Let's Encrypt not installing

Discussion in 'Installation/Configuration' started by fbarcenas, Jan 17, 2017.

  1. fbarcenas

    fbarcenas Member

    After following the Debian 8.4 perfect server instructions, I get this error:
    Code:
    root@mx:/opt/certbot# ./certbot-auto
    Upgrading certbot-auto 0.9.3 to 0.10.1...
    Replacing certbot-auto...
    Creating virtual environment...
    Installing Python packages...
    Installation succeeded.
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
    root@mx:/opt/certbot#
    Any Ideas?
    letsencrypt.log shows:
    Code:
    2017-01-17 05:04:05,316:DEBUG:certbot.main:Root logging level set at 20
    2017-01-17 05:04:05,317:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2017-01-17 05:04:05,317:DEBUG:certbot.main:certbot version: 0.10.1
    2017-01-17 05:04:05,317:DEBUG:certbot.main:Arguments: []
    2017-01-17 05:04:05,318:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#web$
    2017-01-17 05:04:05,318:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
    2017-01-17 05:04:06,211:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#apache): There has been an error in parsing the file /etc/apache2/sites-available/xxxxxxxx$
    Traceback (most recent call last):
      File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 114, in prepare
        self._initialized.prepare()
      File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 191, in prepare
        self.check_parsing_errors("httpd.aug")
      File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/augeas_configurator.py", line 77, in check_parsing_errors
        raise errors.PluginError(msg)
    PluginError: There has been an error in parsing the file /etc/apache2/sites-available/xxxxxxxxx.vhost.err on line 102: Syntax error
    2017-01-17 05:04:06,212:DEBUG:certbot.plugins.selection:No candidate plugin
    2017-01-17 05:04:06,212:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
     
  2. fbarcenas

    fbarcenas Member

    I ran this command:
    Code:
    rm /etc/apache2/sites-available/*.err
    and the problem went away. However then I get another screen that is not in the documentation:
    Code:
    root@mx:/opt/certbot# ./certbot-auto
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    
    Which names would you like to activate HTTPS for?
    -------------------------------------------------------------------------------
    ...
    51: www.xxxxxxxxx.com
    -------------------------------------------------------------------------------
    Select the appropriate numbers separated by commas and/or spaces, or leave input
    blank to select all options shown (Enter 'c' to cancel):
    
     
  3. fbarcenas

    fbarcenas Member

    Looks like it's working now.
     
  4. fbarcenas

    fbarcenas Member

    However it is acting strange. I can't create the cert from the control panel. I click on the Lets Encrypt option under the website and save. When I go back and look the check marks are gone, and I get an email saying
    17.01.2017-00:25 - WARNING - Let's Encrypt SSL Cert for: xxxxxxxx.com could not be issued.

    However I can create it manually running ./certbot-auto --apache and it works just fine, but never shows on the website tab.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    When you create a cert with ./certbot-auto --apache manually then this domain name is blocked for SSL and you can not create a cert for it anymore in ispconfig. You will have to remove that domain from LE before it can be used with LE in ispconfig again.
     
  6. fbarcenas

    fbarcenas Member

    I removed it with:
    rm -rf /etc/letsencrypt/archive/[sitename]/
    rm -rf /etc/letsencrypt/live/[sitename]/
    rm -rf /etc/letsencrypt/renewal/[sitename].conf
    and the apache definitions in sites-enabled.
    The tried to do it though the control panel but I get the same issue. The SSL and LetsENcrypt option become blank after it runs the process.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Then letsencrypt could not issue the cert. The reason should be listed in the letsencrypt log. Common issues are that a sub- or aliasdomain of the website is unreachable or that it is redirected in a way that letsencrypt can not reach its security token.
     
  8. fbarcenas

    fbarcenas Member

    It is a subdomain, but why would that not matter when I do it manually?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    I did not say that it matters if a domain is a subdomain or not, I said that ispconfig will include all sub- and aliasdomains of a site into an ssl cert and if one of these is unreachable, then the cert creation must fail. Check the letsencrypt log to see which of the domains is unreachable.
     
    fbarcenas likes this.
  10. fbarcenas

    fbarcenas Member

    I turned auto-subdomain off, as the site has no aliases. Then it all seems to work. Thanks!
     
  11. sjau

    sjau Local Meanie Moderator

    For each sub/domain LE requires a CNAME or A record in the DNS. Not sure if wildcard DNS entries work.
     

Share This Page