Hello I Installed "Let's Encryprt" using debian installation ispconfig 3.1.2 debian 8.0 but I did not get the same screen where to answer Yes or No. I got different screens (apply to all domain (1,2,3,4,5,etc enter to all or c to cancel)). I hit enter to apply all and in the second screen (about use both http and https or only https) I chose both. All domains work with http. Https works only with www. (https://www.domain.tld) and not without www. (https://domain.tld). When you type https://domain.tld it redirects to http://www.doamin.tld . In addition, GUI "let's encrypt" is disabled. Nothing happens if it is enabled or disabled. How can I make this work properly?
This disabled all domais for https in ispconfig. You should have choosen no or cancel, depending on your LE version during install. Choosing a domain there instead will disable that domain for SSL use in ispconfig. To fix that, delete all domains and certs in letsencrypt, when all have been removed, then you can use ispconfig to get a new ssl cert.
Thank you for your prompt reply. How explain how to do that? I tried to do this: "Try to rename /etc/letsencrypt directory. mv /etc/letsencrypt /etc/letsencrypt_bak mkdir /etc/letsencrypt" After I did it, I was unable to reach ispconfig GUI panel. Am I doing something wrong?
Apache or nginx cannot restart without LE SSL that are specified in the vhost files. Therefore, after whole deletion of LE certs, you have to clean LE SSL code from your vhost files afterwards, since there is no longer any LE ssl certs to refer to. For ISPC to work again, you may need to run its update script and recreate its SSL. When you get your ISPC to work again, recreate LE SSL for it using this trick. Afterwards you can create LE SSL for other sites as well.
Ok, spo probably LE modified the vhost files itself, in that case you will have to clean them like ahrasis explained above. or you remove the symlinks in sites-enabled folder for all websites but not ispconfig, then you can login to ispconfig and activate le again for them which will also activate the sites again.
First of all thank you for the quick reply. I decided to follow Till's easy way. Please tell me if I'm doing something wrong. I removed all links domain.tld.vhost.le.ssl.conf and domain.tld.vhost from etc/apache2/site-enabled except 000-apps.vhost 000-ispconfig.conf ooo-ispconfig.vhost and rebooted the entire server. Ispconfig continued working. Without enabling LE in GUI, domains still work under http and https! When I enabled LE in GUI the only thing that happens it's to create under etc/apache/site-enabled a link 100-domain.tld.vhost . I'm still unable to manage Let's encrypt via GUI.
Read your LE log or post it in here. You could already reached its limit, so be a little more patient and wait for its to wear off.
Code: 2017-02-21 10:20:01,830:DEBUG:certbot.main:Root logging level set at 20 2017-02-21 10:20:01,830:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-02-21 10:20:01,831:WARNING:certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or$ 2017-02-21 10:20:01,831:DEBUG:certbot.cli:Deprecation warning circumstances: /root/.local/share/letsencrypt/bin/letsencrypt / {'LANG': 'en_US.UTF-8', 'SHELL': '/bin/sh', 'SHLVL': '3', 'PWD': '/usr/local/ispconfig/server', 'LOGNAME': 'ro$ 2017-02-21 10:20:01,831:DEBUG:certbot.main:certbot version: 0.11.1 2017-02-21 10:20:01,831:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', 'postmast$ 2017-02-21 10:20:01,832:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null) 2017-02-21 10:20:01,832:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2017-02-21 10:20:01,835:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f74ce5e0ad0> Prep: True 2017-02-21 10:20:01,836:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f74ce5e0ad0> and installer None 2017-02-21 10:20:01,840:DEBUG:certbot.main:Picked account: <Account(f481c95a9780018c7ce322704fe40979)> 2017-02-21 10:20:01,840:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2017-02-21 10:20:01,844:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-02-21 10:20:02,371:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352 2017-02-21 10:20:02,372:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 352 Boulder-Request-Id: YCr9-MfqJgjC8sHjRpshtObEH0zAOQPavGF4N251A7Q Replay-Nonce: gzKP3U1kE6XxB_9o7kbQd2gScd9tytlG2vKq1bc0bqU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 21 Feb 2017 10:20:02 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 21 Feb 2017 10:20:02 GMT Connection: keep-alive { "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } 2017-02-21 10:20:02,380:INFO:certbot.renewal:Cert not yet due for renewal 2017-02-21 10:20:02,380:INFO:certbot.main:Keeping the existing certificate
I guess you didn't follow what Till said or have restored your old LE SSL files created by certbot, since the files are still there and as such ISPC cannot do anything. Unless you are willing to follow the instructions given after doing a proper backup, you might not be able to use ISPC in creating and renewing your LE SSL files. The steps are: 1. Backup the relevant folders. 2. Delete all LE SSL files folder - Code: rm -rf /etc/letsencrypt/ 3. Delete all websites symlinks except for ISPC inside /etc/apache2/sites-enabled. 4. Restart apache2. If can restart, go to your browser. enter your ISPC and reactivate all your websites with SSL and LE options ticked, and save them. 5. If cannot restart, then try to reconfigure your ISPC via update: Code: cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/ php -q update.php
