConfig? Because that matters, too.

    No; removing the site and re-adding it would not affect your email. Email is handled apart from websites in ISPConfig. The only way your email would conceivably be deleted is if you were to delete either the Email Domain, or the specific mailbox. Each of these actions would have to be undertaken in the Email tab in ISPConfig's primary navigation.

    I suppose if you were to delete your client account, that might do it, too. But I've never tried that.

    In any case, you should be perfectly safe to delete a website and re-add it, provided you have its contents backed-up and aren't worried about losing anything related to it. I don't think that deleting a website deletes any associated database, but I wouldn't want to find out the "hard way".

    You should definitely backup anything you can't afford to lose before you go down that road, though!

    Edit to Add:

    Regarding Rainloop, it really depends on how you installed it. I'd have to see the nginx configuration you're using to comment further!
    Last edited: Jan 9, 2017
  9. geegz

    geegz New Member

    Sorry for the delay! I dont actually have any internet at home and I got snowed in for a few days -_-

    The only other thing running on my box would be rainloop.

    I believe the only thing I added was this line:

    location ^~ /data {
      deny all;
    Here's my nginx.conf:

    user www-data;
    worker_processes auto;
    pid /run/;
    include /etc/nginx/modules-enabled/*.conf;
    events {
        worker_connections 768;
        # multi_accept on;
    http {
        # Basic Settings
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;
        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        # SSL Settings
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        # Logging Settings
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        # Gzip Settings
        gzip on;
        gzip_disable "msie6";
        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
        # nginx-naxsi config
        # Uncomment it if you installed nginx-naxsi
        #include /etc/nginx/naxsi_core.rules;
        # Virtual Host Configs
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
    #mail {
    #    # See sample authentication script at:
    #    #
    #    # auth_http localhost/auth.php;
    #    # pop3_capabilities "TOP" "USER";
    #    # imap_capabilities "IMAP4rev1" "UIDPLUS";
    #    server {
    #        listen     localhost:110;
    #        protocol   pop3;
    #        proxy      on;
    #    }
    #    server {
    #        listen     localhost:143;
    #        protocol   imap;
    #        proxy      on;
    #    }

    Here's the rainloop.conf found in sites-available:
    server {
        listen 80;
        server_name rainloop.lan;
        rewrite        ^ https://$server_name$request_uri? permanent;
        access_log /var/log/nginx/rainloop.lan.access.log;
        error_log /var/log/nginx/rainloop.lan.error.log;
        root /srv/www/rainloop/;
        # serve static files
        location ~ ^/(images|javascript|js|css|flash|media|static)/  {
         root    /srv/www/rainloop/;
         expires 30d;
        location / {
            index index.html index.htm index.php;
                    autoindex on;
                    autoindex_exact_size off;
                    autoindex_localtime on;
    location ^~ /data {
      deny all;
        location ~ \.php$ {
            #fastcgi_pass; (depending on your php-fpm socket configuration)
            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
    I think I'm going to try deleting the site and re-adding to see what happens. Will report back!
  10. geegz

    geegz New Member

    I removed the site, then re-added and lets encrypt SSL box stayed checked! Confirmed SSL is enabled by going directly to my site!!

    I REALLY appreciate all the time you spent helping me cbj4074, DM me, I'll send you beer!

Share This Page