Letsencrypt does not find domain names??

Discussion in 'Installation/Configuration' started by Mef-isp, Oct 10, 2016.

  1. Mef-isp

    Mef-isp New Member

    Hello,
    I hope someone knows this..

    I installed ispconfig 3.1dev using perfect server ubuntu 16 Xenial, apache 2.4. All works fine, but Let's encrypt does not.
    I read: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/

    In the LE log files I find: (replaced username by <username>:
    File "/home/<username>/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
    File "/home/<username>/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main
    return config.func(config, plugins)
    File "/home/<username>/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 506, in run
    domains = _find_domains(config, installer)
    File "/home/<username>/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 273, in _find_domains
    raise errors.Error("Please specify --domains, or --installer that "
    Error: Please specify --domains, or --installer that will help in domain names autodiscovery

    I updated Ispconfig using git-stable but that did not help, I searched but could not find this sort of log.

    I checked the DNS and I have CNAME www for the domain enabled. I have No redirects.
    When I acticate certbots-auto I see a listing of the domain names and the www ones. I choose Cancel as I want ispconfig to handle LE.

    I ran out of options as I have limited experience, what can I do?
    Thanks!
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

  3. Mef-isp

    Mef-isp New Member

    Thank you for the link. I checked it and also checked the
    Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
    Require all granted
    </Directory> and the setting is as it should be.

    I have three domains listed and btw all contain a hyphen '-'
    First domain is 0000-default.nl
    None of the domains have letsencrypt enabled. It gives the:
    Let's Encrypt SSL Cert for: could not be issued.
    And I agree it looks like no domain is supplied to the letsencrypt certbot. How can I check what is supplied to the certbot?
     
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Looks like that domain is not registered, that is a placeholder name? You're not requesting letsencrypt setup for literally '0000-default.nl' correct?
     
  5. Mef-isp

    Mef-isp New Member

    No the 0000-default.nl is used when somehow ispconfig websites fail and the user is presented a page using the ip address instead of a domain name.
    The other domains are registered: some-domain.nl and some-other-domain.nl, Both fail when I enable the Let's encrypt checkbox. I find a warning Let's Encrypt SSL Cert for: ... could not be issued in the logfiles. The debug information does give process information, but does not give letsencrypt information I can really use .
    FYI I do not use the ispconfig DNS function, but the providers DNS. As letsencrypt finds all the domain names, including 0000-default.nl, by manually using certbot-auto I expect the automatic version from ispconfig to find the letsencrypt checkbox activated domain name and cname as well. But I am not sure that is really so.
     
    Last edited: Oct 16, 2016
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Try removing 0000-default.nl temporarily and test if letsencrypt works; maybe you have inadvertently blocked letsencrypts' requests there.
     
  7. Mef-isp

    Mef-isp New Member

    ok, did so, I tried multiple times and get the result: warning Let's Encrypt SSL Cert for: ... could not be issued in the logfiles.

    The debug states (removed some sensitive data)
    2016-10-13 20:07 ..........com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    2016-10-13 20:07 ..........com Debug Processed datalog_id 345
    2016-10-13 20:07 ..........com Debug Apache online status after restart is: running
    2016-10-13 20:07 ..........com Debug Apache restart return value is: 0
    2016-10-13 20:07 ..........com Debug Restarting httpd: systemctl restart apache2.service
    2016-10-13 20:07 ..........com Debug Calling function 'restartHttpd' from module 'web_module'.
    2016-10-13 20:07 ..........com Debug Apache status is: running
    2016-10-13 20:07 ..........com Debug Restarting php….: systemctl reload php…..service
    2016-10-13 20:07 ..........com Debug Calling function 'restartPHP….' from module 'web_module'.
    2016-10-13 20:07 ..........com Debug Writing the PHP…. config file: /…..
    2016-10-13 20:07 ..........com Debug Writing the vhost file: /etc/apache2/sites-available/some-domain.nl.vhost
    2016-10-13 20:07 ..........com Debug Let's Encrypt SSL Cert domains: some-domain.nl --domains www.some-domain.nl
    2016-10-13 20:07 ..........com Debug Create Let's Encrypt SSL Cert for: some-domain.nl
    2016-10-13 20:07 ..........com Debug Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    2016-10-13 20:07 ..........com Debug Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    2016-10-13 20:07 ..........com Debug Found 1 changes, starting update process.
     
    Last edited: Oct 16, 2016
  8. Mef-isp

    Mef-isp New Member

    I tried:
    1. added the name servers from my vm provider to the /etc/hosts file
    2. commandline: sudo ispconfig_update.sh
    and used git-stable
    3 checked but could not find the vm host provider name servers in ispconfig: is that ok?
    4 tried to issue letsencrypt and got warning Let's Encrypt SSL Cert for: ... could not be issued.
     
    Last edited: Oct 13, 2016
  9. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I'm looking at your first post and notice:
    I didn't notice that path before, but that sure doesn't sound like where letsencrypt should be installed; ispconfig will find the certbot/letsencrypt programs either in the system path or under /root/.local/.... but not under a non-root user's home directory. Maybe remove the current letsencrypt install and just install the system packages (certbot) and see if things work?
     
  10. Mef-isp

    Mef-isp New Member

    I did not know that. I logged in as non-root for safety. I removed the letsencrypt directory, changed to root and used certbot-auto to install the packages.|
    I tried the letsencrypt ssl and it creates the certificates. I find them in the letsencrypt/live directory.
    The ssl and letsencrypt checkbox are active. Chapeaux for now!

    I guess, at this moment I should wait some time, as the website allows ssl but does not show the certificate. I will let you know if that happens too!
    I checked the website but no, the certificate does not show?
     
    Last edited: Oct 16, 2016
  11. Mef-isp

    Mef-isp New Member

    I did under root user: updated Ispconfig using git-stable
    The website is workingwith letsencrypt certificates but the ssl tab is still visible. Is this supposed to be?
     
    Last edited: Oct 16, 2016
  12. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

Share This Page