After following the Debian 8.4 perfect server instructions, I get this error: Code: [email protected]:/opt/certbot# ./certbot-auto Upgrading certbot-auto 0.9.3 to 0.10.1... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. [email protected]:/opt/certbot# Any Ideas? letsencrypt.log shows: Code: 2017-01-17 05:04:05,316:DEBUG:certbot.main:Root logging level set at 20 2017-01-17 05:04:05,317:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-01-17 05:04:05,317:DEBUG:certbot.main:certbot version: 0.10.1 2017-01-17 05:04:05,317:DEBUG:certbot.main:Arguments: [] 2017-01-17 05:04:05,318:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#web$ 2017-01-17 05:04:05,318:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None 2017-01-17 05:04:06,211:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#apache): There has been an error in parsing the file /etc/apache2/sites-available/xxxxxxxx$ Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 114, in prepare self._initialized.prepare() File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 191, in prepare self.check_parsing_errors("httpd.aug") File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/augeas_configurator.py", line 77, in check_parsing_errors raise errors.PluginError(msg) PluginError: There has been an error in parsing the file /etc/apache2/sites-available/xxxxxxxxx.vhost.err on line 102: Syntax error 2017-01-17 05:04:06,212:DEBUG:certbot.plugins.selection:No candidate plugin 2017-01-17 05:04:06,212:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
I ran this command: Code: rm /etc/apache2/sites-available/*.err and the problem went away. However then I get another screen that is not in the documentation: Code: [email protected]:/opt/certbot# ./certbot-auto Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- ... 51: www.xxxxxxxxx.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
However it is acting strange. I can't create the cert from the control panel. I click on the Lets Encrypt option under the website and save. When I go back and look the check marks are gone, and I get an email saying 17.01.2017-00:25 - WARNING - Let's Encrypt SSL Cert for: xxxxxxxx.com could not be issued. However I can create it manually running ./certbot-auto --apache and it works just fine, but never shows on the website tab.
When you create a cert with ./certbot-auto --apache manually then this domain name is blocked for SSL and you can not create a cert for it anymore in ispconfig. You will have to remove that domain from LE before it can be used with LE in ispconfig again.
I removed it with: rm -rf /etc/letsencrypt/archive/[sitename]/ rm -rf /etc/letsencrypt/live/[sitename]/ rm -rf /etc/letsencrypt/renewal/[sitename].conf and the apache definitions in sites-enabled. The tried to do it though the control panel but I get the same issue. The SSL and LetsENcrypt option become blank after it runs the process.
Then letsencrypt could not issue the cert. The reason should be listed in the letsencrypt log. Common issues are that a sub- or aliasdomain of the website is unreachable or that it is redirected in a way that letsencrypt can not reach its security token.
I did not say that it matters if a domain is a subdomain or not, I said that ispconfig will include all sub- and aliasdomains of a site into an ssl cert and if one of these is unreachable, then the cert creation must fail. Check the letsencrypt log to see which of the domains is unreachable.
For each sub/domain LE requires a CNAME or A record in the DNS. Not sure if wildcard DNS entries work.
