This is a new web server addition to an existing multi server setup. Perfect Stretch: ISPC 3.1.6, Debian Stretch, Apache2, Mariadb. All seemed to be ok and I can create domains with access just fine. Tried to turn on LE SSL like I have on the other servers, but it didn't work and no log entries in /var/log/letsencrypt/letsencrypt.log on the new Stretch nor the main ISPC server. I noticed that I can't find certbot-auto in this new setup even though I see apt-get installed certbot and letsencrypt. Not sure if that means anything. Any ideas?
Please use the ISPConfig debug mode on the slave (enable it on the master for the slave and run server.sh on the slave) to find out why the certs do not get generated when you enable the LE checkbox of the site again. certbot-auto might not be installed, but you should find the program 'certbot' when LE is installed and that's the program that ISPConfig uses to request the SSL certs.
-found /usr/bin/cerbot, so it looks installed. -Debug on : /usr/local/ispconfig/server/server.sh DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. DEBUG - Found 1 changes, starting update process. DEBUG - Replicated from master: REPLACE INTO `web_domain`....(removed code) DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. DEBUG - mkdir failed: /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ WARNING - Could not verify domain domain.tld (actual domain name) website itself is accessible
This means that the domain is not reachable from the server. Most likely the server is behind a NAT router that blocks the requests. In such a case, enable the 'Skip LE Check' option under System > server config > web.
That worked! Thank you. I'll have to see what is blocked, I thought I had the same rules applied here but maybe I missed something.