Hi guys, I want to test Lets encrypt in ISP COnfig v 3.1b2 but it seem, that doesn work. Maybe I do something wrong, but maybe it is caused by missing manual. I have new fresh install Debian 8 with new fresh installation ISP Conf 3.1b2 and try to use https on test website. I create test webpage (FQDN, create DNS record, which working fine) and in setting of this webpage I check "Lets encrypt SSL". But nothing happend. HTTPS doesnt work, no error in log. If I check again setting fot this test webpage there is not check "SSL" and "Lets Encrypt SSL". Do you have any idea what I do wrong or what can I check? Thank you Edit: Installation was done step by step under this manual https://www.howtoforge.com/tutorial...-8-4-jessie-apache-bind-dovecot-ispconfig-3-1
"test website". letsencrypt's use public DNS to check if u own the site. every one in the world can see your http://"test website"/.well-known/acme-challenge/ ?
Have you installed letsencrypt? Code: cd ~ wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto
After installation by Thaddeus manual it work well. It is strange, because I dont expect, that I must do something else than is in manual. So I think, that will be good add this step to installation manual. Thank you guys a lot.
@Nemis: This (or the old letsencrypt client which still works as well) is already part of all ISPConfig 3.1 installation tutorials.
(Debian Jessie) ISPConfig 3.1dev ( in esxi 6) =============================== so i did it the manual way , the interface is creating only self signed so i stopped apache2 , did standalone CLI , renamed key and cert in www.domain.tld.key and crt copied in /var/www/domain.tld/ssl/ the script is not working ...don`t know why can`t contact the site ..maybe it needed a directive or rights to inject the challenge in the webroot. i`ll search more but i can confirm : it`s not working from the interface . File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 247, in obtain_certificate self.config.allow_subset_of_names) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 74, in get_authorizations self._respond(resp, best_effort) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 131, in _respond self._poll_challenges(chall_update, best_effort) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 195, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. domain.tld (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested c1589b9b42bafdaa368da591026a288a.2fdee0525ffb49cc35e49d6b5933c613.acme.invalid from xxx.xxx.xxx.xxx:443. Received certificate containing '' ============== which dns certbot is using ? external or the dns from resolv.conf ? -----------------
certbot sends a request to the letsencrypt api/service, and that service uses external DNS to connect back to your server to validate that the request is made by someone controlling the domain's live website. Your resolv.conf file won't affect that external validation.
