Lets Encrypt not working in 3.1

Discussion in 'Developers' Forum' started by mattltm, Jul 7, 2016.

  1. mattltm

    mattltm Member

    I'm having a play with 3.1 and I can't seem to get LetsEncrypt working.
    I've created a new site, checked that the DNS is working and checked the "SSL" and "Let's Encrypt SSL" options but I can't access the site using HTTPS.
    I can't see any errors in the log and I can't see anywhere to set any other LetsEncrypt options.
    Have I missed anything?
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Nope, that's it. What version of 3.1 are you running (beta1, beta2, git)? And how did you install letsencrypt?
     
  3. mattltm

    mattltm Member

  4. mattltm

    mattltm Member

    Also tried git-stable with no success.
     
  5. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I think 3.1b1 had a bug you may be hitting, try disabling letsencrypt, wait a minute (so ispconfig cron jobs run), then enable it again.
     
  6. mattltm

    mattltm Member

    Thanks Jesse.
    Now on git-stable. I check "SSL" and Letsencrypt SSL", and save the site. After about 5 minutes it still won't load on https and when I check the site in ISPconfig, the boxes are unchecked.
     
  7. mattltm

    mattltm Member

    Right. took a look in the log and its trying to create a cert for www.www.domain.com
    If I set "Auto Subdomain" to "None" then it works.
     
  8. hnn

    hnn New Member

    Don't forget to file a bug about that.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess there is no bug here. He told letsenycrpt to create an ssl cert for a subdomain www.www.domain.tld and missed to create a dns record for that third level subdomain and therefore letsenycrpt was not able to create the cert as letsencrypt tries to reach all domains that shall be in the ssl cert. auto subdomain www means "add a subdomain www to the domain of the site" so when he used www.domain.tld in the website domain instead of the usual domain.tld and then enabled auto subdomain www, then the site has the domains www.domain.tld and www.www.domain.tld assigned and when you create an SSL cert for that, then both domains must exist in dns. He corrected this in the right way by disabling the www auto subdomain. Personally, I would have corrected it in the way to change domain from www.domain.tld to domain.tld and leave auto subdomain www on.
     
  10. How can one troubleshoot?
    I am able to run certbot successfully through the command line (./certbot-auto as specified in the centos perfect server tutorial) but ISPconfig 3.1b2 can't use it.
    The lets encrypt function doesn't work.
    Is there a way I can find out what the problem is in ISPconfig?
    Thanks!
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

  12. I did that but no output.
    Had to delete the server again and start over.
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you probably did not set the log level to debug in ISPConfig for this server node as there is always output when debug is enabled.
     
  14. mattltm

    mattltm Member

    Thanks Till, but no. I did not set the main record to be www.domain.com. I set the domain as domain.com. Then I set auto subdomain to www (so it should have been www.domain.com). Then Letsencrypt reported that it was creating a certificate for www.www.domain.com. When I removed auto subdomain, Letsencrypt created a certificate for domain.com. So it looks like Letsencrypt was adding the extra www.

    Hope that is clearer.
     
  15. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I believe ispconfig adds the 'www' subdomain and requests multiple names in the cert, it's not added byt letsencrypt. Sounds like a bug if it's reproducable by anyone else. I'll try to test it soon, but I did install letsencrypt differently (I used the package in jessie-backports).
     
  16. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I tested letsencrypt on 3.1 git-stable as of July 06, and don't see a problem. This domain was running without ssl, with Auto-Subdomain was set to www - I simply enabled the two checkboxes, did a bit of troubleshooting to find I had an error in Apache AllowOverride that prevented the vhost from updating, fixed that, and https was working with correct certificate after the next cron update.
     
    till likes this.
  17. freeline

    freeline New Member

    Same here, certificate was generated without problems.
     
  18. d4kr

    d4kr New Member

    Hi have the same problem (Ubuntu 16.04, followed the guide), if I have auto-subdomain enabled letsencrypt doesn't work on my l2 domain. Without it works.
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Letsencrypt tries to reach aöö domains of this website and their subdomains, if one is not pointing to this server in dns, then the letsencrypt cert can not be issued. Check your dns records and ensure that you don't miss a domain or subdomain.
     

Share This Page