lets encrypt does not work

Discussion in 'Installation/Configuration' started by pecka33, Feb 3, 2023.

  1. pecka33

    pecka33 Member

    Hello,

    i did install clear debian 11,after that i used autoinstaller for ispconfig. But i have a problem with lets encrypt.

    I have domain - domain.xy with hostname host.domain.xy
    I installed it and all working fine

    But letsencrypt for hostname not

    I can create website, enable lets encrypt and working

    But for my hostname no - for example host.domain.xy:80880, https://host.domain.xy/webmail/ etc

    what should i to do? I have another server and there is all working fine for ispconfig etc

    in ispconfig i create too website as host.domain.xy, enable lets encrypt - is enabled but still not working.

    In error log are not errors
     
    pecka33, Feb 3, 2023
    #1
  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    pyte, Feb 3, 2023
    #2
  3. pecka33

    pecka33 Member

    pecka33, Feb 3, 2023
    #3
  4. pyte

    pyte Well-Known Member HowtoForge Supporter

    Did you check "/var/log/ispconfig/acme.log"? Is the domain in question in there? Are there any errors in there? Does a folder with the domain in question exists in "/root/.acme.sh/"?
     
    pyte, Feb 3, 2023
    #4
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    No, the article clearly states within the first lines:
     
    pyte, Feb 3, 2023
    #5
  6. pecka33

    pecka33 Member

    Yes, domain folder is there and ssl too - le is active in ispconfig but does not working. When i add new domain and enable le working fine - tried to remove it and add again and not working for ispconfig
    Error log is empty - no errors. just records about created ssl.
    maybe i should tried A records for www too
     
    pecka33, Feb 3, 2023
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Run:

    ispconfig_update.sh --force

    You must choose nightly and not stable as the source for the update. Then let the updater reconfigure services and create a new SSL cert. The reason for this is a change in acme.sh which altered the location where certs are stored and we had to add a workaround in ISPConfig for this. See: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6458

    Please note, this is about the Let's encrypt SSL cert for the website only, it is not about creating certs for websites, which still works fine. if you have an issue with a website SSL cert, follow the Let's encrypt error FAQ. And as the FAQ clearly tells you at the beginning, you must have A-records for any domain in the cert, so if you have the website set to auto subdomain www, then you must have an A-record for www. And one more thing, in case you followed the article you posted a link to which tells you that following it will break your system as the guide is not compatible, then you must undo everything you did from this guide first.
     
    till, Feb 3, 2023
    #7
    pyte likes this.
  8. pecka33

    pecka33 Member

    Thank you till, i tried it before but nothing :(
    should i remove my hostname as website completetely?
     
    pecka33, Feb 3, 2023
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Do it again and take care that you choose the right software branch, it can not work when you use the default (stable) branch.

    You should not have added that site as it is known to break SSL with acme.sh for ISPConfig, that's why the guide warns you not to use it on an ISPConfig 3.2 server. Remove it now and rerun the update with nightly branch and post the output of the updater.
     
