Hi There I have just completed a complete rebuild of my servers ...Because I can!!! and I want to learn!!! Anyway... I cannot understand why the SSL cert for server1.mydomain.com:8080 are not working I have created another site mydomin.com and that works and is secure but when I direct it via port 8080 it is no longer secure. So my questions are, How can I find out / understand why the "Let's Encrypt" check box for server1.mydomain.com will not stay checked And why is it when I direct a secure site via port 8080 it's no longer secure Hope I've explained that well enough to understand Thanks in advance
Hi Till I am assuming it is up to date, ***"Check that you have Let’s Encrypt (certbot) installed. ISPConfig 3.1.16 and newer will also support acme.sh as client." I have just only yesterday reinstalled using your "The perfect server guide for Debian buster" You are missing a step in the guide btw "apt-get install curl" is missing from your installs list its required or you will not be able to run "curl https://get.acme.sh | sh -s" ***"Check that the Let's encrypt client 'certbot' is updated (when using certbot)." I was under the impression that this is taken care of as your guide states "ISPConfig is using acme.sh" ***"Check that you run the latest ISPConfig version." Yes confirmed. ***"When your server is behind a NAT router " I'm not so this is fine, besides it was previously working without changing this setting ***"- Check that all domain names" Yes this is confirmed, I have also created the "A" and "CNAME" etc records ***"- If you still use Apache 2.2" I am using the version you suggested in your guide ***"use Tools > resync to apply the new template to all sites" Confirmed this is completed successfully ***"I ran the ISPConfig 3.1 install script as suggested in your guide Still can't get it to work. Any other suggestions Many thanks
You've gone through some steps of the FAQ, but not all. Follow the FAQ to the end and post the debug output.
***Set log level to Debug under System > System > Server Config Confirm ***Run crontab -e Confirm ***Comment out "#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log" Confirm ***"Run the server script manually to get detailed debug output" Confirm ***Report the output " root@martin:/# /usr/local/ispconfig/server/server.sh finished server.php. root@martin:/# " The syslogs shows NO errors No errors or Debug info I've obviously missed something after looking over your FAQ at least 10 times or more and digging through the logs I don't know what else to do. It is quite obvious I have got something wrong but cannot put my finger on it. Sorry, this is a little negative but I'm willing to try anything at the moment.
Check again, you have not set the log level to debug yet. Probably you have set Send email to admin starting with the following level' to debug instead of 'loglevel' or something similar.
I've just reinstalled again... but this time paid close attention to the messages I've been getting. Apart from when I'm installing ISPc3 everything is fine However, Code: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: Checking / creating certificate for server1.mydomain.com Using certificate path /etc/letsencrypt/live/server1.mydomain.com Server's public ip(s) (123.123.123.123) not found in A/AAAA records for server1.mydomain.com: Ignore DNS check and continue to request certificate? (y,n) [n]: y When I continue and it asks for my sto secure ISP with SSL Code: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: Checking / creating certificate for server1.mydomain.com Using certificate path /etc/letsencrypt/live/server1.mydomain.com Server's public ip(s) (123.123.123.123) not found in A/AAAA records for server1.mydomain.com: Ignore DNS check and continue to request certificate? (y,n) [n]: y Using apache for certificate validation [Tue 29 Dec 12:48:14 GMT 2020] server1.mydomain.com:Verify error:DNS problem: NXDOMAIN looking up A for server1.mydomain.com - check that a DNS record exists for this domain [Tue 29 Dec 12:48:14 GMT 2020] Please add '--debug' or '--log' to check more details. [Tue 29 Dec 12:48:14 GMT 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt Could not issue letsencrypt certificate, falling back to self-signed. Could this be the issue? If so how do I fix it Many thanks PS I have not done anything to it at the moment its still a clean install
server1.mydomain.com must exits in DNS as A-Record and it must point to the IP address of your server so that it is reachable from the internet.
Yes, this is confirmed... I have placed an A record with my Domain provider for the appropriate domain name server1.mydomain.com and mydomain.com and these are pointing to my external IP... I am aiming to get my own Name server working eventually
But the error shows that neither the ispconfig installer is able to reach your server under this name nor does let's encrypt systems are able to reach it. So either the DNS record is incorrect or you blocked access to port 80 and 443 from the internet e.g. by using an external firewall or you use a router and did not forward traffoc from your external Ip to the internal server IP.
OK now I'm confused I have definitely and correcting entered my "A" records correctly and they have been in place for some time (I'm talking years) but when I put my HTTP or https://server1.mydomain.com it is not resolving. This can only be that my domain registrar Nameservers are not resolving my domain to my IP however, domain.com is being resolved correctly . ???? I will contact them and see what's going on
Seems there is an error with my domain registrar, and they are currently working on it to resolve the issue. I will keep you informed! Thanks for the input so far guys
OK, my domain registrar has managed to list my own Nameservers ns1 and ns2. Could I please have some guidance on how to recreate or test the for the previously mentioned error? Code: Using apache for certificate validation [Tue 29 Dec 12:48:14 GMT 2020] server1.mydomain.com:Verify error:DNS problem: NXDOMAIN looking up A for server1.mydomain.com - check that a DNS record exists for this domain [Tue 29 Dec 12:48:14 GMT 2020] Please add '--debug' or '--log' to check more details. [Tue 29 Dec 12:48:14 GMT 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt Could not issue letsencrypt certificate, falling back to self-signed. Many thanks
My guess is server1.mydomain.com does not have A record. My signature has link to DNS tutorial, with info on how to test DNS is working. For example, test this way: Code: dig server1.mydomain.com A
