Hi all, I decided to give a try to let's encrypt and I'm stuck since my ssl certs still not certified by my browsers. Here is my vhost conf : Code: server { listen *:80; listen *:443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /var/www/clients/client1/web2/ssl/mysite.com.crt; ssl_certificate_key /var/www/clients/client1/web2/ssl/mysite.com.$ server_name dokkan-battle.fr www.mysite.com; root /var/www/mysite.com/web/; index index.html index.htm index.php index.cgi index.pl index.xhtml; location ~ \.shtml$ { ssi on; } location / { try_files $uri $uri/ /index.php?$args; } error_page 400 /error/400.html; error_page 401 /error/401.html; error_page 403 /error/403.html; error_page 404 /error/404.html; error_page 405 /error/405.html; error_page 500 /error/500.html; error_page 502 /error/502.html; error_page 503 /error/503.html; recursive_error_pages on; location = /error/400.html { internal; } location = /error/401.html { internal; } location = /error/403.html { internal; } location = /error/404.html { internal; } location = /error/405.html { internal; } location = /error/500.html { internal; } location = /error/502.html { internal; } location = /error/503.html { internal; } error_log /var/log/ispconfig/httpd/dokkan-battle.fr/error.log; access_log /var/log/ispconfig/httpd/dokkan-battle.fr/access.log combine$ location ~ /\.(?!well-known/acme-challenge/) { deny all; access_log off; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location /stats/ { index index.html index.php; auth_basic "Members Only"; auth_basic_user_file /var/www/clients/client1/web2/web/stats/.htpas$ } location ^~ /awstats-icon { alias /usr/share/awstats/icon; } location ~ \.php$ { try_files /b2c7b6c43338a0442cc2544187e4dd51.htm @php; } location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/lib/php5-fpm/web2.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; } location /cgi-bin/ { try_files $uri =404; include /etc/nginx/fastcgi_params; root /var/www/clients/client1/web2; gzip off; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_index index.cgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location /\.well-known/acme-challenge { root /usr/local/ispconfig/interface/acme/.well-known/acme-challenge; } location /\.well-known/acme-challenge { root /usr/local/ispconfig/interface/acme/.well-known/acme-challenge; index index.html index.htm; try_files $uri =404; } } I can see my ssl certs on the ISP Site panel : and here the error.log of let's encrypt, which is pretty explicit : Code: Domain: mysite.com Type: unauthorized Detail: Invalid response from http://mysite.com/.well-known/acme-challenge/NsL74h1qE36xo_RbsRTKJSB5EA4TwP95cRfWfwUpXZo [62.210.239.108]: 404 Domain: www.mysite.com Type: unauthorized Detail: Invalid response from http://www.mysite.com/.well-known/acme-challenge/8H7okjrIamKhTkFSYoDNy-vQSk8VZIrBzcZV2OYJtKA [62.210.239.108]: 404 To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. 2016-04-26 21:57:11,401:INFO:letsencrypt.auth_handler:Cleaning up challenges 2016-04-26 21:57:11,402:DEBUG:letsencrypt.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/NsL74h1qE36xo_RbsRTKJSB5EA4TwP95cRfWfwUpXZo 2016-04-26 21:57:11,404:DEBUG:letsencrypt.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/8H7okjrIamKhTkFSYoDNy-vQSk8VZIrBzcZV2OYJtKA 2016-04-26 21:57:11,405:DEBUG:letsencrypt.plugins.webroot:Challenges cleaned up but /usr/local/ispconfig/interface/acme/.well-known/acme-challenge not empty 2016-04-26 21:57:11,407:DEBUG:letsencrypt.main:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 692, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 509, in obtain_cert _, action = _auth_from_domains(le_client, config, domains, lineage) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/main.py", line 93, in _auth_from_domains lineage = le_client.obtain_and_enroll_certificate(domains) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 274, in obtain_and_enroll_certificate certr, chain, key, _ = self.obtain_certificate(domains) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 246, in obtain_certificate self.config.allow_subset_of_names) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations self._respond(resp, best_effort) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 131, in _respond self._poll_challenges(chall_update, best_effort) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 195, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mysite.com/.well-known/acme-challenge/NsL74h1qE36xo_RbsRTKJSB5EA4TwP95cRfWfwUpXZo [62.210.XXX.XXX]: 404, www.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mysite.com/.well-known/acme-challenge/8H7okjrIamKhTkFSYoDNy-vQSk8VZIrBzcZV2OYJtKA [62.210.XXX.XXX]: 404 The folder .well-known/acme-challenge doesn't exist in my web folder. Is-it a bug with Ispcnfig beta version, let's encrypt and Nginx or a bad configuration ? Thanks!
As you can see in the vhst that you osted, this is a redirect and not a local folder of the website. So you dont have this folder? /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ As you can see in the debug log, both challenges existed there before ispconfig cleaned them up, so not sure why letsencryot sid that they did not exist. Please take a look into the access.log and error.log of that website to see if letsencrypt tred to access the tokens and which messages or errors got logged for the attempts there.
Hi till, the /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ folder exist with a file named "empty.dir" inside, that's all. When I check the error.log I can see a 404 not found related to the files which must be inside the repository. Hi Croydon, Thansk for the info, any way to solve this problem before he next 3.1 release come? If it will be released in one week or so I can wait for sure. If it's in 3 months, it will be more complicated.
Like Croydon posted, the issue has been solved already. Just run: ispconfig_update.sh and choose git-stable as update source to update your system.
Code: Select update method (stable,git-stable,git-master) [stable]: There are no updates available for ISPConfig 3.1b1
It works! Many thanks to you guys and this awesome free panel. Last question, I heard that Let's encrypt certificates got a 3 month availability, will ispconfig automatically regenerate the cert once this period end up ?