letsencrypt isnt working after clean install

Hi
i have a clean debian 10 install running ispconfig 3.1 (i followed the tutorial)
when i click lets encrypt after i click save it unclicks itself, i read i need to click disabled letsecrypt checking in server settings, i did that and it still gives me the same problem
even worse, now my site reroutes to another site on my server that actually has an SSL on it. and i have no idea how to fix that.
here are the logs for lets encrypt
2020-05-24 01:25:02,543EBUG:certbot._internal.main:certbot version: 1.3.0
2020-05-24 01:25:02,543EBUG:certbot._internal.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'nonichaihealth.com', '--domains', 'www.nonichaihealth.com', '--webroot-path', '/usr/local/ispconfig/interface/acme']
2020-05-24 01:25:02,543EBUG:certbot._internal.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-05-24 01:25:02,552EBUG:certbot._internal.log:Root logging level set at 20
2020-05-24 01:25:02,552:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-05-24 01:25:02,553EBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2020-05-24 01:25:02,556EBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f6000500490>
Prep: True
2020-05-24 01:25:02,557EBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f6000500490> and installer None
2020-05-24 01:25:02,557:INFO:certbot._internal.plugins.selectionlugins selected: Authenticator webroot, Installer None
2020-05-24 01:25:02,561EBUG:certbot._internal.mainicked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/85740770', new_authzr_uri=None, terms_of_service=None), 485307fa9ca7a04b6daac210cc817ad2, Meta(creation_host=u'webserver.bhsolutions.com', creation_dt=datetime.datetime(2020, 5, 10, 5, 49, 4, tzinfo=<UTC>)))>
2020-05-24 01:25:02,561EBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-05-24 01:25:02,563EBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-05-24 01:25:02,667EBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-05-24 01:25:02,667EBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 24 May 2020 08:25:02 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"0FgpfBGzw2o": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-05-24 01:25:02,668EBUG:certbot._internal.cert_manager:Renewal conf file /etc/letsencrypt/renewal/nonichaihealth.com.conf is broken. Skipping.
2020-05-24 01:25:02,669EBUG:certbot._internal.cert_manager:Traceback was:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/cert_manager.py", line 381, in _search_lineages
candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/storage.py", line 447, in __init__
"file reference".format(self.configfile))
CertStorageError: renewal config file {} is missing a required file reference

2020-05-24 01:25:02,671EBUG:urllib3.connectionpool:Starting new HTTP connection (1): ocsp.int-x3.letsencrypt.org:80
2020-05-24 01:25:02,966EBUG:urllib3.connectionpool:http://ocsp.int-x3.letsencrypt.org:80 "POST / HTTP/1.1" 200 527
2020-05-24 01:25:02,967EBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/nonichaihealth.com-0001/cert1.pem is signed by the certificate's issuer.
2020-05-24 01:25:02,969EBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/nonichaihealth.com-0001/cert1.pem is: OCSPCertStatus.GOOD
2020-05-24 01:25:02,972:INFO:certbot._internal.renewal:Cert not yet due for renewal
2020-05-24 01:25:02,972:INFO:certbot._internal.main:Keeping the existing certificate

 

under monitor it says Warning
One or more components needs an update, what is the best way to update, apt-install update from ssh?

i put it in debug mode and tried to create letsencrypt, i get this error from the logs, but i don't understand what to do to fix my issue

