ISPConfig 3.2.7p1 - not working the Let's Encrypt SSL Certificate

Discussion in 'Installation/Configuration' started by kalmarr, Dec 23, 2021.

  1. kalmarr

    kalmarr New Member

    Hello!


    I have a problem my ISPConfig 3.2.7p1 control panel experied the SSL. That is not working.

    (https:// admin. matrixcbs-server .hu : 8080)

    I tried the ispconfig_update.sh --force without much success...

    Code:
    #ls -la /usr/local/ispconfig/interface/ssl
    
    drwxr-x--- 2 root      root      4096 Dec 23 00:28 .
    drwxr-x--- 9 ispconfig ispconfig 4096 Sep 20 19:53 ..
    -rwxr-x--- 1 root      root        45 Dec 23 00:28 empty.dir
    -rwxr-x--- 1 root      root      2049 Dec 21 21:39 ispserver.crt
    lrwxrwxrwx 1 root      root        61 Dec 23 00:20 ispserver.crt-20211221213909.bak -> /etc/letsencrypt/live/admin.matrixcbs-server.hu/fullchain.pem
    -rwxr-x--- 1 root      root      2049 Dec 21 21:44 ispserver.crt-20211221214405.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 21:50 ispserver.crt-20211221215011.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 21:51 ispserver.crt-20211221215115.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 21:56 ispserver.crt-20211221215625.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 22:05 ispserver.crt-20211221220526.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 22:20 ispserver.crt-20211221222039.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 22:24 ispserver.crt-20211221222413.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 22:25 ispserver.crt-20211221222532.bak
    -rwxr-x--- 1 root      root      2049 Dec 21 22:38 ispserver.crt-20211221223809.bak
    -rwxr-x--- 1 root      root      2049 Dec 23 00:28 ispserver.crt-20211223002854.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 21:39 ispserver.key
    lrwxrwxrwx 1 root      root        59 Dec 23 00:20 ispserver.key-20211221213909.bak -> /etc/letsencrypt/live/admin.matrixcbs-server.hu/privkey.pem
    -rwxr-x--- 1 root      root      3272 Dec 21 21:44 ispserver.key-20211221214405.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 21:50 ispserver.key-20211221215011.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 21:51 ispserver.key-20211221215115.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 21:56 ispserver.key-20211221215625.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 22:05 ispserver.key-20211221220526.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 22:20 ispserver.key-20211221222039.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 22:24 ispserver.key-20211221222413.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 22:25 ispserver.key-20211221222532.bak
    -rwxr-x--- 1 root      root      3272 Dec 21 22:38 ispserver.key-20211221223809.bak
    -rwxr-x--- 1 root      root      3272 Dec 23 00:28 ispserver.key-20211223002854.bak
    -rwxr-x--- 1 root      root      5321 Dec 23 00:28 ispserver.pem
    -rwxr-x--- 1 root      root      5321 Dec 21 21:44 ispserver.pem-20211221214405.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 21:50 ispserver.pem-20211221215011.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 21:51 ispserver.pem-20211221215115.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 21:56 ispserver.pem-20211221215625.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 22:05 ispserver.pem-20211221220526.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 22:20 ispserver.pem-20211221222039.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 22:24 ispserver.pem-20211221222413.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 22:25 ispserver.pem-20211221222532.bak
    -rwxr-x--- 1 root      root      5321 Dec 21 22:38 ispserver.pem-20211221223809.bak
    -rwxr-x--- 1 root      root      5321 Dec 23 00:28 ispserver.pem-20211223002854.bak
    
    I tried restart the Apache.... and restart full server.....

    Code:
    ls -la /etc/letsencrypt/live/admin.matrixcbs-server.hu/
    total 12
    drwxr-xr-x  2 root root 4096 Dec 21 22:17 .
    drwx------ 19 root root 4096 Dec 22 20:21 ..
    lrwxrwxrwx  1 root root   54 Dec 22 20:21 cert.pem -> ../../archive/admin.matrixcbs-server.hu-0004/cert1.pem
    lrwxrwxrwx  1 root root   55 Dec 22 20:21 chain.pem -> ../../archive/admin.matrixcbs-server.hu-0004/chain1.pem
    lrwxrwxrwx  1 root root   59 Dec 22 20:21 fullchain.pem -> ../../archive/admin.matrixcbs-server.hu-0004/fullchain1.pem
    lrwxrwxrwx  1 root root   57 Dec 22 20:21 privkey.pem -> ../../archive/admin.matrixcbs-server.hu-0004/privkey1.pem
    -rw-r--r--  1 root root  692 Sep 20 19:38 README
    
    I tried reconfigure full ispconfig.....

