I have successfully installed and configure ISPConfig in my server. I have also configured a website in ISPConfig and it is working well. During the creation I did not enable Let's Encrypt. Later when I tried to enable Let's Encrypt I am getting error while issuing a certificate. I have enabled the debug logs in ISPConfig and it shows that "Verified domain XXX.XX should be reachable for letsencrypt." The website is working and when pinged the server from a system outside my network, it showed the correct IP of the server where the domain is hosted. What could be the issue? Info: ISPConfig: 3.2.2 OS: Ubuntu 20.04 Webserver: Apache Database: MySQL PHP Version: 7.4 Letsencrypt logs: Code: 2021-02-25 12:06:05,217:DEBUG:certbot.main:certbot version: 0.40.0 2021-02-25 12:06:05,217:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--webroot-map', '{"onewolf.in":"\\/usr\\/local\\/ispconfig\\/interface\\/acme","www.onewolf.in":"\\/usr\\/local\\/ispconfig\\/interface\\/acme"}'] 2021-02-25 12:06:05,217:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-02-25 12:06:05,223:DEBUG:certbot.log:Root logging level set at 20 2021-02-25 12:06:05,223:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2021-02-25 12:06:05,223:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2021-02-25 12:06:05,223:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f736ad35c10> Prep: True 2021-02-25 12:06:05,223:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f736ad35c10> and installer None 2021-02-25 12:06:05,223:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None 2021-02-25 12:06:05,227:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/113024633', new_authzr_uri=None, terms_of_service=None), 4c7e4d46ef21edb08677a334e35140b9, Meta(creation_dt=datetime.datetime(2021, 2, 17, 7, 0, 59, tzinfo=<UTC>), creation_host='mail.sumansa.com'))> 2021-02-25 12:06:05,227:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-02-25 12:06:05,228:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-02-25 12:06:06,418:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 2021-02-25 12:06:06,419:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 25 Feb 2021 06:36:06 GMT Content-Type: application/json Content-Length: 658 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "L7EaJgDovVU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2021-02-25 12:06:06,421:DEBUG:certbot.cert_manager:Renewal conf file /etc/letsencrypt/renewal/eden144.com.conf is broken. Skipping. 2021-02-25 12:06:06,422:DEBUG:certbot.cert_manager:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 382, in _search_lineages candidate_lineage = storage.RenewableCert(renewal_file, cli_config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__ raise errors.CertStorageError( certbot.errors.CertStorageError: renewal config file {} is missing a required file reference 2021-02-25 12:06:06,426:INFO:certbot.main:Obtaining a new certificate 2021-02-25 12:06:06,695:DEBUG:certbot.crypto_util:Generating key (4096 bits): /etc/letsencrypt/keys/0011_key-certbot.pem 2021-02-25 12:06:06,700:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0011_csr-certbot.pem 2021-02-25 12:06:06,700:DEBUG:acme.client:Requesting fresh nonce 2021-02-25 12:06:06,700:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2021-02-25 12:06:06,985:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2021-02-25 12:06:06,986:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 25 Feb 2021 06:36:06 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0004WIsQV9YEp0kwINHgK3TAx-6rkNbiJYxfeEOORFnf7PA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2021-02-25 12:06:06,988:DEBUG:acme.client:Storing nonce: 0004WIsQV9YEp0kwINHgK3TAx-6rkNbiJYxfeEOORFnf7PA 2021-02-25 12:06:06,989:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "onewolf.in"\n },\n {\n "type": "dns",\n "value": "www.onewolf.in"\n }\n ]\n}' 2021-02-25 12:06:07,008:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzMDI0NjMzIiwgIm5vbmNlIjogIjAwMDRXSXNRVjlZRXAwa3dJTkhnSzNUQXgtNnJrTmJpSll4ZmVFT09SRm5mN1BBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ", "signature": "GTIztZJxTPvsGP4FUU2PHnY1r4U0y0P5kCNPsNt5FLJS9IU9eX7AgclQ81ayEnSuy5pTLazieCLDjxYqiiTpWnCYZsSYx7jtp53qzVvzQpQ6ESi9giQ7jNWRaYFLhDwtUtB2C8en3Z78UY6TrXI3RoxlUtIIFvqCwj6tY7naR_SJzh9ts4_m3RxDDUdNzZcXrS-3iFmurDZNStk5EwaeBtNEbJWxv6yIRb1Xvr3gUVyxBnn9GxE1fChZS5kcXbCILiJ-1OV-bQud8JlhXnDaf_WRMpDD8rHieY4vVvIJEVZZyj0hqy13SfN8aLglYsPKStoUFHpEW_R2P0A3thkrv8t8Wv2q7nUNHgNPB3Ip5tnM8Uzq-G_qac86ZcmdvhSIJKXGYTkS_e7RzGa-Ivj9Je8Hov0gIyGIm1Qjix7CslIee8bp2cyXUHu_W1RnSlLCWdHUA6TWZUO-_Ed4YY9snPkMVLsJpPyefGL9uNkhvIRlQxSYcYXnA58SfNvg6L4gIe4dZcoa1XD5p3aNGfQCohKdQXh8YrRBl7YL7d9pELt99Y9HP76xoDAAwu9xPq2pX64bZ8eRr_CjaeZthq2R2N4vq3rQhNWjaMDT7RT0qsWf-iwX6XMIN4mhfzatz2eVr5BxYmwKmxHU2ckKnrWmhShGRdy4KoViRt7f4MD8KCw", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm9uZXdvbGYuaW4iCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAid3d3Lm9uZXdvbGYuaW4iCiAgICB9CiAgXQp9" } 