Lets Encrypt on Ubuntu 14.04 & Nginx - ISPConfig 3

Discussion in 'General' started by CTS_AE, Mar 12, 2017.

  1. CTS_AE

    CTS_AE New Member

    I just wanted to make sure I do this the right way so I don't cause myself any more of a headache than SSL already tends to be.
    I've done the install here: https://certbot.eff.org/#ubuntutrusty-nginx
    But haven't yet taken any additional steps (I did try checking the box in ISPConfig, but it didn't do anything as I expected)
  2. CTS_AE

    CTS_AE New Member

    I guess it started working /shrug

    I dug into the logs here:

    Which then pointed to here:

    I have the certbot-auto installed at the root of my machine. I'm not sure what/which ISPConfig is using, but none the less it seems to be working properly.

    While it wasn't working it would continue to uncheck the "Let's Encrypt SSL" checkbox on the website's settings.

    I think what ended up fixing it is that I had several alias domains that were dead. After removing those and waiting for them to proc to the server (red bubble with the amount of jobs waiting to go through at the top right cleared out) Then I went in to my site and tried checking the "Let's Encrypt SSL" again. Waited for it to proc to the server and voila it looks to be working now! :)

    Hopefully my adventure can help someone out.
    ahrasis likes this.
  3. Egbert Jan

    Egbert Jan New Member

    Hi, also fighting with LE here. This is a standard "perfect server Ubuntu 16.04". I've installed a CAcert certificate to be able to run the default url (real servername: vps.vandenbussche.nl) with ssl. This works for ISPconfig on 8080, phpmyadmin and rouncube and after enabling "default_ssl.conf" the servers standard /var/www/html/index.html works too.
    Until now I had to stop Apache2, request LE certs with the build-in minimal webserver. Using the apache beta and webroot mechanisms fails.
    Has the problem to to with the default_ssl setting? There is no "stapling" configuration in default_ss.conf. Should I add that? I do not know all ins and outs of SNI / cert stapling... Pse advice! TIA!
    EgbertJan, NL
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    ISPConfig will use webroot, and there are some config lines in /etc/apache2/sites-enabled/000-ispconfig.conf (on debian jessie, probably ubuntu too ?) to make that work - check to make sure that is there.

    Yes, you probably should configure ssl stapling, but that's unrelated to getting letsencrypt to work.
  5. Egbert Jan

    Egbert Jan New Member

    I have added a "site" for the server itself and requested an LE cert for it. That workts fine but still I cannot just select LE and SSL on a newly created site. There is never a cert delivered, so ther must be something going wrong in the process. I'll try the logfiles but there is not much relavant there.
    I would like that the whole proces was more transparant and/or described in the ISP manual. I bought the manual 2 times now to find that it is not fully up-to-date and lacks examples. Most is repetitions of already published tekst blocks.
    Egbert Jan
  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Do ensure your site is already publicly accessible before ticking LE in ISPC, that means:
    1. Website is already created.
    2. DNS for it is already created and populated on web.
    3. People can access your website already.

Share This Page