Lets Encrypt Problem with one Site

Discussion in 'Installation/Configuration' started by sunghost, Apr 5, 2017.

  1. sunghost

    sunghost Member

    i have ISP in Version 3.1.1 and installed like described in the Debian Jessie Installation HowTo. I setup some Sites with Lets Encrypt Cert and it works well. But on one "normal" Site i got SSL errors and its not possible to enable Lets Encrypt SSL. ISP say not active but if i call the Site in Firefox i got "NET::ERR_CERT_COMMON_NAME_INVALID" If i accept this i got a wrong Site in the browser. The vhost file is ok and has no configuration for SSL, but something is corrupt. Some errors from apache error log:
    - :8080:0 server certificate does NOT include an ID which matches the server name
    - AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate!
    - AH02567: Unable to configure certificate xxx:8080:0 for stapling
    - [core:notice] [pid 17491] AH00094: Command line: '/usr/sbin/apache2'
    - mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
    htaccess from CMS seems ok and is the same like on another site which works with Lets Encrypt. The vhost from the wrong shown site seems ok. I searched the net, but found no helping hints. Any idea?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. sunghost

    sunghost Member

    Hi till,
    i found this too, but it doesnt helped me. All other Domains are working, so ok, something must be different for this domain, but i cant find it, since its setup like the other working sites. I enabled lets encrypt for this site again, but the letsencrypt.log says nothing about that, but the option disappeared again. Error in the apache errorl.log like above. I manage all via the panel, so i have no custome made in vhost and other files. Any idea where i can look too solve this?
    Message in Mail: 06.04.2017-11:55 - WARNING - Let's Encrypt SSL Cert for: xxx.de could not be issued.
    edit: I tested the same procedure with another site and it works perfect. Errors above are the same, so i think they have nothing todo with that...
    Last edited: Apr 6, 2017
  4. sunghost

    sunghost Member

    i am still searching for the problem. I checked websites settings, redirects and dns configuration. It seems correct compared to an working site. Log of lets encrypt gave no errors. vhost seems ok and i dont know where to look further. Any ideas? thx
    edit: one thing is different - the alias domain has the mutation "ä" in it, but vhost seems ok.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The most likely reason is the umlaut in the domain, Let's encrypt added support recently for it, but still most LE clients don't support it yet. ISPConfig supports it, but when the L client or certbot does not support it, then you will not get an SSL cert for thet domain from LE.
  6. sunghost

    sunghost Member

    Hi till,
    as you said. Between i tested it and deleted the alias domain and it works :). So search over hours was just solved in a few minutes. But now i have another problem, because the domain with mutation is needed. I have debian jessie installed and certbot from package. how to solve that?
    edit: Certbot is installed in Version 0.9.3-1
    edit2: Since Version 0.10.2 IDN Domains are supported by Certbot
    Last edited: Apr 12, 2017

    LAKSHA Member

    I am facing a problem where i am using Yandex mail and redirecting it as per their instruction and getting
    Subject: mail.yandex.az
    Issuer: Yandex CA
    Expires on: Apr 17, 201
    Current date: Aug 17, 2017

    this error.I tried doing all things possible including redirect subdomain name and using nginx directives like

    Server {
    Listen 80;
    Server_name www.mail.domain.in mail.domain.in;
    Location / {
    Rewrite ^ / (. *) $ https://mail.yandex.com/?pdd_domain=domain.in/$1 redirect;

    but its not working

    all theconfigurations at all the end are just fine.
    I am getting the same error for ZOHO mails as well.
    the custom URL just seems to be not working atall.
    your help will be tremendously appreciated @till please i request you to help or member who knows the solution.
    I wish to acknowledge all the help i get with a review or endorsement.
    Please do let me know what to fix.

Share This Page