Hi All, I just installed ISPConfig via this guide: https://www.howtoforge.com/tutorial...l-php-pureftpd-postfix-dovecot-and-ispconfig/ Everything seems to be working just fine, but i cant issue SSL certificates via the ISPConfig web interface. When i select the option: "Let's Encrypt SSL" in the site options the SSL cert is not generated. I narrowed it down to this error: Code: Root# /usr/local/ispconfig/server/server.sh _ which: no letsencrypt in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin) which: no certbot in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin) which: no letsencrypt in (/root/.local/share/letsencrypt/bin) finished. It looks like some certbot stuff didn't install correctly. But i followed that part of the guide without any errors. Any help is much appreciated!
Letsencrypt changed their install path which breaks all software that used LE in the past. Quite a bad move from their side to not keep backwards compatibility, but we have already a patch in git stable to work around this. Run: ispconfig_update.sh and choose git-stable as update option. Afterwards, it should work to activate LE.
Thanks, that worked without a hitch, totally agree.. bad move to break backwards compatibility. Thanks for the super quick reply!
I used to use these commands to install a certificate for the ispconfig interface on port 8080. Code: /usr/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains server1.hostindomain.tld --webroot-path /usr/local/ispconfig/interface/acme dt=`date '+%Y%m%d%H%M%S'` cd /usr/local/ispconfig/interface/ssl/ for ext in csr key.secure key crt; do if [ -f ispserver.$ext ]; then mv ispserver.$ext ispserver.$ext.old.$dt; fi; done ln -s /etc/letsencrypt/live/server1.hostindomain.tld/privkey.pem ispserver.key ln -s /etc/letsencrypt/live/server1.hostindomain.tld/fullchain.pem ispserver.crt Any idea how to alter these commands so that it can be used again to issue a certificate for the admin web interface?
I guess you have to alter just the first command. Change: /usr/bin/letsencrypt .......... to: /opt/eff.org/certbot/venv/bin/certbot ........
thanks, that worked! Well that worked to fix the certificate issue with letsencrypt.. but now i'm running in to the problem that with the git-stable version the amavisd service cannot start. If i revert back to the stable version the service starts fine but issuing new certificates wil fail. Code: Job for amavisd.service failed because the control process exited with error code. See "systemctl status amavisd.service" and "journalctl -xe" for details. Code: systemctl status amavisd.service ● amavisd.service - Amavisd-new is an interface between MTA and content checkers. Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since Fri 2017-09-15 14:15:47 WEST; 3min 16s ago Docs: http://www.ijs.si/software/amavisd/#doc Process: 54443 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=255) Main PID: 40048 (code=exited, status=0/SUCCESS) Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers.. Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: Unit amavisd.service entered failed state. Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: amavisd.service failed. Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: amavisd.service holdoff time over, scheduling restart. Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: start request repeated too quickly for amavisd.service Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers.. Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: Unit amavisd.service entered failed state. Sep 15 14:15:47 server1.clan-hosting.tk systemd[1]: amavisd.service failed.
Fixed it for now by addding the path /opt/eff.org/certbot/venv/bin/ to the PATH variable in /usr/local/ispconfig/server/server.sh.
The error was: Code: postfix/smtp[8272]: 4588782B475D: to=<[email protected]>, relay=none, delay=0.02, delays=0.01/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused) * Replaced the mail address with a non existent address.
That's not the restart error from amvis, this error just means that postfix can't reach amavis because it is not started. There must be an error in the maillig from avais that exlains why it is unable to start.
Cant find anything in the maillog about amavisd when i try to start it, but did find these errors in the message log: Code: Sep 17 16:42:43 server1 amavisd: No listen sockets or ports specified Sep 17 16:42:43 server1 systemd: amavisd.service: control process exited, code=exited status=255 Sep 17 16:42:43 server1 systemd: Failed to start Amavisd-new is an interface between MTA and content checkers.. Sep 17 16:42:43 server1 systemd: Unit amavisd.service entered failed state. Sep 17 16:42:43 server1 systemd: amavisd.service failed. Sep 17 16:42:43 server1 systemd: amavisd.service holdoff time over, scheduling restart. Sep 17 16:42:43 server1 systemd: Starting Amavisd-new is an interface between MTA and content checkers.... Sep 17 16:42:43 server1 amavisd: No listen sockets or ports specified Sep 17 16:42:43 server1 systemd: amavisd.service: control process exited, code=exited status=255 Sep 17 16:42:43 server1 systemd: Failed to start Amavisd-new is an interface between MTA and content checkers.. Sep 17 16:42:43 server1 systemd: Unit amavisd.service entered failed state. Sep 17 16:42:43 server1 systemd: amavisd.service failed. Sep 17 16:42:43 server1 systemd: amavisd.service holdoff time over, scheduling restart. Sep 17 16:42:43 server1 systemd: start request repeated too quickly for amavisd.service Sep 17 16:42:43 server1 systemd: Failed to start Amavisd-new is an interface between MTA and content checkers.. Sep 17 16:42:43 server1 systemd: Unit amavisd.service entered failed state. And i actualy see that the configuration file is empty: Code: -rw-r----- 1 root amavis 0 Sep 17 16:40 /etc/amavisd/amavisd.conf
The bad thing with systemd is, you don't get any useful errors anymore compared to traditional init scripts. When there is nothing in the logs, then you can start guessing. This does not has to be the config file that is used by amavisd. Check if there is a file /etc/amavis/amavisd.conf or /etc/amavisd.conf
/etc/amavisd.conf is not present but /etc/amavis/amavisd.conf is, but that one is empty. Code: -rw-r----- 1 root amavis 0 Sep 17 16:40 /etc/amavisd/amavisd.conf
Hmm, ok. We have to check that in stable branch code, there have been some changes in amavis config recently.
Any thing known about new problems with creating certs? In both stable and git-stable i currently am not able to create new certificates for websites, there is nothing logged when running server.sh manualy. And nothing about certifcate errors gets logged to the cron.log.
There are no known problems with creating LE certs. 1) ensure that you have ISPConfig 3.1.7p1 installed. 2) ensure that you have the certbot application installed. 3) ensure that your domain is reachable from outside so that LE can connect to it. 4) in case that your server is behind a router whoch prevents that the server itself can access the domain, then you must have the "skip LE check" option enabled under System > server config web When you see no output when running server.sh on the shell, then you did not enable the debug mode.