root@webserver:~# /usr/local/ispconfig/server/server.sh


24.05.2020-15:18 - DEBUG - Calling function 'check_phpini_changes' from plugin ' webserver_plugin' raised by action 'server_plugins_loaded'.
24.05.2020-15:18 - DEBUG - Found 1 changes, starting update process.
24.05.2020-15:18 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' r aised by event 'web_domain_update'.
24.05.2020-15:18 - DEBUG - Calling function 'update' from plugin 'apache2_plugin ' raised by event 'web_domain_update'.
24.05.2020-15:18 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client0/we b8' - return code: 0
24.05.2020-15:18 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client0/we b8' - return code: 0
24.05.2020-15:18 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client0/web8'| awk 'END{print $2,$NF}' - return code: 0
24.05.2020-15:18 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
24.05.2020-15:18 - DEBUG - safe_exec cmd: setquota -u 'web8' '0' '0' 0 0 -a &> / dev/null - return code: 0
24.05.2020-15:18 - DEBUG - safe_exec cmd: setquota -T -u 'web8' 604800 604800 -a &> /dev/null - return code: 0
24.05.2020-15:18 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client0/we b8' - return code: 0
24.05.2020-15:18 - DEBUG - LE version is 1.3.0, so using certificates command
24.05.2020-15:18 - DEBUG - Create Let's Encrypt SSL Cert for: nonichaihealth.com
24.05.2020-15:18 - DEBUG - Let's Encrypt SSL Cert domains:
24.05.2020-15:18 - DEBUG - exec: /opt/eff.org/certbot/venv/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02 .api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] aihealth.com --domains nonichaihealth.com --domains www.nonichaihealth.com --we broot-path /usr/local/ispconfig/interface/acme
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
24.05.2020-15:18 - DEBUG - LE CERT OUTPUT:
24.05.2020-15:18 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0
24.05.2020-15:18 - DEBUG - Let's Encrypt Cert file: does not exist.
24.05.2020-15:18 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0
24.05.2020-15:18 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/ nonichaihealth.com.vhost
24.05.2020-15:18 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0
24.05.2020-15:18 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.3/fpm/poo l.d/web8.conf
24.05.2020-15:18 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_mo dule'.
24.05.2020-15:18 - DEBUG - Restarting php-fpm: systemctl reload php7.3-fpm.servi ce
24.05.2020-15:18 - DEBUG - Apache status is: running
24.05.2020-15:18 - DEBUG - Calling function 'restartHttpd' from module 'web_modu le'.
24.05.2020-15:18 - DEBUG - Restarting httpd: systemctl restart apache2.service
24.05.2020-15:18 - DEBUG - Apache restart return value is: 0
24.05.2020-15:18 - DEBUG - Apache online status after restart is: running
24.05.2020-15:18 - DEBUG - Processed datalog_id 751
24.05.2020-15:18 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispcon fig_lock
finished.

 

also i see this in the monitor system log
2020-05-24 15:22 webserver.solutions.com Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
2020-05-24 15:22 webserver.solutions.com Debug Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.

 

<Directory /var/www/nonichaihealth.com>
AllowOverride None
Require all denied
</Directory>

<VirtualHost *:80>


DocumentRoot /var/www/clients/client0/web8/web

ServerName nonichaihealth.com
ServerAlias www.nonichaihealth.com
ServerAdmin [email protected]


ErrorLog /var/log/ispconfig/httpd/nonichaihealth.com/error.log


<IfModule mod_ssl.c>
</IfModule>

<Directory /var/www/nonichaihealth.com/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +SymlinksIfOwnerMatch
AllowOverride All
Require all granted

# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</Directory>
<Directory /var/www/clients/client0/web8/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +SymlinksIfOwnerMatch
AllowOverride All
Require all granted

# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</Directory>

<IfModule mod_ruby.c>
<Directory /var/www/nonichaihealth.com/web>
Options +ExecCGI
</Directory>
RubyRequire apache/ruby-run
#RubySafeLevel 0
AddType text/html .rb
AddType text/html .rbx
<Files *.rb>
SetHandler ruby-object
RubyHandler Apache::RubyRun.instance
</Files>
<Files *.rbx>
SetHandler ruby-object
RubyHandler Apache::RubyRun.instance
</Files>
</IfModule>

<IfModule mod_perl.c>
PerlModule ModPerl::Registry
PerlModule Apache2::Reload
<Directory /var/www/nonichaihealth.com/web>
PerlResponseHandler ModPerl::Registry
PerlOptions +ParseHeaders
Options +ExecCGI
</Directory>
<Directory /var/www/clients/client0/web8/web>
PerlResponseHandler ModPerl::Registry
PerlOptions +ParseHeaders
Options +ExecCGI
</Directory>
<Files *.pl>
SetHandler perl-script
</Files>
</IfModule>

