(Let's encrypt) SSL for external domain

Discussion in 'Installation/Configuration' started by Manisch, Dec 24, 2020.

Tags:
Page 2 of 2
  1. Manisch

    Manisch New Member

    Sooo, I'm back:

    Yes, I used that tutorial.

    The output is just:
    Status: inactive

    Should it be active? :D

    It should be a data center with official IP (netcup) / nothing "self hosted".
     
    Manisch, Dec 29, 2020
    #21
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It should be active, but when it is not active it can't be the problem of blocking a connection, so not the cause for this problem.

    Can you share the real domain and IP with us, so we can verify if the DNS is set up correctly indeed? You can remove them from your post after.
     
    Th0m, Dec 29, 2020
    #22
  3. Manisch

    Manisch New Member

    I'm not so keen on making it public because...the Internet never forgets :D
    And I don't want it to mess up the google results later.

    But I sent you a PM!
     
    Manisch, Dec 30, 2020
    #23
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you try doing a update and reconfiguring all services? DNS seems ok.
    Code:
    ispconfig_update.sh --force
     
    Th0m, Dec 30, 2020
    #24
  5. Manisch

    Manisch New Member

    Update is done - do I have to do something additional to reconfigure all services?
     
    Manisch, Dec 30, 2020
    #25
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The updater has asked you if you want to reconfigure the services.
     
    till, Dec 30, 2020
    #26
  7. Manisch

    Manisch New Member

    Ok, then it should be done.
     
    Manisch, Dec 30, 2020
    #27
  8. walle24

    walle24 New Member

    My issue seems to be this with the locked website. Do you have any advice on how this might be fixed?
    This is what I'm having a problem with: a user deleted his old website, but left DNS settings unchanged. The user then created a new website with the same domain name. Letsencrypt button could not be checked on the new website. acme.log showed "Skipping. Next renewal time is: 2024-10-13T22:45:26Z" So then I mannualy removed the certificate using acme -remove command, but now I can see that when letsencrypt checkbox tries to be ticked no action is performed on the server (no new attempts in acme.log).
     
    walle24, Sep 6, 2024
    #28
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    You quoted the answer to your question. I'm unsure why you did not read and follow the text. Here are the steps to fix your issue, copied from your own post:

    The faq contains a link that explains step by step how to use the debug mode.

    https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/

    1) Enable debug log mode.
    2) Disable server.sh cronjob.
    3) Enable SSL and let's encrypt checkbox of the website where you want to have a Let's encrypt SSL cert for.
    4) Run server.sh and post the complete output that you get.

    And please do not re-open old closed threads. Also, manually removing of the cert was not needed.
     
    till, Sep 6, 2024
    #29
  10. walle24

    walle24 New Member

    Sorry, I can see how I created confusion. I wanted your advice on how to fix "the site might be locked and can not be managed from ispconfig anymore". I did not write that clearly, I apologize. I did go through the debugging steps before posting, but only saw "WARNING - Could not verify domain xyz.com, so excluding it from letsencrypt request".
    I resolved the problem by temporarily enabling "Skip Lets Encrypt Check", ticking lets encrypt and have it stick, and then again disabling "Skip Lets Encrypt Check".
     
    walle24, Sep 6, 2024
    #30
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    That information was needed as it shows why the cert was not issued. And that's why we always ask users to post the debug log. Also, your site is not locked.

    The solution is fine, depending on your setup. And your site is not locked as you are able to receive a new cert. The warning means that your server is not able to connect to the domain; this happens, e.g., when your server is behind a router that blocks such requests from the internal IP to the external IP. You just have to be aware that ISPConfig is not able to exclude unreachable domains from certs anymore automatically, so if you have e.g. 5 domains or subdomains in a website and one of them is unreachable, then the SSL cert will fail also for the domains that are reachable now as the unreachable domain can not be excluded automatically anymore.
     
    till, Sep 6, 2024
    #31
    walle24 likes this.
Page 2 of 2

Share This Page