Tried enabling Let's Encrypt during setup of ISPConfig 3.2 - Debian 10, and NGINX . - 1st. attempt: "Checking / creating certificate for net.mysite.com Using certificate path /etc/letsencrypt/live/net.mysite.com Server's public ip(s) (12.34.567.890, 3002:ipv6:edef) not found in A/AAAA records for net.mysite.com: Ignore DNS check and continue to request certificate? (y,n) [n]: y Could not issue letsencrypt certificate, falling back to self-signed. Generating RSA private key, 4096 bit long modulus (2 primes)" >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 2nd. attempt: Setup DNS 'A' & 'AAAA' Records for net.mysite.com. On net.mysite.com, setup site nginx config file for net.mysite.com in /etc/nginx/sites-available. Created sym link in /etc/nginx/sites-enabled. Put a test html in /var/www/html - Browser successfully displayed test index.html Installed ISPConfig 3.2 - letsencrypt found: 'A' & 'AAAA' Records but not: /usr/local/ispconfig/interface/acme/.well-known/acme-challenge "Could not issue letsencrypt certificate, falling back to self-signed. Generating RSA private key, 4096 bit long modulus (2 primes)" Gave up and did what I've done on Apache installs: Setup site and DNS for net.mysite.com per 'Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate' tutorial. (because install of 3.2 created sym links, did not do postfix or pure-ftpd) Now able to utilize SSL on https://net.mysite.com:8080 'Add New Site' mysite.com (because I want to use it) user@net:~$ sudo nginx -t nginx: [warn] conflicting server name "net.mysite.com" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "net.mysite.com" on [::]:80, ignored nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Also nginx error.log, an enormous amount of: 2021/03/13 18:50:11 [warn] 6527#6527: conflicting server name "net.mysite.com" on 0.0.0.0:80, ignored 2021/03/13 18:50:11 [warn] 6527#6527: conflicting server name "net.mysite.com" on [::]:80, ignored So I deleted Site & DNS for 'net.mysite.com' Added 'A' record 'net' in DNS of mysite.com Added Subdomain for website: host: net - No redirect Did: ln -s /var/www/clients/client1/web2/ssl/mysite.com-le.crt ispserver.crt (And the rest of it) Now able to utilize SSL on https://net.mysite.com:8080 using mysite.com But still: user@net:~$ sudo nginx -t nginx: [warn] conflicting server name "net.mysite.com" on 0.0.0.0:80, ignored nginx: [warn] conflicting server name "net.mysite.com" on [::]:80, ignored nginx: the configuration file /etc/nginx/nginx.conf syntax is ok And errors in nginx error.log Question 1: How to setup ISPConfig 3.2 and utilize Let's Encrypt during setup as it attempts to do? Question 2: Solve 'conflicting server name' errors and still use site 'mysite.com' Thanks - Your help would be appreciated.
Please read the (whole) read before posting: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ Your current post is not very readable because you missed using CODE tags for code. From what I understand, you created a vhost manually instead of letting ISPConfig do this. This will cause errors. There was a bug in versions prior to 3.2.3 which broke the issuance of certificates on install, this is fixed in 3.2.3.
Thanks for your reply. OS: Debian 10 - php7.3 Ispconfig: 3.2.3 Problem: Let's Encrypt does not install for server at the end of ISPConfig 3.2.3 setup. Got the following error from ISPConfig setup: "Checking / creating certificate for net.mysite.com Using certificate path /etc/letsencrypt/live/net.mysite.com Server's public ip(s) (12.34.567.890, 3002:ipv6:edef) not found in A/AAAA records for net.mysite.com: Ignore DNS check and continue to request certificate? (y,n) [n]: y Could not issue letsencrypt certificate, falling back to self-signed. Generating RSA private key, 4096 bit long modulus (2 primes)" After install of ISPConfig 3.2.3 Everything is functional, including Let's Encrypt. AS requested: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 14:18:52 up 5:33, 1 user, load average: 0.00, 0.02, 0.04 [INFO] memory: total used free shared buff/cache available Mem: 3.9Gi 1.6Gi 1.1Gi 90Mi 1.2Gi 1.9Gi Swap: 0B 0B 0B [INFO] systemd failed services status: 0 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.3 UNIT FILE STATE proc-sys-fs-binfmt_misc.automount static -.mount generated dev-hugepages.mount static dev-mqueue.mount static media-cdrom0.mount generated proc-sys-fs-binfmt_misc.mount static sys-fs-fuse-connections.mount static sys-kernel-config.mount static sys-kernel-debug.mount static var-www-clients-client1-web2-log.mount generated var-www-clients-client1-web4-log.mount generated var-www-clients-client2-web3-log.mount generated systemd-ask-password-console.path static systemd-ask-password-wall.path static session-12.scope transient session-387.scope transient session-87.scope transient amavis-mc.service generated amavis-snmp-subagent.service generated amavis.service generated amavisd-new.service generated amavisd-snmp-subagent.service generated apparmor.service enabled apt-daily-upgrade.service static apt-daily.service masked [email protected] enabled bind9-pkcs11.service disabled bind9-resolvconf.service disabled bind9.service enabled bootlogd.service masked bootlogs.service masked bootmisc.service masked checkfs.service masked checkroot-bootclean.service masked checkroot.service masked clamav-daemon.service enabled clamav-freshclam.service enabled console-getty.service disabled console-setup.service enabled [email protected] static cron.service enabled cryptdisks-early.service masked cryptdisks.service masked dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static Thanks for your help.
