Let's Encrypt SSL certificate not installing inside ISPConfig during installation - DNS server issue

Discussion in 'Installation/Configuration' started by FX2LTD, Mar 8, 2021.

  1. barbarab

    barbarab Member HowtoForge Supporter

    Hi Aleeekoi,
    actually my "solution" was to to rebuild the machine from scratch avoiding the mistakes made the first time (record A, port 80, file hosts). In my case fixing them at a later time didn't work.
     
    ahrasis likes this.
  2. Hendrik57

    Hendrik57 New Member

    It is very sad, but I ran into this issue too. ISPCONFIG 3.2.5.
    Rebuilding the whole server is the last thing I'd like to do. There must be an easier way.
    In my case DNS and reverse DNS are all set to my server: web4.domain.nl. Ports 80, 443 are open.
    So what is the real cause? And how to solve this by editing thins or additional commands? A force install won't work.
     
  3. Hendrik57

    Hendrik57 New Member

    I think I've solved the issue with these steps, without a complete reinstall:
    1. Remove all files in /usr/local/ispconfig/interface/ssl with:
      sudo rm /usr/local/ispconfig/interface/ssl/*
    2. Remark all SSL lines in these 3 files with a # (and to recognise later with '#x' or so):
      sudo nano /etc/apache2/sites-available/apps.vhost
      sudo nano /etc/apache2/sites-available/ispconfig.conf
      sudo nano /etc/apache2/sites-available/ispconfig.vhost
    3. Run then:
      sudo ispconfig_update.sh --force
      and just press <enter> on questions, EXCEPT the question to create a new SSL certificate !! Say 'yes'.
    4. Not all 3 edited files are afterwards correct. So edit them again by enabling the SSL lines that earliers where disabled. Save those files.
    5. When nothing more is done, you will get an error like 'SSL_ERROR_RX_RECORD_TOO_LONG' in the browser. That is because SSL is served over port 80, http.
      Correct this with:
    6. sudo a2enmod ssl
    7. sudo service apache2 restart
    8. Get the certificate path:
      sudo nano /etc/apache2/sites-available/apps.vhost
      and copy both lines with the SSL path.
      close the file
    9. Open the ssl file:
      sudo nano /etc/apache2/sites-available/default-ssl.conf
      and Remark both the 'snakeoil' ssl lines.
      Paste both copied SSL lines below to replace these lines.
      Save and exit the file.
    10. Enable the SSL configuration with:
      sudo a2ensite default-ssl.conf
    11. Do:
      sudo service apache2 restart
    And in my case I got the default Apache welcome page now.
     
    Th0m and ahrasis like this.
  4. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Wait, so all this time the problem with the ip address during the cert creation is because of the hosts file?

    I wonder if chief has the wrong ip address there too. I know I do!!!
     

Share This Page