Let's encrypt does not issue certificates (Resolved)

I will send you PM maybe with results, ok? Here we would put information about how to resolve this issue. Renewal is after each 60 days but cert life is 90 days?

 

One guy from Let's Encrypt Community suggested me:
"If you are proxying to a backend Node.js application, you will most likely need further Apache configuration toroute the/.well-known/acme-challengepath to a webroot location for use by Certbot."
If I will know more I will put information here. I suppose it will be useful for people.

 

Ok, so I probably have fix for this issue:
1. Check (literally) "webroot" in /etc/letsencrypt/renewal/website.com.conf. For ISP users it probably will look like below:

Code:

webroot_path = /usr/local/ispconfig/interface/acme

2. At the top of apache vhost paste:

Code:

Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
ProxyPassMatch ^/\.well-known !

3. How test is it working? You don't have to wait few months for renewal process which could fail or success. Create a test file and try to access it:

Code:

echo -n "Testing Alias and ProxyPassMatch" > /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test

Access is available through browser: https://website.com/.well-known/acme-challenge/test
or using command line:

Code:

curl -ikL https://website.com/.well-known/acme-challenge/test

If it is working browser/console should show "Testing Alias and ProxyPassMatch".
Once done we need to remove the test file:

Code:

rm /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test

I hope it will help users who have applications based on node.js and which are proxying from apache's vhost file to node app.

 

I tested this fix, and works well but there is one problem. After cert is renewed the Alias line disappear from vhost file of particular site. This same is with any custom lines added by user when check LE SSL and SSL checboxes (probably not only them but I change only this on website settings). Is it possible to save custom lines against any website changes under ISP?