<IfModule mod_python.c>
<Directory /var/www/nonichaihealth.com/web>
<FilesMatch "\.py$">
SetHandler mod_python
</FilesMatch>
PythonHandler mod_python.publisher
PythonDebug On
</Directory>
<Directory /var/www/clients/client0/web8/web>
<FilesMatch "\.py$">
SetHandler mod_python
</FilesMatch>
PythonHandler mod_python.publisher
PythonDebug On
</Directory>
</IfModule>

# cgi enabled
<Directory /var/www/clients/client0/web8/cgi-bin>
AllowOverride All
Require all granted
</Directory>
ScriptAlias /cgi-bin/ /var/www/clients/client0/web8/cgi-bin/
<FilesMatch "\.(cgi|pl)$">
SetHandler cgi-script
</FilesMatch>
# suexec enabled
<IfModule mod_suexec.c>
SuexecUserGroup web8 client0
</IfModule>
<IfModule mod_fastcgi.c>
<Directory /var/www/clients/client0/web8/cgi-bin>
Require all granted
</Directory>
<Directory /var/www/nonichaihealth.com/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
<Directory /var/www/clients/client0/web8/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
Action php-fcgi /php-fcgi virtual
Alias /php-fcgi /var/www/clients/client0/web8/cgi-bin/php-fcgi-*-80-nonichaihealth.com
FastCgiExternalServer /var/www/clients/client0/web8/cgi-bin/php-fcgi-*-80-nonichaihealth.com -idle-timeout 300 -socket /var/lib/php7.3-fpm/w$
</IfModule>
<IfModule mod_proxy_fcgi.c>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.3-fpm/web8.sock|fcgi://localhost//var/www/clients/client0/web8/web/$1
<Directory /var/www/clients/client0/web8/web>
<FilesMatch "\.php[345]?$">
SetHandler "proxy:unix:/var/lib/php7.3-fpm/web8.sock|fcgi://localhost"
</FilesMatch>
</Directory>
</IfModule>


RewriteEngine on
RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
RewriteRule ^ - [END]
RewriteCond %{HTTP_HOST} ^www\.nonichaihealth\.com$ [NC]
RewriteRule ^(.*)$ http://nonichaihealth.com$1 [R=301,NE,L]

# add support for apache mpm_itk
<IfModule mpm_itk_module>
AssignUserId web8 client0
</IfModule>

<IfModule mod_dav_fs.c>
# Do not execute PHP files in webdav directory
<Directory /var/www/clients/client0/web8/webdav>
<ifModule mod_security2.c>
SecRuleRemoveById 960015
SecRuleRemoveById 960032
</ifModule>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
DavLockDB /var/www/clients/client0/web8/tmp/DavLock
# DO NOT REMOVE THE COMMENTS!
# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
# WEBDAV BEGIN
# WEBDAV END
</IfModule>




</VirtualHost>

 

does the above shef any light as to why the letsencrypt is not working?

 

when i clicked letsencrypt, it automatically selects SSL too. there is NOTHING under SSL tab
yes on the latest version that came with the tutorial for debian 10

 

so i found the issue hoping it can help others.
being that till said the server is running fine and there is no indication of a server fault. i found in my case i am behind pfsense firewall and i have the dns resolving to my local lan. once i remove that, it now works fine on all domains besides the one domain that i previously tried earlier. i think somehow the files for that one is not correct and i don't know how to remove those files to try again. please let me know
thank you

 

in /etc/letsencrypt/archive and /etc/letsencrypt/live are folders for that domain, and in /etc/letsencrypt/renewal there's a conf file for that domain.
you can just delete those and then request a new cert.
there's probably a better (official) way of doing it though.

 

thank you i will delete it manually.