Hi again. I have an interesting here. I have a domain, I'm setting up and I can't seem to get ispconfig to create the letsencrypt certificates for the website, or rather it creates the certs fine, but it won't link them to the site or change the vhost file. Here's the log: Code: 10.03.2019-19:47 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 10.03.2019-19:47 - DEBUG - Found 1 changes, starting update process. 10.03.2019-19:47 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 10.03.2019-19:47 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 10.03.2019-19:47 - DEBUG - Verified domain autoconfig.arcticfuzz.dk should be reachable for letsencrypt. 10.03.2019-19:47 - DEBUG - Verified domain autodiscover.arcticfuzz.dk should be reachable for letsencrypt. 10.03.2019-19:47 - DEBUG - Create Let's Encrypt SSL Cert for: autoconfig.arcticfuzz.dk 10.03.2019-19:47 - DEBUG - Let's Encrypt SSL Cert domains: --domains autoconfig.arcticfuzz.dk --domains autodiscover.arcticfuzz.dk 10.03.2019-19:47 - DEBUG - exec: /usr/local/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains autoconfig.arcticfuzz.dk --domains autodiscover.arcticfuzz.dk --webroot-path /usr/local/ispconfig/interface/acme Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal Keeping the existing certificate 10.03.2019-19:47 - DEBUG - Let's Encrypt Cert file: does not exist. 10.03.2019-19:47 - DEBUG - Add server alias: autodiscover.arcticfuzz.dk 10.03.2019-19:47 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/autoconfig.arcticfuzz.dk.vhost 10.03.2019-19:47 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web16.conf 10.03.2019-19:47 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'. 10.03.2019-19:47 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service 10.03.2019-19:47 - DEBUG - Apache status is: running 10.03.2019-19:47 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 10.03.2019-19:47 - DEBUG - Restarting httpd: systemctl restart apache2.service 10.03.2019-19:47 - DEBUG - Apache restart return value is: 0 10.03.2019-19:47 - DEBUG - Apache online status after restart is: running 10.03.2019-19:47 - DEBUG - Processed datalog_id 433 10.03.2019-19:47 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished. Any ideas?
The reason is that certbot missed adding the domains which are in this cert into the renewal file so ISPConfig can't find the right file: https://git.ispconfig.org/ispconfig/ispconfig3/issues/5258 The main problem is, we have 3 users which reported the issue until now but it is not reproducible on any server, several ISPConfig core developers tested the issue on their test and live systems and certbot did not fail. So the real problem is that we don't know yet why certbot 0.31 seems to fail on some systems and writes an incomplete config file.
Thanks Till. It's only on my new test setup, running Debian 9, that's doing this. Our main servers, running Debian 8 (all updated) works just fine... If I can provide any help, let me know.
May you please send me letsencrypt.log file for the creation of this domain's SSL cert by email to dev at ispconfig dot org? Then I can try to compare it with the log of my system.