Hello, I have installed a new webserver on my multiserver setup with Nginx. But Now I have this problem, when I activate SSL + Let's Encrypt I can see the cert is generated as it should, but Nginx fail to restart because a wrong path to cert, check this out: This is from my vhost (error file): Code: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /var/www/clients/client1/web673/ssl/hostname.domain.tld.crt; ssl_certificate_key /var/www/clients/client1/web673/ssl/hostname.domain.tld.key; This is what my SSL folder looks like with ls -l Code: lrwxrwxrwx 1 root root 58 okt 27 10:29 hostname.domain.tld-le.crt -> /etc/letsencrypt/live/hostname.domain.tld/fullchain.pem -r-------- 1 root root 3810 okt 27 10:29 hostname.domain.tld-le.crt.old.20161027102901 lrwxrwxrwx 1 root root 56 okt 27 10:29 hostname.domain.tld-le.key -> /etc/letsencrypt/live/hostname.domain.tld/privkey.pem -r-------- 1 root root 3272 okt 27 10:29 hostname.domain.tld-le.key.old.20161027102901 as you can see the file name is not a match, because file name is not the same as in vhost file: Vhost file: hostname.domain.tld.crt ssl folder: hostname.domain.tld-le.crt Any idea how I can solve this, or is this a bug in Ispconfig 3.1.1 ?
Please try to replace the lines: ssl_certificate <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt; ssl_certificate_key <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key; with ssl_certificate <tmpl_var name='ssl_crt_file'>; ssl_certificate_key <tmpl_var name='ssl_key_file'>; in /usr/local/ispconfig/server/conf/nginx_vhost.conf.master
I can confirm that I've met with the same issue, and your fix worked for me till, thank you! I'd be grateful if you could take a look into ISP source php files and correct it the way you suggested, because I've been wondering for months why ISP was generating wrong paths for my cert files. I'm not entirely sure why original solution works for some people, and doesn't for others, but your suggestion definitely fixed my issue, so thanks once again!
I will add the change for the bug introduced with the 3.1.1 release last week into GIT and make a patch release. That's impossible that you had this problem for weeks as the change in the code that required the above path change is in the ISPConfig code just since ISPConfig 3.1.1, so you could not had this issue before.
I have a similar problem with apache and ispconfig 3.1.1p1: Starting httpd: [Sat Oct 29 09:39:05 2016] [warn] The Alias directive in /etc/httpd/conf.d/squirrelmail.conf at line 5 will probably never match because it overlaps an earlier Alias. Syntax error on line 144 of /etc/httpd/conf/sites-enabled/domain.vhost: SSLCertificateFile: file '/var/www/clients/client/web/ssl/domain.crt' does not exist or is empty [FAILED] /usr/local/ispconfig/server/conf/vhost.conf.master: SSLCertificateFile <tmpl_var name='ssl_crt_file'> SSLCertificateKeyFile <tmpl_var name='ssl_key_file'> Non working generated .vhost-file: /etc/httpd/conf/sites-available/domain.vhost.err: SSLCertificateFile /var/www/clients/client/web/ssl/domain.crt SSLCertificateKeyFile /var/www/clients/client/web/ssl/domain.key SSLCACertificateFile /var/www/clients/client/web/ssl/domain.bundle /var/www/clients/client/web/ssl/domain-le.* files are generated correctly (with the appended -le causing the problem) Btw, great looking the new 3.1, good job, thank you Till & Co!!
Thank you for your help and you are right, my mistake! I had a vhost.conf.master overriding from the folder conf-custom to allow varnish's custom ports! I inserted the lines from the old template into the new and the certificates works crazy well! Wonderful =)