Let's encrypt log nook

Discussion in 'Server Operation' started by Barragán Louisenbairn, Jan 21, 2021.

  1. Hello again:
    I spent two days to understand (and check it wisely) I forgot to add acme.sh when I run my installation, so I followed this guide:
    https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

    My ISPConfig website is up and running, responding on 8080 port.
    My "user website" is up and running responding on 80 port. DNS changed to point server IP on the registar.
    The command `hostname -f` gives me the full URL of my server (servername.companyname.ext)
    I forgot to add acme.sh in my first installation (cloudflare option). But I decided to try Let's Encrypt. So I used the wget command to install acme and then runned ispconfig_update.sh with reconfigure_services=yes to try to add a cert. My server URL port 80 is not responding (that's normal, it's running on 8080) so the update forces me to create a self-signed cert. Now my ISPConfig URL runs on https but with warnings of self-signed cert.

    After that I selected in the ISPConfig panel the options SSL and Let's Encrypt options for my "user website" (userURL.com). The process finished without errors or warnings.

    I checked my userURL.com and is working without SSL. I checked my https://userURL.com and it tells me the error : ERR_CONNECTION_REFUSED

    I readed https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ but my server doesn't have the folder /var/log/letsencrypt

    I runned the command openssl s_client -servername example.io -connect example.io:443 </dev/null
    The result:
    139855801173120:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
    139855801173120:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
    connect:errno=111

    Any idea to check what's happening here?

    EDIT 1 : first guess: should the acme.sh be installed by the root user? because as I can see that didn't happen in my system:
    #LOG_FILE="/home/not_root_user/.acme.sh/acme.sh.log"

    EDIT 2: same result after reinstalling acme.sh with a previous "sudo su" command, then re-updating ISPConfig, then try to create the SSL and Let'sEncrypt config for my "userURL.com"
     
    Last edited: Jan 21, 2021
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    acme.sh is installed when installing ISPConfig, if certbot is missing. Did you run
    Code:
    su -
    when doing the install, as described in the guide?
     
  3. I reinstalled all the ISPConfig from scratch only to avoid that posibility. I will tell you today or tomorrow if that worked.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    This guide is not compatible with latest ISPConfig versions and especially not compatible with acme.sh, so please don't use it as the setup must fail when its being used. ISPConfig creates the cert for the GUI and other services on its own now during install.
     
  5. In that case, any idea why during my installation this is happening?
    Maybe this guide is outdated too: https://www.howtoforge.com/perfect-server-debian-10-nginx-bind-dovecot-ispconfig-3.1/

    (I used the expert option here, but the same result with the normal one too)

    Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: y
    Checking / creating certificate for server.domain.ext
    Using certificate path /etc/letsencrypt/live/server.domain.ext
    sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file
    Using nginx for certificate validation
    Issuing certificate seems to have succeeded but /usr/local/ispconfig/interface/ssl/ispserver.crt seems to be missing. Falling back to self-signed.
     
  6. well, after install certbot all worked magically. Except the https on my user website, but now I have logs to work with.
     

Share This Page