I have setup a new server Debian stretcht lastest patches based on https://www.howtoforge.com/tutorial...-9-stretch-apache-bind-dovecot-ispconfig-3-1/, installed it in my multiserver enviorement based on the the ISPconfig 3.1 manual. So far so good. I installed a website on that server. http://domainname.com works, http://www.domainname.com does not work, autodomain is www, DNS is set up correct tripple checked. any other webservers on other domains running on debian jessie servers works fine, compared the setup did not found differences. Second problem. SSL Ich checked SSL and letsencrypt checkboxes, click "save" the red countdowns goes down dissapears. A new check shows the the checkboxes empty, SSL does not work, Other domains an jessie server work. It is urgent Thanks Rainer
Please check if you have AAAA record set in DNS for that www.domain but did not configure ipv6 for it in ISPConfig. The LE checkbox going unchecked after processing means that letsencrypt failed to create a certificate for that domain. Please check the ISPConfig log or run /usr/local/ispconfig/server/server.sh manually as soon as you checked the boxes and saved, so you can see letsencrypt's output.
I do not use IPv6 nor have ever had AAAA. I will test it. By the way the chrooted shell user works fine now Thanks Rainer P.S. I have at least 5 Sites on the other webserver in the same multiserver system where Let's Encrypt works fine, so that is not new to me and I'working wit ISPconfig at least 3 ore mor years.
Debug shows Code: 23.11.2017-15:51 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 23.11.2017-15:51 - WARNING - Could not verify domain elevatorplanning.com, so excluding it from letsencrypt request. 23.11.2017-15:51 - WARNING - Could not verify domain www.elevatorplanning.com, so excluding it from letsencrypt request. 23.11.2017-15:51 - WARNING - Let's Encrypt SSL Cert for: elevatorplanning.com could not be issued. We are hosting this domain and website since more than 15 year. We created, maintainted and hosted the web site (based on TYPO3) since 10 years, we support ssl for this website since let's encrypt was buildin ISPconfig. The reason for the change now was that the customer would have build his website on wordpress by someone other, but still host by us. So we set up the extra the new server based on stretch, as on the old server the chrooted shellaccess did not work. shell access ist not really needed but the only way to have sftp access with with certificates and not using passwords. I did not need to open ftp ports, even ftps on my firewall the about last 30 years an will not do it in the feature. So whats going wrong,my be that ist in conjunction with the problem, that autosubdomin www does not work too. Thanks Rainer
The problem might be that the letsencrypt plugin first checks connecting to the domain from the local server, which – if you are using private network – might lead to an error when fetching the test-file and such excluding the domain (or sub/aliasdomain) from the letsencrypt request to avoid being blocked by the LE servers for too many failed requests. You can disable this check in the server config inside of ISPConfig (skip le check).
The server can get updates directly from Debian, why should it not get a file from letsencrypt. "You can disable this check in the server config inside of ISPConfig (skip le check)." In the source code? I do not like to modify that. But we have a new IP fror that domain, as it is a new server, we updated DNS too, you can see the default ISPconfig website if you call http://eevatorplanning.com but see our default page if you call http://www.elevatorplanning.com, but ping www.elevatorplanning.com works fine with the correct address. My be letsencrypt has problem that the IP has changed so I may have to contact letsencrypt. But that does not solve the autosubdomain problem. Rainer
No, you get me wrong. The check is ISPConfig-internal in the ISPConfig letsencrypt plugin and was added to avoid that people try creating LE certs for domains set up in ISPC but not pointing to the server in DNS. If you use a local nat-ed network it might be that this internal check fails and such removes the domain from the request and does not even ask LE to create a cert for it. There is an option in the server config (not source code) to disable that check. System -> server config -> select server -> tab "web" -> section "ssl" -> skip le check -> save.
Not here. I get a DNS servfail when trying to resolve any of those domains, so LE won't be able to reach them either.
OK I will try but can still not understand why that is no problems since months on the other web server with identical FW configuration. Still exist the subdomain problem. Thank you for quick responseses Rainer
Might be, but resolving does not work: Code: $> host elevatorplanning.com Host elevatorplanning.com not found: 2(SERVFAIL) $> dig A elevatorplanning.com ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37061 ;elevatorplanning.com. IN A
??? for me, dnsstuff can resolve Tried from a custumers server I have remote access Code: dig A elevatorplanning.com ; <<>> DiG 9.9.5-9+deb8u14-Debian <<>> A elevatorplanning.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41155 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;elevatorplanning.com. IN A ;; Query time: 57 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Nov 23 16:48:49 CET 2017 ;; MSG SIZE rcvd: 49 root@ME-FW:~#
As you can see your test failed. No A record found on google server. Seems your DNS entries on your own DNS server don't make it through the internet ;-) Google DNS (8.8.8.8) does not know the entries and other name servers don't know them, either. Maybe there is something mis-configured in the DNS so it does not allow the entries being propagated. Can't tell you what's wrong there on your side.
Thanks for your patience. OK thats right, but I use the ISPconfig DNS server all the time, for primary an secondary on different IP addresses, I use these DNS servers, far all of the domains, so elevatorplanning.com uses the sam DNS server a i.e. muekno.de, zen-works.de, gerdakloos.de they all are found by Google. Elelvatorplanning.com ist found by DNS Stuff too as all the others. The only difference I did not create new records for elevatorplanning.com. and the www subdomain, I just updated the A records . They hat 68 and now 70 in the place. Rainer
I'm sorry, I have no idea why this zone is not propagated to the worldwide name servers. You might try to delete and re-create it.
OK it seems thats the only thing I can try. But do you have any idea concerning the subdomain problem Rainer
id a ckeck at https://dnschecker.org/#A/elevatorplanning.com most everybody got it but not google, switzerland and india quite funny but the webserver itself is https.gerdakloos.de is know by google it is on the same DNS server
There is something terrible wrong with the dns for this domain. You can check this at http://dnsviz.net. Are you sure, the DNSSEC is working?
Hey thank you again for help and patience. Seems to work now. Let's Encrypt and www subdomain. Must be a problem transfering the DNSSEC Key to my registrar Internet X. Got an OK Message every time. But I had to do it twice this morning. I did a cut and paste every time. After the second time it works. Why now and not before, who knows. Rainer