    till, Feb 3, 2023
    #9
  10. pecka33

    pecka33 Member

    Thank you. I completely remove my server. disks etc. and did new install debian 11 step by step by manual.
    After i did install of ispconfig by autoinstaller. All was installed without errors.
    But ssl still not working - i can create new domain - lets encrypt is generated and working fine
    bud still not working for my hostname - place where is ispconfig installed.
    In error logs i can not see any errors
    Code:
    [Fri 03 Feb 2023 12:54:52 PM CET] Lets find script dir.
[Fri 03 Feb 2023 12:54:52 PM CET] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri 03 Feb 2023 12:54:52 PM CET] _script='/root/.acme.sh/acme.sh'
[Fri 03 Feb 2023 12:54:52 PM CET] _script_home='/root/.acme.sh'
[Fri 03 Feb 2023 12:54:52 PM CET] Using default home:/root/.acme.sh
[Fri 03 Feb 2023 12:54:52 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:54:52 PM CET] Running cmd: issue
[Fri 03 Feb 2023 12:54:52 PM CET] _main_domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:52 PM CET] _alt_domains='no'
[Fri 03 Feb 2023 12:54:52 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:54:52 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:54:52 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:54:52 PM CET] DOMAIN_PATH='/root/.acme.sh/samantos.keyweb.cz_ecc'
[Fri 03 Feb 2023 12:54:52 PM CET] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:54:52 PM CET] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:54:52 PM CET] GET
[Fri 03 Feb 2023 12:54:52 PM CET] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:54:52 PM CET] timeout=
[Fri 03 Feb 2023 12:54:52 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:54:53 PM CET] ret='0'
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_NEW_AUTHZ
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 03 Feb 2023 12:54:53 PM CET] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:54:53 PM CET] _on_before_issue
[Fri 03 Feb 2023 12:54:53 PM CET] _chk_main_domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:53 PM CET] _chk_alt_domains
[Fri 03 Feb 2023 12:54:53 PM CET] Le_LocalAddress
[Fri 03 Feb 2023 12:54:53 PM CET] d='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:53 PM CET] Check for domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:53 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri 03 Feb 2023 12:54:53 PM CET] d
[Fri 03 Feb 2023 12:54:53 PM CET] config file is empty, can not read CA_KEY_HASH
[Fri 03 Feb 2023 12:54:53 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:54:53 PM CET] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:54:53 PM CET] length='ec-256'
[Fri 03 Feb 2023 12:54:53 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:54:53 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:54:53 PM CET] Use length 256
[Fri 03 Feb 2023 12:54:53 PM CET] Using ec name: prime256v1
[Fri 03 Feb 2023 12:54:53 PM CET] Create account key ok.
[Fri 03 Feb 2023 12:54:53 PM CET] EC key
[Fri 03 Feb 2023 12:54:53 PM CET] config file is empty, can not read CA_EAB_KEY_ID
[Fri 03 Feb 2023 12:54:53 PM CET] config file is empty, can not read CA_EAB_HMAC_KEY
[Fri 03 Feb 2023 12:54:53 PM CET] config file is empty, can not read CA_EMAIL
[Fri 03 Feb 2023 12:54:53 PM CET] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:54:53 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri 03 Feb 2023 12:54:53 PM CET] payload='{"termsOfServiceAgreed": true}'
[Fri 03 Feb 2023 12:54:53 PM CET] HEAD
[Fri 03 Feb 2023 12:54:53 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 03 Feb 2023 12:54:53 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Fri 03 Feb 2023 12:54:54 PM CET] _ret='0'
[Fri 03 Feb 2023 12:54:54 PM CET] POST
[Fri 03 Feb 2023 12:54:54 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri 03 Feb 2023 12:54:54 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:54:54 PM CET] _ret='0'
[Fri 03 Feb 2023 12:54:54 PM CET] code='201'
[Fri 03 Feb 2023 12:54:54 PM CET] Registered
[Fri 03 Feb 2023 12:54:54 PM CET] _accUri='https://acme-v02.api.letsencrypt.org/acme/acct/947044096'
[Fri 03 Feb 2023 12:54:54 PM CET] Calc CA_KEY_HASH='is8Evq2Tdy3kXZiAa39M5Rlgl156BdTaWxrNwBsZ3qw='
