Hi. I've a ispconfig 3.1.7.p1 I've try to install ssl cert by letsencrypt, but it don't work. It seems all correct. How do to check it? Do you know any manual about check and diag it?
uhm if you enter https://thedomain you should see the informations about the TLS-cert. Or on CLI? Code: echo QUIT | openssl s_client -connect www.yourdomain.tld:443 -status 2> /dev/null | grep -A 17 'OCSP response:' | grep -B 17 'Next Update'
Here you are the output: Code: [CODE]OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Oct 9 12:55:00 2017 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 0305072AEE8A58C557CA02EF44055E7B71E9 Cert Status: good This Update: Oct 9 12:00:00 2017 GMT Next Update: Oct 16 12:00:00 2017 GMT
So, what exactly describes your issue? You tried to setup a website with LE SSL or tried to use LE SSL for ISPConfig panel? What doesn't work?
Have you done all the checks described in the LE FAQ? https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Hi. Thanks about your help Really i'm activate lts-encrpyt on ispconfig on web sites. I'll check: OS: Debian 8 ISPconfig 3.1.7p1 ans apache 2.4 Lest-encrypt working on console (see reply 3) Server had public IP on VM Server and domains is FQDN server. I've use default options about update script Here the letsencrypt.log Code: 2017-10-10 09:32:41,037:DEBUG:certbot.main:certbot version: 0.19.0 2017-10-10 09:32:41,038:DEBUG:certbot.main:Arguments: [] 2017-10-10 09:32:41,038:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoi nt#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2017-10-10 09:32:41,082:DEBUG:certbot.log:Root logging level set at 20 2017-10-10 09:32:41,083:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-10-10 09:32:41,087:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None 2017-10-10 09:32:41,685:DEBUG:certbot_apache.configurator:Apache version is 2.4.10 2017-10-10 09:32:42,992:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#nginx): Traceback (most recent call last): File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 130, in prepare self._initialized.prepare() File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 150, in prep are raise errors.NoInstallationError NoInstallationError 2017-10-10 09:32:42,995:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache Description: Apache Web Server plugin - Beta Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x7f6d8f1e7450> Prep: True 2017-10-10 09:32:42,996:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheCon figurator object at 0x7f6d8f1e7450> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x7f6d8f1 e7450> 2017-10-10 09:32:42,996:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache 2017-10-10 09:32:43,008:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=Non e, contact=(u'mailto:[email protected]',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf ', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f6d8e6c7ed0> )>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/22459829', new_authzr_uri=u'https://acme-v01.api.letsencryp t.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 7de211d 366899f4c01a734ccd54f94f0, Meta(creation_host=u'hosting01.omniware.es', creation_dt=datetime.datetime(2017, 10, 9, 12 , 44, 12, tzinfo=<UTC>)))> 2017-10-10 09:32:43,010:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2017-10-10 09:32:43,088:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.ap i.letsencrypt.org 2017-10-10 09:32:43,394:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 561 2017-10-10 09:32:43,395:DEBUG:acme.client:Received response: HTTP 200
have you setup some kind of aliasing or other non-basic configuration? If no, please try to Resync your web-configurations at the Tools tab. Another issue which might be, have you by chance allowed wildcard for IP adresses (*) ? If so, try again by giving all websites the correct IP and disable wildcard. For some reasons your hosting01 sub is using SSL for desarrollo sub domain
I thing none about non-basic configuration. Some about execute cerbot-auto can break it? I recosincing server by isp all tabs but the cert on website is not green
usuallycertbot doesn't break things. check your /etc/apache2/sites-enabled/100-hosting01-omniware.es.vhost You find lines for SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile with a path behind that. check the files are there ( example ) Code: ls -Alah /var/www/clients/client1/web1/ssl/host.ztk.me-le.crt lrwxrwxrwx 1 root root 68 Oct 3 23:12 /var/www/clients/client1/web1/ssl/host.ztk.me-le.crt -> /etc/letsencrypt/archive/host.ztk.me/fullchain1.pem verify the file it links to is present. Make sure your apache is using the correct vhost.conf when using your subdomain, currently it looks like there's an issue since it servers SSL for another subdomain. This likely is an issue if you use IP wildcard; assign your websites the correct IP Websites > IP adress > select IP ( don't use * ) disable System > Server config > Web > Allow IP wildcard if it still doesn't work go to Tools > Resync and choose to resync websites. certbot log looks good
Thanks a lot. So. I haven't 100-hosting01-omniware.es.vhost. hosting01 use the default web nad it is use to access only to ispconfig. It is the fqdn of server including reverese ip. I need put a site hosting01 on ipsconfig? The file link about other domains are on folders links too. All sites are the correct IP on web tab, none * I'm diabled IP wilcard on server tab and resyncing. The site web is yellow.
no, you dont' need to create hostin01 subdomain as vhost ( however if you want a valid ssl cert for that to be used in ispconfig/postfix/dovecot... then yes ) I probably mixed things trying to understand what your issue is. However the TLS is working now, it's yellow because your https site contains non-https elements which are not secure.
