I am running the current version of ISPconfig on Ubuntu 16.04 and everything is working fine except for Let's Encrypt. When I check the Let's Encrypt SSL box against any of my websites (on the Domain tab), the SSL box is also automatically checked. I then save the change but when I look at the domain again the Let's Encrypt and SSL check boxes are unchecked. I can generate an SSL certificate under the SSL tab and this seems to work fine but I still can't get the Let's Encrypt checkbox to remain checked. I can check the SSL box and this remains checked after a save but not the Let's Encrypt option. I must be missing something somewhere - can anyone help? I configured the server using tutorial at : he Perfect Server - Ubuntu 16.04 (Xenial Xerus) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.1 Thanks, Cliff
Double check your DNS settings and do nothing under SSL except fill in your info. it should work. Whenever I had an issue it was due to error in DNS.
I am having exactly the same issues although I don't use ISPConfig for my DNS as it is handled through a 3rd party service.
Thanks ganewbie. DNS all looks fine and my web sites are accessible from the web. e.g. www.turuncwalks.com I am getting a warning when i do a DNS check that I don't fully understand: Could this possibly cause a problem with Let's Encrypt? Are there any Let's Encypt logs that could help isolate the problem? Thanks, Cliff
Thanks till. The letsencrypt log files are empty so that doesn't help. Are there any other logs that might indicate Let's Encrypt problems. Are there any other logging parameters I should set in order to see what's going on? Thanks. Cliff
you can use the nromal ispconfig debugging to see what ispconfig is doing and the letsencrypt log should not be empty if letsencrypt is installed properly. Maybe you should consider to reinstall letsencrypt and empty /etc/letsendcrypt to start with a clean config.
OK, thanks Till. I have done that and the letsencrypt log file is attached. At the end of the installation I asked which names I would like to activate HTTPS for and I didn't select any as I assume we want ISPConfig to take care of that. I still have the same problem and nothing appears in the log file when I try and create a Let's Encrypt certificate for one of my web sites.
Try to use the ispconfig debug mode to see how ispconfig calls letsencrypt (last chapter of this post): https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
I got someone to have a look at my server this morning and found Let's Encrypt (I presume he meant certbot) was not installed as root. He fixed this and now works perfectly. My problem was (still is) I have always been a Debian user but chose Ubuntu as it had PHP7 by default.
Thanks again Till. I have done that and tried again to create a LE certificate via ISPconfig (log file extract attached). It looks to me like the request is issued correctly and a certificate is returned: but the Let's Encrypt check box and the SSL check box are both unchecked again.
Thanks for the info. I'm pretty sure I installed it as root but I'll uninstall it and do it again just to be on the safe side!
Oh, I just set my error logging to 'warning' rather than 'debug' and there is a warning message: so the log now contains: So there is a problem with the Let's Encrypt request. How do i dig into that?
you could try manually with a different client though... to see if it's a problem in general or just ISPC
So, even though I have working DNS, and it checks out OK (e.g. with dnsstuff.com), Let's Encrypt is rejecting the request generated by ISPconfig. How can I find out why the request is being rejected as the system logs in ISPconfig don't provide that level of information and there is nothing in the letsencrypt log about the rejection? Thanks.
If you're interested, here is the link to the guy who fixed my installation. https://www.freelancer.com/u/tlchung.html