    Code:
    #php -v
    PHP 7.4.3 (cli) (built: Nov 25 2021 23:16:22) ( NTS )
    Copyright (c) The PHP Group
    Zend Engine v3.4.0, Copyright (c) Zend Technologies
        with Zend OPcache v7.4.3, Copyright (c), by Zend Technologie
    I've been trying to figure it out for days. I wonder what I didn't do.....

    Everything worked on the first installation. The error suddenly appeared.

    Thx.

    Robert
     
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

  3. kalmarr

    kalmarr New Member

    Thx. Now I don't know what went wrong... I've been trying to figure it out ever since, but I can't solve the certificate problem. Not working the admin certificate and SMTP certificate. Example I cant't configure the SMTP to Gmail....
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The problem seems to be that certbot is not able to renew the cert and certbot is also not able to get a new cert, that's why a forced ispconfig update produces a self-signed ssl cert. Take a look into the /var/log/letsencrypt/letsencrypt.log file to find out why certbot is not able to renew your cert or to issue a new cert. It might also be that certbot is outdated if your system is a older system, in this case you must install a current certbot version via snap as described on the certbot website (just don't use certbot to issue a cert manually, let the ispconfig updater do that after you installed the new certbot version).
     
  5. kalmarr

    kalmarr New Member

    Of course, I'm already past the "ispconfig_update.sh --force " command...


    Code:
    2022-01-02 23:21:18,225:DEBUG:acme.client:Storing nonce: 01027bHYO8CZxXUAnxv3upHlT1tiV2UX27wvNn_MGz-mseI
    2022-01-02 23:21:18,226:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
        lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
        lineage = le_client.obtain_and_enroll_certificate(domains, certname)
      File "/usr/lib/python3/dist-packages/certbot/client.py", line 431, in obtain_and_enroll_certificate
        return storage.RenewableCert.new_lineage(
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 1003, in new_lineage
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: archive directory exists for admin.matrixcbs-server.hu-0001
    2022-01-03 03:00:19,293:DEBUG:certbot.main:certbot version: 0.40.0
    2022-01-03 03:00:19,294:DEBUG:certbot.main:Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"]
    2022-01-03 03:00:19,294:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2022-01-03 03:00:19,305:DEBUG:certbot.log:Root logging level set at 20
    2022-01-03 03:00:19,306:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2022-01-03 03:00:19,401:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2022-01-03 03:00:19,427:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/admin.matrixcbs-server.hu-0001.conf is broken. Skipping.
    2022-01-03 03:00:19,427:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    
    2022-01-03 03:00:19,460:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7feab5153fd0> and installer <certbot.cli._Default object at 0x7feab5153fd0>
    2022-01-03 03:00:19,490:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 03:00:19,493:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 03:00:19,512:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 03:00:19,514:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 03:00:19,556:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 03:00:19,557:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 03:00:19,594:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 03:00:19,596:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 03:00:19,616:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 03:00:19,617:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 03:00:19,713:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 03:00:19,714:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 03:00:19,714:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1287, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 486, in handle_renewal_request
        raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    2022-01-03 07:28:01,177:DEBUG:certbot.main:certbot version: 0.40.0
    2022-01-03 07:28:01,178:DEBUG:certbot.main:Arguments: ['-q']
    2022-01-03 07:28:01,178:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2022-01-03 07:28:01,194:DEBUG:certbot.log:Root logging level set at 30
    2022-01-03 07:28:01,195:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2022-01-03 07:28:01,202:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2022-01-03 07:28:01,206:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/admin.matrixcbs-server.hu-0001.conf is broken. Skipping.
    2022-01-03 07:28:01,206:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    
    2022-01-03 07:28:01,214:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f55d2560a00> and installer <certbot.cli._Default object at 0x7f55d2560a00>
    2022-01-03 07:28:01,224:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 07:28:01,224:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 07:28:01,227:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 07:28:01,228:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 07:28:01,233:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 07:28:01,234:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 07:28:01,238:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 07:28:01,238:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 07:28:01,242:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 07:28:01,242:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 07:28:01,247:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 07:28:01,248:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 07:28:01,248:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1287, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 486, in handle_renewal_request
        raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    2022-01-03 12:38:15,226:DEBUG:certbot.main:certbot version: 0.40.0
    2022-01-03 12:38:15,227:DEBUG:certbot.main:Arguments: ['-q']
    2022-01-03 12:38:15,227:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2022-01-03 12:38:15,240:DEBUG:certbot.log:Root logging level set at 30
    2022-01-03 12:38:15,240:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2022-01-03 12:38:15,272:WARNING:certbot.renewal:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    2022-01-03 12:38:15,283:WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/admin.matrixcbs-server.hu-0001.conf is broken. Skipping.
    2022-01-03 12:38:15,284:DEBUG:certbot.renewal:Traceback was:
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 65, in _reconstitute
        renewal_candidate = storage.RenewableCert(full_path, config)
      File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__
        raise errors.CertStorageError(
    certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
    
