I installed certbot from debian 8 backports instead of manual way. Do i need to do any config with it or does ispconfig fix the rest? What does ispconfig do anyway? I found only symlinks in SSL folder pointing to /etc/letsencrypt/live/domain.some.tld after manually adding it with certbot.
The certbot package of the os shold work as well. ispconfig does the wholeprocess to create an ssl cert with letsencrypt, do not create certs for websites with letsencrypt manually as this may cause the process in ispconfig to fail later.
I manually removed the cert from /etc/letsencrypt and started over. ISPconfig created new ones there after i activate LetsEncrypt in gui, and symlinks to /SSL/, good. But the vhost is not updated to reflect this, how to troubleshoot ? I cant find any valid error log yet. Both SSL and LetsEncrypt is checked in the site, and the SSL gui shows the cert but empty textboxes.
Is this a single or multiserver setup? And See FAQ: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Single testserver, well letsencrypt seems to work, its just that the vhost does not get the SSL settings and show the 000-default-ssl.vhost instead of 900-testdomain.vhost (testdomain work and is valid in DNS). Resync did not help. Its an Apache 2.4, upgrade in the past from 2.2, could it be some old template "got stuck"? Services is reconfigured, twice. Should i try the Apache 2.2 trick anyway ?
Did a new testsite and that one worked as expected. So something strange in old testsite. I probaly should build a completly new testserver so i dont waste time chasing ghosts. Thanks for the help anyway with troubleshooting and narrowing in the fault.
Take a look at the /etc/apache2/sites-evailable/ folder. i there a vhost file for the site with .err file ending? If yes, then apache rejected the new configuration of the site. Remove the .err file extension from the file and restart apache to see the error message that causes apache to fail.
No errors there. That was first i checked. But something with that 3.1 cant upgrade an old already SSL site to LetsEncrypt instead.
Did you deleted the certs before you tried to enable letsencrypt? letsebcrpyt will not overwrite custom certs.
No but i deleted all certs after a while and LetsEncrypt does work, no problem there. This is a testsite so no problem, but lets hope other production sites that have SSL can convert to LetsEncrypt. I suppose that is already tried and should work. I dont have any more old testsite on that server so i cant confirm as a bug, need more test on production server now.
SOLVED. After changing Auto-Subdomain and SSL domain from: *. to: NONE or WWW it worked. Changing back to *. worked also, but in some cases ISPconfig just dont update the vhost, and its "stuck" so there might be a bug here.
Had a custumer on a production site, that have exactly same problem. He did install SSL selfmade cert first by misstake, and after that without delete it, he activated LetsEncrypt. (same as i did on the testserver) Changing auto-subdomain does not help in this case so im stuck. The vhost file does not include the SSL part. Its like ispconfig does not know that letsencrypt is activated, database error ? Activating LetsEncrypt first works as expected. So this must clearly be a bug in 3.1. So either block that its possible to create LetsEncrypt when there is an SSL cert already or better find the real cause.
