I go to SSL tab and selected action delete certificate (I had trial cert on month which expired) and screen shows empty fields after run delete cert action, then I go to Domain tab and checked Let's Encrypt SSL checkbox (SSL checkbox was checked because I used trial cert). But after I leave Sites tab Let's Encrypt SSL checkbox is unchecked. I should uncheck Rewrite HTTP to HTTPS under Redirect tab too because - another way - website won't work. Under file /etc/apache2/sites-enabled/website.vhost I haven't <VirtualHost *:443> which enable ssl cert etc. I am affraid that something not working (Let's Encrypt SSL option in ISP?). Need help with this, because site need to have certificate. Besides should I install something to get Let's Encrypt SSL option work? I saw some topics and somewhere were informations about e.x. /etc/letsencrypt directory. I haven't it. PS I used this tutorial https://www.howtoforge.com/tutorial...4-jessie-apache-bind-dovecot-ispconfig-3-1/2/ but after run command ./certbot-auto I haven't window on blue screen but: (after reading repositories and install packages) Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: domain.pl 2: www.domain.pl ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):[email protected] ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for domain.pl tls-sni-01 challenge for www.domain.pl Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem Created an SSL vhost at /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf Enabling available site: /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf Error while running apache2ctl configtest. Action 'configtest' failed. The Apache error log may have more information. AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:69 AH00526: Syntax error on line 73 of /etc/apache2/sites-enabled/domain.pl.vhost-le-ssl.conf: FastCgiExternalServer: redefinition of previously defined class "/var/www/clients/client1/web1/cgi-bin/php5-fcgi-*-80-domain.pl" Rolling back to previous server configuration... Error while running apache2ctl configtest. Action 'configtest' failed. The Apache error log may have more information. AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:69 AH00526: Syntax error on line 73 of /etc/apache2/sites-enabled/domain.pl.vhost-le-ssl.conf: FastCgiExternalServer: redefinition of previously defined class "/var/www/clients/client1/web1/cgi-bin/php5-fcgi-*-80-domain.pl" IMPORTANT NOTES: - We were unable to install your certificate, however, we successfully restored your server to its prior configuration. - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/domain.pl/fullchain.pem. Your cert will expire on 2017-04-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
I guess you did not select cancel during LE install as described in the ispconfig instructions. If you would select your domain name instead of cancel, then you will not be able to use LE anymore for this domain in ISPConfig and LE will try to create a file with the name ......-le-ssl.conf which causes apache to fail.
Thanks for reply. Unfortunatelly I used old tutorial for ISP installation on Ubuntu 14.04. There wasn't information about LE installation. :/ Today my website lost certificate so I tried install cert from LE and then I found out that I need install something. So I checked how to do it in another tutorial (howtoforge, perfect server, isp 3.1 on debian 8.4). But while installation process download and install all needed dependencies and packages I got error which I paste above. I tried without putting any domain name. Then installation script will failed like I paste above. So when I start LE installation script again and put 'c' instead of domain name lets encrypt will install and checkbox under ISP will work and cert will update automatically for my website?
You will have to find where LE stored this cert and remove all domain specific LE config and the cert from there to be able to create it in ispconfig. After that you should be able to create the cert by clicking the le checkbox in the website settings.
Thank you Till, I will check this fix and post message here. Btw do You know maybe how to update apache2 (2.4.7) on ubuntu 14.04 where is installed and working ISP?
I guess you will have to upgrade to Ubuntu 16.04, but I haven't tested that so I can't tell you how flawlessly it works.
Mhm. I found out that is some PPA ondrej repo with the newest apache2 files for ubuntu 14.04 but I have no idea how to update it on server where works ISP without crash. So maybe do You know how update php to newest version?
till: Maybe it's better for the LE installation to just in the Howtos: Code: ./certbot-auto --help It would then be started, dependencies pulled etc but in the end only display the help section instead of really running where users possibly select a site accidentally.
@sjau Thanks; Ill check that. I used the --help option at the beginning, it worked first, then it stopped working for newer le versions and the software was not installed correctly anymore with that switch. If it works again now, then I can change the instructions back to use it.
In my case is some funny thing. I did steps from the tutorial and instead of choose some website domain I have done cancel. Let's Encrypt was installed, certs for website were downloaded to directory /etc/letsencrypt/live/domain_name/, I can use checkbox Let's Encrypt SSL, under SSL tab cert disappear (earlier I chose delete action but still cert's code was in fields), in vhost file for this domain in directory /etc/apache2/sites-enabled/ I have now <VirtualHost *:443> tag with some attributes and finally all looks like Let's Encrypt cert is working (checked test on ssllabs.com, there is information too). I didn't remove any cert/file from /etc/letsencrypt/live/domain_name/ and in vhost file I have three lines: SSLCertificateFile /var/www/clients/client1/web1/ssl/example.com-le.crt SSLCertificateKeyFile /var/www/clients/client1/web1/ssl/example.com-le.key SSLCertificateChainFile /var/www/clients/client1/web1/ssl/example.com-le.bundle And I don't know from where these certs are. Are they copied from /etc/letsencrypt/live/domain_name/ ?