    2022-01-03 12:38:15,310:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f35f08a8b80> and installer <certbot.cli._Default object at 0x7f35f08a8b80>
    2022-01-03 12:38:15,326:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 12:38:15,326:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 12:38:15,330:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 12:38:15,331:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 12:38:15,358:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 12:38:15,359:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 12:38:15,376:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 12:38:15,376:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 12:38:15,380:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 12:38:15,380:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 12:38:15,392:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 12:38:15,392:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 12:38:15,393:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 11, in <module>
        load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1287, in renew
        renewal.handle_renewal_request(config)
      File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 486, in handle_renewal_request
        raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
    certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
    #apt-cache policy certbot | grep -i Installed
    Installed: 0.40.0-1ubuntu0.1

    I have deleted it into the directory "/etc/letsencrypt/", because I tried modify the certificates. This could also be a problem.... I tried a million ideas..... :(

    Is it not possible to reinstall the mailer and certificates?
     
    Last edited: Jan 3, 2022
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I would ask what is in the broken config file, but what do you mean by
    You deleted the bad conf file? Or all the certificate files? Or all of /etc/letsencrypt?

    It's possible to reinstall things. Where are you at currently, having tried "a million" things? One option would be to purge certbot, rename /etc/letsencrypt/, reinstall certbot, then set up all your certificates again (run the installer as well as reissue for individual websites); if you go this route, keep in mind letsencrypt rate limits (ie. don't wipe and start again if you have so many sites to reissue you'll go over their limits).
     
    kalmarr likes this.
  7. kalmarr

    kalmarr New Member

    I am very beginner, but persistent :)

    I founded the all files.
    That's why I deleted the files, I trusted it to restore itself..

    Code:
    #ll /etc/letsencrypt/live
    drwxr-xr-x  2 root root 4096 Dec 21 22:17 admin.matrixcbs-server.hu/
    drwxr-xr-x  2 root root 4096 Dec 23 11:42 admin.matrixcbs-server.hu-0001/
    drwxr-xr-x  2 root root 4096 Dec 23 11:48 admin.matrixcbs-server.hu-0002/
    drwxr-xr-x  2 root root 4096 Dec 23 11:48 admin.matrixcbs-server.hu-0003/
    drwxr-xr-x  2 root root 4096 Dec 23 11:48 admin.matrixcbs-server.hu-0004/
    drwxr-xr-x  2 root root 4096 Nov 20 03:04 admin.matrixcbs-server.hu-0005/
    drwxr-xr-x  2 root root 4096 Nov 20 03:04 admin.matrixcbs-server.hu-0006/
    drwxr-xr-x  2 root root 4096 Nov 20 03:04 admin.matrixcbs-server.hu-0007/
    drwxr-xr-x  2 root root 4096 Dec 23 19:05 admin.matrixcbs-server.hu-0008/
    
    #ll renewal
    -rw-r--r--  1 root root  718 Sep 19 17:13  admin.matrixcbs-server.hu-0001.conf
    -rw-r--r--  1 root root  759 Sep 19 19:43  admin.matrixcbs-server.hu-0002.conf
    -rw-r--r--  1 root root  759 Sep 20 12:42  admin.matrixcbs-server.hu-0003.conf
    -rw-r--r--  1 root root  718 Sep 20 19:38  admin.matrixcbs-server.hu-0004.conf
    -rw-r--r--  1 root root  844 Nov 20 03:04  admin.matrixcbs-server.hu-0005.conf
    -rw-r--r--  1 root root  821 Nov 20 03:04  admin.matrixcbs-server.hu-0006.conf
    -rw-r--r--  1 root root  821 Nov 20 03:04  admin.matrixcbs-server.hu-0007.conf
    -rw-r--r--  1 root root  759 Dec 21 22:02  admin.matrixcbs-server.hu-0008.conf
    -rw-r--r--  1 root root  759 Jan  2 23:20  admin.matrixcbs-server.hu.conf
    