Again, please put such output in CODE tags as described in the read before posting. Have you created the DNS records for your hostname, at your nameservers?
Yes, because it said: Code: Server's public ip(s) (12.34.567.890, 3002:ipv6:edef) not found in A/AAAA records for net.mysite.com: I created DNS 'A' & 'AAAA' records for ip 12.34.567.890 - 'net.mysite.com' on another nameserver I have. Then to make sure they would resolve. I created the necessary nginx config files on net.mysite.com. I checked it out in a browser and it all worked. (got page: index.html from 'net.mysite.com') I reinstalled ISPConfig and at the end of installation instead of getting: "Server's public ip(s) (12.34.567.890, 3002:ipv6:edef) not found in A/AAAA records for net.mysite.com:" I got a statement saying that the A & AAAA records were found, but could not find '/usr/local/ispconfig/interface/acme/.well-known/acme-challenge' Thanks again
I tried it again using Godaddy Name Server. Waited overnight to make sure DNS had resolved. Checked DNS - OK - Did not create any vhost. Pinged IP, Server FQDN, AAAA IPv6 - All OK Also disabled firewall. Got the same result: Code: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: y Checking / creating certificate for net.mydomain.com Using certificate path /etc/letsencrypt/live/net.mydomain.com Server's public ip(s) (123.456.78.910, 2001:00: ipv6 :00:fe3f:cfc7) not found in A/AAAA records for net.mydomain.com: Ignore DNS check and continue to request certificate? (y,n) [n]: n Could not issue letsencrypt certificate, falling back to self-signed. Generating RSA private key, 4096 bit long modulus (2 primes) .................................++++ Server is up with ISPConfig - Everything is OK - Won't generate server Let's Encrypt Cert at setup. Again, Thanks for your help.
cloud.bumfuggled.com I have restarted the server with VULTR control panel, rebooted with ssh. Will shutdown, wait, and restart. Thanks
Yes from VULTR who tells you to update /etc/network/interfaces (iface ens3 inet static) with IP, netmask, gateway also has: 'dns-nameservers 108.61.10.10' in file? (don't know if this might cause problem) I also setup /etc/hosts & /etc/hostname per your tutorial. I can revert /etc/network/interfaces back to it's original content: Code: auto lo iface lo inet loopback allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet6 auto If you think it might fix it. Did not mention that I did an install on DigitalOcean of Ubuntu 20.04 - Apache and had the same problem with Cert creation on setup. They don't suggest any update of /etc/network/interfaces. Thanks again
My guess is you have auto subdomain www on, and have not created name service record for www. Code: $ host bumfuggled.com bumfuggled.com has address 137.220.58.164 bumfuggled.com has IPv6 address 2001:19f0:5c01:1822:5400:3ff:fe3f:cfc7 tale@ika ~ $ host www.bumfuggled.com Host www.bumfuggled.com not found: 3(NXDOMAI
Thanks for your reply. Because the error is for cloud.bumfuggled.com, I did not include a CNAME for www. Not sure about auto subdomain www because ther isn't any sites setup in ispconfig. Per your sugestion I added CNAME www, and just for the heck of it added A record: cloud.bumfuggled.com I ran ISPConfig setup again and it worked! How wonderful! Great improvement from 3.1 I think it might have been adding the A record 'cloud.bumfuggled.com' I thought it would pick up the server fqdn from 'cname cloud' but I don't know if that was the problem or cname www. New problem is I usualy setup server ip host names and the server domain for ns records. I don't know if I do this and use ns1.bumfuggled.com & ns2.bumfuggled.com will that screw up the server cert? If I don't, I assume I'll have to use ns31 & 32.domaincontrol.com when setting up any sites. Thanks for all your help in getting this working.