Hello. I have interesting problem. When I check field Let´s Encrypt in ISP Config 3.1.13 to webpages I created in the past - it works BUT When I create new webpage in ISPConfig and then check field Let´s Encrypt, after minute it will keep unchecked. I looked to system-logs how you advice here and i found there this: 2018-12-02 10:13 vm25697 Debug Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 2018-12-02 10:12 vm25697 Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2018-12-02 10:12 vm25697 Debug Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 2018-12-02 10:11 vm25697 Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 2018-12-02 10:11 vm25697 Debug Processed datalog_id 1550 2018-12-02 10:11 vm25697 Debug Apache online status after restart is: running 2018-12-02 10:11 vm25697 Debug Apache restart return value is: 0 2018-12-02 10:11 vm25697 Debug Restarting httpd: systemctl restart apache2.service 2018-12-02 10:11 vm25697 Debug Calling function 'restartHttpd' from module 'web_module'. 2018-12-02 10:11 vm25697 Debug Apache status is: running 2018-12-02 10:11 vm25697 Debug Writing the vhost file: /etc/apache2/sites-available/THISISMYNEWCREATEDDOMAIN.vhost 2018-12-02 10:11 vm25697 Debug Creating fastcgi starter script: /var/www/php-fcgi-scripts/web173/.php-fcgi-starter 2018-12-02 10:11 vm25697 Debug Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 2018-12-02 10:11 vm25697 Debug Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 2018-12-02 10:11 vm25697 Debug Found 1 changes, starting update process. Can you please help me with this? Thank you very much for your time
The field get's unchecked when the domain is unreachable or when let#s encrypt is unable to issue an SSL cert. ensure that you have the latest certbot version installed, you can get it here: https://certbot.eff.org/ Please post the debug output from a server.sh run when you activated let#s encrypt again. The above one is from an update with let's encrypt disabled.
Hello Till, thank you for your quick reply. I checked the version I installed and it was from webpage you mentioned so should be latest. Can you please give me steps how to get debug output from a server.sh? I tried to search but didnt find. Thank you very much again
Really? it's probably in a few hundred threads in the forum and in a sticky post labeled with 'Please read before posting' https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ and in the Let'sencrypt error FAQ which is sticky post as well https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and when you search google for 'debug ispconfig' then the first two matches point to the ISPConfig FAQ which explains how to do that.... But here again the link: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
Oh, I was really blind. Sorry for that Thank you for sending manual for debugging ISP Config. Here is debug output from server.sh after I tried enable Let´s enscrypt field: 02.12.2018-12:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 02.12.2018-12:37 - DEBUG - Found 1 changes, starting update process. 02.12.2018-12:37 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 02.12.2018-12:37 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 02.12.2018-12:37 - WARNING - Could not verify domain MYNEWDOMAIN.com, so excluding it from letsencrypt request. 02.12.2018-12:37 - WARNING - Let's Encrypt SSL Cert for: MYNEWDOMAIN.com could not be issued. 02.12.2018-12:37 - WARNING - 02.12.2018-12:37 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web175/.php-fcgi-starter 02.12.2018-12:37 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/MYNEWDOMAIN.com.vhost 02.12.2018-12:37 - DEBUG - Apache status is: running 02.12.2018-12:37 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 02.12.2018-12:37 - DEBUG - Restarting httpd: systemctl restart apache2.service 02.12.2018-12:37 - DEBUG - Apache restart return value is: 0 02.12.2018-12:37 - DEBUG - Apache online status after restart is: running 02.12.2018-12:37 - DEBUG - Processed datalog_id 1576 02.12.2018-12:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished.
The domain was excluded from the SSL cert because it is unreachable from the server. When you are sure that the DNS record of the domain is ok and you can reach the website in a browser, then try to disable the letsencrypt check under system > server config > web in iSPConfig.
The webpage without https is going in browser. I disable the lesensrypt check under system > server config > web in ISPconfig I tried again to turn on Let´s enscrypt under Webpages -> mywebpage -> SSL and now have this in output: 02.12.2018-13:15 - DEBUG - Calling function 'check_phpini_changes' from plugin ' webserver_plugin' raised by action 'server_plugins_loaded'. 02.12.2018-13:15 - DEBUG - Found 1 changes, starting update process. 02.12.2018-13:15 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' r aised by event 'web_domain_update'. 02.12.2018-13:15 - DEBUG - Calling function 'update' from plugin 'apache2_plugin ' raised by event 'web_domain_update'. 02.12.2018-13:15 - DEBUG - Create Let's Encrypt SSL Cert for: MYDOMAIN.COM 02.12.2018-13:15 - DEBUG - Let's Encrypt SSL Cert domains: --domains MYDOMAIN.COM. 02.12.2018-13:15 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree -tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt. org/directory --rsa-key-size 4096 --email [email protected] --domains MYDOMAIN.COM --webroot-path /usr/local/ispconfig/interface/acme Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for MYDOMAIN.COM Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched dom ains. Waiting for verification... Cleaning up challenges Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well -known/acme-challenge Failed authorization procedure. MYDOMAIN.COM (http-01): urn:acme:error:unauthori zed :: The client lacks sufficient authorization :: Invalid response from http:/ /MYDOMAIN.COM/.well-known/acme-challenge/u3p6T5cTGB6aW002TMLazo5bRcS1GxfmLJVXRXb d7ic: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<titl e>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" 02.12.2018-13:15 - WARNING - Let's Encrypt SSL Cert for: MYDOMAIN.COM could not be issued. 02.12.2018-13:15 - WARNING - /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/ directory --rsa-key-size 4096 --email [email protected] --domains MYDOMAIN.COM --webroot-path /usr/local/ispconfig/interface/acme 02.12.2018-13:15 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-sc ripts/web175/.php-fcgi-starter 02.12.2018-13:15 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/ MYDOMAIN.COM.vhost 02.12.2018-13:15 - DEBUG - Apache status is: running 02.12.2018-13:15 - DEBUG - Calling function 'restartHttpd' from module 'web_modu le'. 02.12.2018-13:15 - DEBUG - Restarting httpd: systemctl restart apache2.service 02.12.2018-13:15 - DEBUG - Apache restart return value is: 0 02.12.2018-13:16 - DEBUG - Apache online status after restart is: running 02.12.2018-13:16 - DEBUG - Processed datalog_id 1584 02.12.2018-13:16 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispcon fig_lock finished.
Ok, so the ispconfig LE check was right to exclude the domain as the LE token is not reachable. Either the domain points to a different server or you added rewrite rules in the apache directives field or in a .htaccess file which rewrite requests to /.well-known/acme-challenge/ virtual URL to the cms. Change your rules to exclude URL's that start with /.well-known/acme-challenge/
Hello Till. So it is fixed! Thank you very much for your helping. The problem was: In DNS records of the domain was IPv4 address correct but the IPv6 was incorrect so I changed the IPv6 and now it is working. Thank you very much again. Have nice day