    ll archive
    drwxr-xr-x  2 root root 4096 Sep 18 14:55 admin.matrixcbs-server.hu/
    drwxr-xr-x  2 root root 4096 Sep 19 17:13 admin.matrixcbs-server.hu-0001/
    drwxr-xr-x  2 root root 4096 Sep 19 19:43 admin.matrixcbs-server.hu-0002/
    drwxr-xr-x  2 root root 4096 Sep 20 12:42 admin.matrixcbs-server.hu-0003/
    drwxr-xr-x  2 root root 4096 Sep 20 19:38 admin.matrixcbs-server.hu-0004/
    drwxr-xr-x  2 root root 4096 Nov 20 03:04 admin.matrixcbs-server.hu-0005/
    drwxr-xr-x  2 root root 4096 Nov 20 03:04 admin.matrixcbs-server.hu-0006/
    drwxr-xr-x  2 root root 4096 Nov 20 03:04 admin.matrixcbs-server.hu-0007/
    drwxr-xr-x  2 root root 4096 Dec 21 22:02 admin.matrixcbs-server.hu-0008/
    
    I guess there's no mistake

    Code:
    cat /var/log/letsencrypt/letsencrypt.log
    
    2022-01-03 23:41:24,060:DEBUG:certbot.main:certbot version: 0.40.0
    2022-01-03 23:41:24,060:DEBUG:certbot.main:Arguments: ['--agree-tos', '--non-interactive', '--expand', '--rsa-key-size', '4096', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--authenticator', 'webroot', '--webroot-path', '/usr/local/ispconfig/interface/acme', '--email', '[email protected]', '-d', 'admin.matrixcbs-server.hu', '--renew-hook', 'letsencrypt_renew_hook.sh']
    2022-01-03 23:41:24,060:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2022-01-03 23:41:24,070:DEBUG:certbot.log:Root logging level set at 20
    2022-01-03 23:41:24,070:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2022-01-03 23:41:24,074:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2022-01-03 23:41:24,075:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f9560e71f40>
    Prep: True
    2022-01-03 23:41:24,075:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f9560e71f40> and installer None
    2022-01-03 23:41:24,075:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
    2022-01-03 23:41:24,082:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/206900340', new_authzr_uri=None, terms_of_service=None), 0110bf74737187d9533beb531306b55d, Meta(creation_dt=datetime.datetime(2021, 9, 19, 17, 35, 47, tzinfo=<UTC>), creation_host='admin.matrixcbs-server.hu'))>
    2022-01-03 23:41:24,083:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
    2022-01-03 23:41:24,086:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
    2022-01-03 23:41:24,525:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
    2022-01-03 23:41:24,526:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Date: Mon, 03 Jan 2022 22:41:24 GMT
    Content-Type: application/json
    Content-Length: 658
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    {
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
      },
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
      "xlbjGxxR3NU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
    }
    2022-01-03 23:41:24,544:INFO:certbot.renewal:Cert not yet due for renewal
    2022-01-03 23:41:24,545:INFO:certbot.main:Keeping the existing certificate
    
    
    I have two errors.
    1. Not worikng the https://admin.matrixcbs-server.hu:8080 certificate.
    2. I don't know if there is a correlation.

    If I create new site with SSL. It working https perfect , but not working the SMTP. I can't use TLS (587) - "TLS Negotiation failed, the certificate doesn't match the host., code: 0"

    Code:
    #cat /var/log/mail.log
    Jan  4 00:00:11 admin postfix/submission/smtpd[9674]: connect from mail-ed1-f44.google.com[209.85.208.44]
    Jan  4 00:00:11 admin postfix/submission/smtpd[9674]: lost connection after STARTTLS from mail-ed1-f44.google.com[209.85.208.44]
    Jan  4 00:00:11 admin postfix/submission/smtpd[9674]: disconnect from mail-ed1-f44.google.com[209.85.208.44] ehlo=1 starttls=1 commands=2
    
    If I login "port 25" (unsecure port). The Google login my account, but I can't send mail.... I check the mail.log I can't see answer.....
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Try this (run as root):

    Code:
    cd /usr/local/ispconfig/interface/ssl
    rm ispserver.key ispserver.crt
    mv ispserver.crt-20211221213909.bak ispserver.crt
    mv ispserver.key-20211221213909.bak ispserver.key
    service apache2 restart
    service dovecot restart
    service postfix restart
    Then try to login to ispconfig to see if it shows a valid ssl cert now.

    Regarding mail system, take care to use admin.matrixcbs-server.hu as smtp/pop3/imap server name in your mail client for all email domains hosted on this server.
     

Share This Page