Hello- I've had problems with this in the past, but had somehow worked through them. Now I'm having this again. I am trying to host a website from my instance of ispconfig, and I want it to be secured with lets encrypt. I have created the website in the control panel, disabled the auto sub-domain 'www' by switching it to none. Then I enabled the "ssl" check box, waited for commit, and then enabled the "lets encrypt" check box. It fails every time and I have no idea what I'm missing. When I go to: monitor > show system log it displays this: Code: Let's Encrypt SSL Cert for: mydomain.com could not be issued. Code: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains mydomain.com --webroot-path /usr/local/ispconfig/interface... Any ideas?
I actually just realized that the problem is only happening with that domain name. I just have no idea how to figure out why. Here's what I have configured for the domain name: - 'A' type dns record named '@' with a value of 'my IP address' - 'CNAME' type dns record named 'www' with a value of '@' I believe that I have that configured correctly, am I right?
If you use Ubuntu 16.04 or you use still the old lets encrypt client and not certbot on your system, then install latest certbot version. Other possible reasons are that the domain is not pointing to the server yet in DNS or that you use redirects in that site which prebent that lets encrypt can access its verification token.
Thank you for the help! I am running Ubuntu 16.04 and after looking, I did indeed need to install certbot. I did so following these instructions: https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx. Is there anything else that I need to configure for this? I removed the proxy_pass that was originally in for that domain, and simply have it hosting the files that it creates from the start. The "Welcome to your website" with the green banner. Nothing in those pages should be re-directing at all. I also configured the DNS settings yesterday with the records that I mentioned above. Although there are other records, none of them point to other IP addresses other than my own.
No, just install certbot. Then try to get an LE cert issues trough ISPConfig, if it fails again, then look at the letsebcrypt.log file to find out why. If there is nothing in letsencrypt.log, then use ISPConfig debug mode to see if you can get further information why the cert can't get issued.