[Fri 03 Feb 2023 12:54:54 PM CET] ACCOUNT_THUMBPRINT='RkIODVmj8mEaPpV1WNHTk3nrlU4XTrJtuGYcUXAQTpM'
[Fri 03 Feb 2023 12:54:54 PM CET] Read key length:2048
[Fri 03 Feb 2023 12:54:54 PM CET] Creating domain key
[Fri 03 Feb 2023 12:54:54 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:54:54 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:54:54 PM CET] Use length 256
[Fri 03 Feb 2023 12:54:54 PM CET] Using ec name: prime256v1
[Fri 03 Feb 2023 12:54:54 PM CET] The domain key is here: /root/.acme.sh/samantos.keyweb.cz_ecc/samantos.keyweb.cz.key
[Fri 03 Feb 2023 12:54:54 PM CET] _createcsr
[Fri 03 Feb 2023 12:54:54 PM CET] Single domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:55 PM CET] Getting domain auth token for each domain
[Fri 03 Feb 2023 12:54:55 PM CET] d
[Fri 03 Feb 2023 12:54:55 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 03 Feb 2023 12:54:55 PM CET] payload='{"identifiers": [{"type":"dns","value":"samantos.keyweb.cz"}]}'
[Fri 03 Feb 2023 12:54:55 PM CET] POST
[Fri 03 Feb 2023 12:54:55 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 03 Feb 2023 12:54:55 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:54:55 PM CET] _ret='0'
[Fri 03 Feb 2023 12:54:55 PM CET] code='201'
[Fri 03 Feb 2023 12:54:55 PM CET] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/947044096/162642922996'
[Fri 03 Feb 2023 12:54:55 PM CET] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/947044096/162642922996'
[Fri 03 Feb 2023 12:54:55 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/200497481386'
[Fri 03 Feb 2023 12:54:55 PM CET] payload
[Fri 03 Feb 2023 12:54:55 PM CET] POST
[Fri 03 Feb 2023 12:54:55 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/200497481386'
[Fri 03 Feb 2023 12:54:55 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:54:56 PM CET] _ret='0'
[Fri 03 Feb 2023 12:54:56 PM CET] code='200'
[Fri 03 Feb 2023 12:54:56 PM CET] d='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:56 PM CET] Getting webroot for domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:56 PM CET] _w='/usr/local/ispconfig/interface/acme'
[Fri 03 Feb 2023 12:54:56 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri 03 Feb 2023 12:54:56 PM CET] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ","token":"AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs"'
[Fri 03 Feb 2023 12:54:56 PM CET] token='AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs'
[Fri 03 Feb 2023 12:54:56 PM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ'
[Fri 03 Feb 2023 12:54:56 PM CET] keyauthorization='AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs.RkIODVmj8mEaPpV1WNHTk3nrlU4XTrJtuGYcUXAQTpM'
[Fri 03 Feb 2023 12:54:56 PM CET] dvlist='samantos.keyweb.cz#AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs.RkIODVmj8mEaPpV1WNHTk3nrlU4XTrJtuGYcUXAQTpM#https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ#http-01#/usr/local/ispconfig/interface/acme'
[Fri 03 Feb 2023 12:54:56 PM CET] d
[Fri 03 Feb 2023 12:54:56 PM CET] vlist='samantos.keyweb.cz#AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs.RkIODVmj8mEaPpV1WNHTk3nrlU4XTrJtuGYcUXAQTpM#https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ#http-01#/usr/local/ispconfig/interface/acme,'
[Fri 03 Feb 2023 12:54:56 PM CET] d='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:56 PM CET] ok, let's start to verify
[Fri 03 Feb 2023 12:54:56 PM CET] Verifying: samantos.keyweb.cz
[Fri 03 Feb 2023 12:54:56 PM CET] d='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:54:56 PM CET] keyauthorization='AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs.RkIODVmj8mEaPpV1WNHTk3nrlU4XTrJtuGYcUXAQTpM'
[Fri 03 Feb 2023 12:54:56 PM CET] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ'
[Fri 03 Feb 2023 12:54:56 PM CET] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri 03 Feb 2023 12:54:56 PM CET] wellknown_path='/usr/local/ispconfig/interface/acme/.well-known/acme-challenge'
[Fri 03 Feb 2023 12:54:56 PM CET] writing token:AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/AKFU2HVXVmXKlMd8of1DNWM_3sOEPsRJG-2swqAZjLs
[Fri 03 Feb 2023 12:54:56 PM CET] Changing owner/group of .well-known to root:root
[Fri 03 Feb 2023 12:54:56 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ'
[Fri 03 Feb 2023 12:54:56 PM CET] payload='{}'
