Hi I have a clean system install, and am just about to start moving sites across. Thought I would test first.. Everything seemd fine except LetsEncrypt.. i can't seem to get it to stick.. I have run it from the command line and upon checking I can see it appears to have completed a certificate request. (What I want to use for the ISPConfig control panel), and I have completed a certificate for the first site, but the site does not seem to be active with HTTPS and the tick box is now not ticked.. Belwo is the debug log, and the only thing that looks weird is that it is requesting for Nginx, and we are using apache. Certs are definately not my strong point so I may not be looking at this correctly... Code: 2017-10-02 03:57:03,633:DEBUG:letsencrypt.cli:Root logging level set at 30 2017-10-02 03:57:03,634:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-10-02 03:57:03,634:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1 2017-10-02 03:57:03,634:DEBUG:letsencrypt.cli:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'proactiveitservices.com.au', '--domains', 'www.proactiveitservices.com.au', '--webroot-path', '/usr/local/ispconfig/interface/acme'] 2017-10-02 03:57:03,635:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2017-10-02 03:57:03,635:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None 2017-10-02 03:57:03,636:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge 2017-10-02 03:57:03,636:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge 2017-10-02 03:57:03,636:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot Description: Webroot Authenticator Interfaces: IAuthenticator, IPlugin Entry point: webroot = letsencrypt.plugins.webroot:Authenticator Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7f7871c201d0> Prep: True 2017-10-02 03:57:03,636:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7f7871c201d0> and installer None 2017-10-02 03:57:03,657:DEBUG:letsencrypt.cli:Picked account: <Account(1d3439ee58a2649a1fb7f4f6d2b1cb6f)> 2017-10-02 03:57:03,662:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {} 2017-10-02 03:57:03,667:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-10-02 03:57:04,060:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280 2017-10-02 03:57:04,063:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Mon, 02 Oct 2017 03:57:04 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 02 Oct 2017 03:57:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'MMXGEW8jmCNFq3SqZDX0JrjF9VN6HtwXdOFq_1QqW2c'}. Content: '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}' 2017-10-02 03:57:04,063:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Mon, 02 Oct 2017 03:57:04 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 02 Oct 2017 03:57:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'MMXGEW8jmCNFq3SqZDX0JrjF9VN6HtwXdOFq_1QqW2c'}): '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}' 2017-10-02 03:57:04,069:DEBUG:parsedatetime:parse (top of loop): [30 days][] 2017-10-02 03:57:04,078:DEBUG:parsedatetime:CRE_UNITS matched 2017-10-02 03:57:04,079:DEBUG:parsedatetime:parse (bottom) [][30 days][][] 2017-10-02 03:57:04,079:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False 2017-10-02 03:57:04,079:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False 2017-10-02 03:57:04,079:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=10, tm_mday=2, tm_hour=3, tm_min=57, tm_sec=4, tm_wday=0, tm_yday=275, tm_isdst=0)) 2017-10-02 03:57:04,079:DEBUG:parsedatetime:_buildTime: [30 ][][days] 2017-10-02 03:57:04,079:DEBUG:parsedatetime:units days --> realunit days 2017-10-02 03:57:04,080:DEBUG:parsedatetime:return 2017-10-02 03:57:04,080:INFO:letsencrypt.cli:Cert not yet due for renewal Thanks for any feedback Cheers
Certs that you create on the command line as will block SSL in ISPConfig and you won't be able to use them and you won't be able to activate SSL in an ISPConfig site when such a cert has been created manually. - Remove the manually created certs and their LE config completely and remove all files with '-le' that you find in the apache sites-enabled folder. - Create the SSL cert for ISPConfig like this: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ - Creating certs in ISPConfig for websites should work then as well after you removed the manually created ones.
