ISPConfig Version: 3.2.12p1 nginx webserver only. Code: wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210 --unattended-upgrades The server is behind a NAT and i have checked the "Skip Letsencrypt check" under System -> Server config -> server1.example.com -> Web. SSL is now working fine. However i noticed that the old sites are failed to load for a second or two when a new site creation is in task queue. i suspect it happens during let's encrypt setup for new site. is it normal? how to prevent this?
it's possible, it could just be the existing sites are briefly unavailable whilst nginx is reloaded/restarted to pick up the new vhost configuration changes. but that would normally be very quick, you would be quite unlucky, or attempting to repeatedly reload sites rapidly to make many requests at the exact point that nginx is reloading/restarting. if it is that, you would have to look into what's taking nginx such a noticeable amount of time to reload/restart. it's also possible that your NAT is keeping a health check on the nginx ports and notices a very brief interruption, but then creates a longer delay blocking connections until it's completed a successful health check on the nginx ports
NAT is perfectly working and there is no specific setup for any check. it is a simple forward with iptables. the connection get disconnected for a second so i am not sure if this is nginx reload. the main concern is having large users visiting the sites and creating multiple sites mean there would be frequent disconnections. update: i rechecked adding a non-ssl site and there was no disconnection, adding ssl enable site gives disconnected issue.
It can't be the reload of nginx then that's causing the disconnection because that reload happens with non-ssl too. Not sure what could cause the disconnect then. That is strange behavior if it happens with ssl only. Check the LE logs. Maybe somethings fails initially which causes the webservice to go down temporarily.
Here is the last few lines of the log file have change in domain/subdomain here. /var/log/ispconfig/acme.log Code: -----END CERTIFICATE-----' [Fri 14 Feb 2025 06:37:20 AM EST] Found cert chain [Fri 14 Feb 2025 06:37:20 AM EST] _end_n='35' [Fri 14 Feb 2025 06:37:20 AM EST] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04ec> [Fri 14 Feb 2025 06:37:20 AM EST] Cert success. [Fri 14 Feb 2025 06:37:20 AM EST] Your cert is in: /root/.acme.sh/ispssl.ns123.example.com/isps> [Fri 14 Feb 2025 06:37:20 AM EST] Your cert key is in: /root/.acme.sh/ispssl.ns123.example.com/> [Fri 14 Feb 2025 06:37:20 AM EST] The intermediate CA cert is in: /root/.acme.sh/ispssl.ns123.e> [Fri 14 Feb 2025 06:37:20 AM EST] And the full-chain cert is in: /root/.acme.sh/ispssl.ns123.ex> [Fri 14 Feb 2025 06:37:20 AM EST] Your pre-generated key for future cert key changes is in: /root/> [Fri 14 Feb 2025 06:37:21 AM EST] _on_issue_success [Fri 14 Feb 2025 06:37:21 AM EST] '' does not contain 'dns' [Fri 14 Feb 2025 06:37:21 AM EST] Let's find the script directory. [Fri 14 Feb 2025 06:37:21 AM EST] _SCRIPT_='/root/.acme.sh/acme.sh' [Fri 14 Feb 2025 06:37:21 AM EST] _script='/root/.acme.sh/acme.sh' [Fri 14 Feb 2025 06:37:21 AM EST] _script_home='/root/.acme.sh' [Fri 14 Feb 2025 06:37:21 AM EST] Using default home: /root/.acme.sh [Fri 14 Feb 2025 06:37:21 AM EST] Using config home: /root/.acme.sh [Fri 14 Feb 2025 06:37:21 AM EST] LE_WORKING_DIR='/root/.acme.sh' [Fri 14 Feb 2025 06:37:21 AM EST] Running cmd: installcert [Fri 14 Feb 2025 06:37:21 AM EST] Using config home: /root/.acme.sh [Fri 14 Feb 2025 06:37:21 AM EST] default_acme_server='https://acme-v02.api.letsencrypt.org/direct> [Fri 14 Feb 2025 06:37:21 AM EST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Fri 14 Feb 2025 06:37:21 AM EST] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Fri 14 Feb 2025 06:37:21 AM EST] _ACME_SERVER_PATH='directory' [Fri 14 Feb 2025 06:37:21 AM EST] DOMAIN_PATH='/root/.acme.sh/ispssl.ns123.example.com' [Fri 14 Feb 2025 06:37:21 AM EST] Installing key to: /var/www/clients/client0/web6/ssl/ispssl.ns55> [Fri 14 Feb 2025 06:37:21 AM EST] Installing full chain to: /var/www/clients/client0/web6/ssl/isps> [Fri 14 Feb 2025 06:37:21 AM EST] Running reload cmd: systemctl force-reload nginx.service [Fri 14 Feb 2025 06:37:21 AM EST] Reload successful i think the ssl connection get a refresh with change in some header/cookies so it get disconnected? i am not sure. @till could you help?