[Fri 03 Feb 2023 12:54:56 PM CET] POST
[Fri 03 Feb 2023 12:54:56 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ'
[Fri 03 Feb 2023 12:54:56 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:54:56 PM CET] _ret='0'
[Fri 03 Feb 2023 12:54:56 PM CET] code='200'
[Fri 03 Feb 2023 12:54:56 PM CET] trigger validation code: 200
[Fri 03 Feb 2023 12:54:56 PM CET] Pending, The CA is processing your order, please just wait. (1/30)
[Fri 03 Feb 2023 12:54:56 PM CET] sleep 2 secs to verify again
[Fri 03 Feb 2023 12:54:58 PM CET] checking
[Fri 03 Feb 2023 12:54:58 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ'
[Fri 03 Feb 2023 12:54:58 PM CET] payload
[Fri 03 Feb 2023 12:54:58 PM CET] POST
[Fri 03 Feb 2023 12:54:58 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/200497481386/XO8naQ'
[Fri 03 Feb 2023 12:54:58 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:54:59 PM CET] _ret='0'
[Fri 03 Feb 2023 12:54:59 PM CET] code='200'
[Fri 03 Feb 2023 12:54:59 PM CET] Success
[Fri 03 Feb 2023 12:54:59 PM CET] pid
[Fri 03 Feb 2023 12:54:59 PM CET] pid
[Fri 03 Feb 2023 12:54:59 PM CET] No need to restore nginx, skip.
[Fri 03 Feb 2023 12:54:59 PM CET] _clearupdns
[Fri 03 Feb 2023 12:54:59 PM CET] dns_entries
[Fri 03 Feb 2023 12:54:59 PM CET] skip dns.
[Fri 03 Feb 2023 12:54:59 PM CET] Verify finished, start to sign.
[Fri 03 Feb 2023 12:54:59 PM CET] i='2'
[Fri 03 Feb 2023 12:54:59 PM CET] j='8'
[Fri 03 Feb 2023 12:54:59 PM CET] Lets finalize the order.
[Fri 03 Feb 2023 12:54:59 PM CET] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/947044096/162642922996'
[Fri 03 Feb 2023 12:54:59 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/finalize/947044096/162642922996'
[Fri 03 Feb 2023 12:54:59 PM CET] payload='{"csr": "MIIBJzCBzgIBADAdMRswGQYDVQQDDBJzYW1hbnRvcy5rZXl3ZWIuY3owWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR_U4c0LVC5-K8vM9mMd5eVUZ_xw1tHazi6lIF3igwHzCRXs8J475fl438NppTS-tNN5g_RA7EoviZZ1S3wJk59oE8wTQYJKoZIhvcNAQkOMUAwPjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0RBBYwFIISc2FtYW50b3Mua2V5d2ViLmN6MAoGCCqGSM49BAMCA0gAMEUCIGCIbVJPuSKriQ6WwMMGDlczGFztuXIp1GnmK7-JSJUoAiEAlztlq1A1Ad_Wn-05QQ780-fSiPAqAPiGFvuLuHcFVc4"}'
[Fri 03 Feb 2023 12:54:59 PM CET] POST
[Fri 03 Feb 2023 12:54:59 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/947044096/162642922996'
[Fri 03 Feb 2023 12:54:59 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:55:00 PM CET] _ret='0'
[Fri 03 Feb 2023 12:55:00 PM CET] code='200'
[Fri 03 Feb 2023 12:55:00 PM CET] Order status is valid.
[Fri 03 Feb 2023 12:55:00 PM CET] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04b5ec7c680fc90e3bd4d76bb69bf1a780c7'
[Fri 03 Feb 2023 12:55:00 PM CET] Downloading cert.
[Fri 03 Feb 2023 12:55:00 PM CET] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04b5ec7c680fc90e3bd4d76bb69bf1a780c7'
[Fri 03 Feb 2023 12:55:00 PM CET] url='https://acme-v02.api.letsencrypt.org/acme/cert/04b5ec7c680fc90e3bd4d76bb69bf1a780c7'
[Fri 03 Feb 2023 12:55:00 PM CET] payload
[Fri 03 Feb 2023 12:55:00 PM CET] POST
[Fri 03 Feb 2023 12:55:00 PM CET] _post_url='https://acme-v02.api.letsencrypt.org/acme/cert/04b5ec7c680fc90e3bd4d76bb69bf1a780c7'
[Fri 03 Feb 2023 12:55:00 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:55:01 PM CET] _ret='0'
[Fri 03 Feb 2023 12:55:01 PM CET] code='200'
[Fri 03 Feb 2023 12:55:01 PM CET] Found cert chain
[Fri 03 Feb 2023 12:55:01 PM CET] _end_n='26'
[Fri 03 Feb 2023 12:55:01 PM CET] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04b5ec7c680fc90e3bd4d76bb69bf1a780c7'
[Fri 03 Feb 2023 12:55:01 PM CET] Cert success.
[Fri 03 Feb 2023 12:55:01 PM CET] Your cert is in: /root/.acme.sh/samantos.keyweb.cz_ecc/samantos.keyweb.cz.cer
[Fri 03 Feb 2023 12:55:01 PM CET] Your cert key is in: /root/.acme.sh/samantos.keyweb.cz_ecc/samantos.keyweb.cz.key
[Fri 03 Feb 2023 12:55:01 PM CET] The intermediate CA cert is in: /root/.acme.sh/samantos.keyweb.cz_ecc/ca.cer
[Fri 03 Feb 2023 12:55:01 PM CET] And the full chain certs is there: /root/.acme.sh/samantos.keyweb.cz_ecc/fullchain.cer
[Fri 03 Feb 2023 12:55:01 PM CET] _on_issue_success
[Fri 03 Feb 2023 12:55:01 PM CET] Lets find script dir.
[Fri 03 Feb 2023 12:55:01 PM CET] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri 03 Feb 2023 12:55:01 PM CET] _script='/root/.acme.sh/acme.sh'