2021-02-25 12:06:07,305:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 250 2021-02-25 12:06:07,306:DEBUG:acme.client:Received response: HTTP 429 Server: nginx Date: Thu, 25 Feb 2021 06:36:07 GMT Content-Type: application/problem+json Content-Length: 250 Connection: keep-alive Boulder-Requester: 113024633 Cache-Control: public, max-age=0, no-cache Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0004059vzgTo-CqJfTWM-_NjymKX904kytGXvjk2Zah8Dr8 { "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many certificates already issued for exact set of domains: onewolf.in,www.onewolf.in: see https://letsencrypt.org/docs/rate-limits/", "status": 429 } 2021-02-25 12:06:07,307:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/bin/letsencrypt", line 11, in <module> load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3/dist-packages/certbot/client.py", line 381, in _get_order_and_authorizations orderr = self.acme.new_order(csr_pem) File "/usr/lib/python3/dist-packages/acme/client.py", line 863, in new_order return self.client.new_order(csr_pem) File "/usr/lib/python3/dist-packages/acme/client.py", line 666, in new_order response = self._post(self.directory['newOrder'], order) File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post return self.net.post(*args, **kwargs) File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in post return self._post_once(*args, **kwargs) File "/usr/lib/python3/dist-packages/acme/client.py", line 1184, in _post_once response = self._check_response(response, content_type=content_type) File "/usr/lib/python3/dist-packages/acme/client.py", line 1042, in _check_response raise messages.Error.from_json(jobj) acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: onewolf.in,www.onewolf.in: see https://letsencrypt.org/docs/rate-limits/ 2021-02-25 12:06:07,310:ERROR:certbot.log:An unexpected error occurred: 2021-02-25 12:06:07,310:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: onewolf.in,www.onewolf.in: see https://letsencrypt.org/docs/rate-limits/ 2021-02-25 12:06:07,542:DEBUG:certbot.main:certbot version: 0.40.0 2021-02-25 12:06:07,542:DEBUG:certbot.main:Arguments: ['--domains', 'onewolf.in', '--domains', 'www.onewolf.in'] 2021-02-25 12:06:07,542:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-02-25 12:06:07,547:DEBUG:certbot.log:Root logging level set at 20 2021-02-25 12:06:07,547:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2021-02-25 12:06:07,547:WARNING:certbot.cert_manager:Renewal configuration file /etc/letsencrypt/renewal/eden144.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping. 2021-02-25 12:06:07,548:DEBUG:certbot.cert_manager:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 79, in certificates renewal_candidate = storage.RenewableCert(renewal_file, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 444, in __init__ raise errors.CertStorageError( certbot.errors.CertStorageError: renewal config file {} is missing a required file reference 2021-02-25 12:06:07,549:WARNING:certbot.cert_manager:Renewal configuration file /etc/letsencrypt/renewal/mail.sumansa.com.conf produced an unexpected error: fullchain does not match cert + chain for mail.sumansa.com!. Skipping. 2021-02-25 12:06:07,549:DEBUG:certbot.cert_manager:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/cert_manager.py", line 80, in certificates crypto_util.verify_renewable_cert(renewal_candidate) File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 221, in verify_renewable_cert verify_fullchain(renewable_cert) File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 324, in verify_fullchain raise e File "/usr/lib/python3/dist-packages/certbot/crypto_util.py", line 318, in verify_fullchain raise errors.Error(error_str) certbot.errors.Error: fullchain does not match cert + chain for mail.sumansa.com!
The log you posted contains details on several different certs, which domain is the one you refer to?
The domain mail.sumansa.com is the main domain where ISPConfig is configured. Onewolf.in is the domain where LetsEncrypt is unable to issue a certificate. I configured LetsEncrypt for the domain mail.sumansa.com during ISPConfig's installation but even that is also showing error. The installation of ISPConfig completed successfully and all the modules are functioning except 1)LetsEncrypt cannot issue certificates to any of the domain I create, and 2) I cannot access the ISPConfig's login page without ignoring the certificate warning.
Seems as if you have hit the rate limits for that domain, see this line in the log: Error creating new order :: too many certificates already issued for exact set of domains: onewolf.in,www.onewolf.in: see https://letsencrypt.org/docs/rate-limits/ Details can be found in the link that is included in the error message.
Ah, my bad, didn't notice that line. Thanks much. Any idea about "certbot.errors.Error: fullchain does not match cert + chain for mail.sumansa.com!" ?