Dear Support I have updated ispconfig3.05-SP8 to 3.1.7p1, and working fine. I need use Let's Encrytp Certificates https://www.sofiha-isp.com.ar:8080/login/ I check from the control Panel in Sites over sofiha-isp.com.ar SSL and Let's Encrypt SSL, at first the checks are ok but If I close the session and LogIn again The Site sofiha-isp.com.ar the checks are missing, what's the wrong. I want check and add Let's Encrypt certificates for this Server Thanks for all Server mail.sofiha-isp.com.ar Domain: sofiha-isp.com.ar Document Root: /var/www/clients/client1/web1 And after that how to create and add certificate from the ISP Control Panel to this site? I'll appreciate your cooperation Nestor Mazza
If I only check SSL and then create the certificate with the ISPConfig control Panel with SSL create option under Sites SSL works fine but If I check Let's Encrypt SSL under Sites / Domain the check is missing after save and logout when I login again. How are the writes steps to use Let's Encrypt in this Server, Thanks Nestor Mazza
Please see Letsencrypt FAQ for the steps to find out why the certificate can't be created on the server: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ And ensure that you installed the certbot application on your server, without certbot, no Letsencrypt certificates!
Thanks! I'll see this link https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ Nestor Mazza
Package python-2.6.6-66.el6_8.x86_64 already installed and latest version Package python-devel-2.6.6-66.el6_8.x86_64 already installed and latest version Package mod_python-3.3.1-16.el6.x86_64 already installed and latest version Are ok ? or I need update Python to 2.7 and mod_python 3.5 such as IspConfig on Centos 7.3 Becasuse my letsencrypt.log says 2017-10-11 21:15:11,441EBUG:certbot.main:certbot version: 0.19.0 2017-10-11 21:15:11,441EBUG:certbot.main:Arguments: [] 2017-10-11 21:15:11,441EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2017-10-11 21:15:11,459EBUG:certbot.log:Root logging level set at 20 2017-10-11 21:15:11,459:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-10-11 21:15:11,462EBUG:certbot.plugins.selection:Requested authenticator None and installer None 2017-10-11 21:15:11,569EBUG:certbot_apache.configurator:Apache version is 2.2.15 2017-10-11 21:15:12,020EBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx): Traceback (most recent call last): File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/plugins/disco.py", line 130, in prepare self._initialized.prepare() File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot_nginx/configurator.py", line 150, in prepare raise errors.NoInstallationError NoInstallationError 2017-10-11 21:15:12,021EBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin - Beta Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x3879850> Prep: True 2017-10-11 21:15:12,021EBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x3879850> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x3879850> 2017-10-11 21:15:12,021:INFO:certbot.plugins.selectionlugins selected: Authenticator apache, Installer apache 2017-10-11 21:16:25,446EBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/main.py", line 861, in main return config.func(config, plugins) File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/main.py", line 690, in run le_client = _init_le_client(config, authenticator, installer) File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/main.py", line 479, in _init_le_client acc, acme = _determine_account(config) File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/main.py", line 363, in _determine_account config.email = display_ops.get_email() File "/opt/eff.org/certbot/venv/lib/python2.6/site-packages/certbot/display/ops.py", line 59, in get_email "An e-mail address or " Error: An e-mail address or --register-unsafely-without-email must be provided. Thanks Nestor Mazza
possible you need to run $certbot-auto and provide some input like an email-adress, but don't let this run cert-creation when it asks, cancel at that step. I think it was mentioned in the howtos.
Yes, I did the following https://www.howtoforge.com/tutorial...php-pureftpd-postfix-dovecot-and-ispconfig/2/ And the howto said Now we will add support for Let's encrypt. mkdir /opt/certbot cd /opt/certbot wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto Now run the certboot-auto command which will downlaod and install the software and it's dependencies. ./certbot-auto The command will then tell you that "no names were found in your configuration files" and asks if it shall continue, please chose "c" to cancel here as the certs will be created by ispconfig. Now if i check on https://www.ssllabs.com/ssltest/analyze.html?d=sofiha-isp.com.ar Certificate #1: RSA 4096 bits (SHA256withRSA) Server Key and Certificate #1 Subject sofiha-isp.com.ar Fingerprint SHA256: ebf8ca01a1e2f51f6120406b8cc7363fb2a39b30f103df1caa2d680e5b07f9b4 Pin SHA256: SJLbqY2TsoFB1Y28TbvAajqs/a9eWZjpDLaWZOEgsFs= Common names sofiha-isp.com.ar Alternative names sofiha-isp.com.ar www.sofiha-isp.com.ar Serial Number 0335e98536779d1d84e6354cbf55445ccdf6 Valid from Thu, 12 Oct 2017 00:25:09 UTC Valid until Wed, 10 Jan 2018 00:25:09 UTC (expires in 2 months and 28 days) Key RSA 4096 bits (e 65537) Weak key (Debian) No Issuer Let's Encrypt Authority X3 AIA: http://cert.int-x3.letsencrypt.org/ Signature algorithm SHA256withRSA Extended Validation No Certificate Transparency No OCSP Must Staple No Revocation information OCSP OCSP: http://ocsp.int-x3.letsencrypt.org Revocation status Good (not revoked) DNS CAA No (more info) Trusted Yes Additional Certificates (if supplied) Certificates provided 2 (2742 bytes) Chain issues None #2 Subject Let's Encrypt Authority X3 Fingerprint SHA256: 25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg= Valid until Wed, 17 Mar 2021 16:40:46 UTC (expires in 3 years and 5 months) Key RSA 2048 bits (e 65537) Issuer DST Root CA X3 Signature algorithm SHA256withRSA And Finally added CAA on my DNS Server, since some minutes ago. It seems looks fine, but I'm not shure. Any other consideration or just fine ? Thanks Nestor Mazza
Now I If I check again on https://www.ssllabs.com/ssltest/analyze.html?d=sofiha-isp.com.ar I can see DNS CAA Yes issue: letsencrypt.org Trusted Yes The DNS CAA Record is working fine
And let me one more question I have some domains since ispconfig3.05-SP8 without Let's Encrypt but now Must be create the SSL certificates for each Domain added when was ispconfig3.05-SP8 and now , the server is ispconfig3.1.7p1 when add a website the SSL Certificates for each Domain, IspConfig will create automatically or not ? Thanks for all Nestor Mazza
I don't know if that will work, maybe someone knowing the particular code for that can answer this question. If in doubt just disable and enable letsencrypt and it should defnitly work. btw. your site shows me good ssl cert aswell