[Fri 03 Feb 2023 12:55:01 PM CET] _script_home='/root/.acme.sh'
[Fri 03 Feb 2023 12:55:01 PM CET] Using default home:/root/.acme.sh
[Fri 03 Feb 2023 12:55:01 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:55:01 PM CET] Running cmd: installcert
[Fri 03 Feb 2023 12:55:01 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:55:01 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:55:01 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:55:01 PM CET] The domain 'samantos.keyweb.cz' seems to have a ECC cert already, lets use ecc cert.
[Fri 03 Feb 2023 12:55:01 PM CET] DOMAIN_PATH='/root/.acme.sh/samantos.keyweb.cz_ecc'
[Fri 03 Feb 2023 12:55:01 PM CET] Installing key to: /usr/local/ispconfig/interface/ssl/ispserver.key
[Fri 03 Feb 2023 12:55:01 PM CET] Installing full chain to: /usr/local/ispconfig/interface/ssl/ispserver.crt
[Fri 03 Feb 2023 12:55:01 PM CET] Running cmd: upgrade
[Fri 03 Feb 2023 12:55:01 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:55:01 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:55:01 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:55:01 PM CET] GET
[Fri 03 Feb 2023 12:55:01 PM CET] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Fri 03 Feb 2023 12:55:01 PM CET] timeout=
[Fri 03 Feb 2023 12:55:01 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:55:01 PM CET] ret='0'
[Fri 03 Feb 2023 12:55:01 PM CET] Already uptodate!
[Fri 03 Feb 2023 12:55:01 PM CET] Upgrade success!
[Fri 03 Feb 2023 12:55:01 PM CET] Running cmd: setdefaultca
[Fri 03 Feb 2023 12:55:01 PM CET] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:57:57 PM CET] Running cmd: setdefaultca
[Fri 03 Feb 2023 12:57:57 PM CET] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[Fri 03 Feb 2023 12:57:57 PM CET] Lets find script dir.
[Fri 03 Feb 2023 12:57:57 PM CET] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri 03 Feb 2023 12:57:57 PM CET] _script='/root/.acme.sh/acme.sh'
[Fri 03 Feb 2023 12:57:57 PM CET] _script_home='/root/.acme.sh'
[Fri 03 Feb 2023 12:57:57 PM CET] Using default home:/root/.acme.sh
[Fri 03 Feb 2023 12:57:57 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:57:57 PM CET] Running cmd: issue
[Fri 03 Feb 2023 12:57:58 PM CET] _main_domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:57:58 PM CET] _alt_domains='no'
[Fri 03 Feb 2023 12:57:58 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:57:58 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:57:58 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:57:58 PM CET] The domain 'samantos.keyweb.cz' seems to have a ECC cert already, lets use ecc cert.
[Fri 03 Feb 2023 12:57:58 PM CET] DOMAIN_PATH='/root/.acme.sh/samantos.keyweb.cz_ecc'
[Fri 03 Feb 2023 12:57:58 PM CET] Le_NextRenewTime='1680522901'
[Fri 03 Feb 2023 12:57:58 PM CET] _saved_domain='samantos.keyweb.cz'
[Fri 03 Feb 2023 12:57:58 PM CET] _saved_alt='no'
[Fri 03 Feb 2023 12:57:58 PM CET] _normized_saved_domains='no,samantos.keyweb.cz,'
[Fri 03 Feb 2023 12:57:58 PM CET] _normized_domains='no,samantos.keyweb.cz,'
[Fri 03 Feb 2023 12:57:58 PM CET] Domains not changed.
[Fri 03 Feb 2023 12:57:58 PM CET] Skip, Next renewal time is: 2023-04-03T11:55:01Z
[Fri 03 Feb 2023 12:57:58 PM CET] Add '--force' to force to renew.
[Fri 03 Feb 2023 12:58:45 PM CET] Running cmd: upgrade
[Fri 03 Feb 2023 12:58:45 PM CET] Using config home:/root/.acme.sh
[Fri 03 Feb 2023 12:58:45 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:58:45 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 03 Feb 2023 12:58:45 PM CET] GET
[Fri 03 Feb 2023 12:58:45 PM CET] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Fri 03 Feb 2023 12:58:45 PM CET] timeout=
[Fri 03 Feb 2023 12:58:45 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri 03 Feb 2023 12:58:45 PM CET] ret='0'
[Fri 03 Feb 2023 12:58:45 PM CET] Already uptodate!
[Fri 03 Feb 2023 12:58:45 PM CET] Upgrade success!
[Fri 03 Feb 2023 12:58:45 PM CET] Running cmd: setdefaultca
[Fri 03 Feb 2023 12:58:45 PM CET] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
    at all. i tried
    ispconfig_update.sh --force
    too with nightly and generate ssl during process - nothing changed
     
