was bored and spun up a test beta box - no issues with install - went smoothly added php 7.0.6 using jessie all working no issues - What is the process to test the https with letsencrypt? was reading other posts saying to install lets encrypt - which is easy enough but figured it might already be in the Beta but not sure - figured I'd ask before attempting that portion of it. - Poked around a little to see if there was any docs on the beta yet and didn't see any but that really doesn't mean much. Went ahead and setup a site - loaded static files - edited local hosts on PC and aimed at the beta install. pages loads fine - enable "Lets Encrypt & SSL" for the site check boxes Rewrite HTTP to HTTPS - on redirect checked still loads hxxp://testsite.com on http - https gives error: ERR_SSL_PROTOCOL_ERROR (testing via chrome - can't provide secure connection) ----
I'm not 100% positive, but I think obtaining a letsencrypt certificate requires a connection back to your server (there are snippets in the web server config to handle letsencrypt stuff, which is why I infer that); if you haven't changed DNS to point to the new server (as evidenced by changing your local hosts file), and my assumption is correct, then you won't be able to obtain a letsencrypt certificate using the automatic setup.
good call - now have it accessible inbound http-https-8080 then going to check boxes for SSL and Letsencrypt
Does anyone know the process the plugin uses to enable ssl via letsencrypt? have it accessible from external - all but DNS but can enable that too if needed - seems like the plugin just executes a request with domain.com and letsencrypt checks if the host is available - script places a confirmation file in the public directory and it is authenticated by letsencrypt then it passes the pem/cert/keys back ? I'm just guessing but it appears that is the ~(very rough) process...
Letsencrypt can not be used without working dns for the domain of that website as letsencrypt tries to reach the domain, so it must be resolvable and accessible by letsencrypt from their internet servers.
it is ... beta.domain.com - created a full website just as beta - and it is fully resolveable the resolution is via cloudflare in this case vs using local server as nameserver but the site non-ssl is resolveable externally -sent PM with actual domain name
So generic info that I ddin't get was its not installed with beta - you still have to install the needed dependancies. https://eblog.damia.net/2015/12/03/lets-encrypt-automation-on-debian/ however on the beta currently SSL isn't quite working right... my ~production box does generate self-signed correctly - but the test - doesn't probably my issue.. once I ran ./letsencrypt-auto it only saw the full domain - not sub which I used method 2 - either way ssl never setup correctly installing lets on the non 3.1 and trying again.
Just follow the ispconfig 3.1 perfect server guide, it installs everything incl. letsencrypt: https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/ https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/ The guide that you used above to install letsencrypt is incompatible with ispconfig will configure letsebncrypt in a way that it will not work anymore with ispconfig. As written in the perfect server guides, you have to run: ./letsencrypt-auto --help nothing else! If you have run ./letsencrypt-auto without --help or answered any questions of the ./letsencrypt-auto command, then you cant use letsencrypt in ispconfig anymore on this server as you configured it in standalone mode which prevents the creation of ssl certs from ispconfig.
It looks like cloudfare should work fine, using webroot authentication (see https://support.cloudflare.com/hc/e...ficate-on-a-Site-Already-Active-on-CloudFlare), and that appears to be what ispconfig currently uses: Code: root@host# grep -R letsencrypt /usr/local/ispconfig | grep authenticator /usr/local/ispconfig/server/plugins-enabled/apache2_plugin.inc.php: $success = $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php: $success = $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); /usr/local/ispconfig/server/plugins-available/nginx_plugin.inc.php: $success = $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); root@host# If it's not working, there is a comment on that page you might look in to:
awesome! Much appreciated - again knew it was probably my fault.. really like the look of the new 3.1 - I will definitely rebuild along the perfect build lines for 3.1 and get some more testing going! (also read the same link on cloudflare - but didn't know how ispconfig was setup - thx for updating!) Thanks again! ---- 30 min later ---- - also worked just like advertised! -