    pecka33, Feb 3, 2023
    #10
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, I guess you might have to remove the wrong SSL cert first using acme.sh command. run:

    acme.sh --remove

    and then choose to remove the cert for the hostname. Then run the ispconfig update again and let it create a new cert.
     
    till, Feb 3, 2023
    #11
  12. pecka33

    pecka33 Member

    At all, looks like that i can not use https://host.domain.cz:8080, https://host.domain.cz/webmail etc.
    Because lookls like there is generated self signed, not secure
    So this is right and i have to add exception in browser?
    ISPConfig is not secure with ssl, as a standard lets encrypt but only self signed?
     
    pecka33, Feb 3, 2023
    #12
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    There are self signed certs of course when you don't have a valid LE cert in place yet.
     
    till, Feb 3, 2023
    #13
  14. pecka33

    pecka33 Member

    Thanks. I think that when i do
    ispconfig_update.sh --force

    here will be generate auto lets encrypt and used - secure and not self signed.
    I will try remove ssl as you wrote
     
    pecka33, Feb 3, 2023
    #14
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not correct, you will get a LE cert when successful, as its not successful, you get a self-signed cert as all your server services would be down without that. So everything exactly as to be expected.
     
    till, Feb 3, 2023
    #15
  16. pecka33

    pecka33 Member

    Thank you! You are the best. I removed ssl by
    acme.sh --remove -d mydomain.cz

    and after that manually from directory root/acme..
     
    pecka33, Feb 3, 2023
    #16

Share This Page