Installed new ISPConfig3 via script. Setup new site and tried to enabled letsencrypt. No error but no SSL cert created. Went to check logs and logs aren't there. Checked for both "/var/log/letsencrypt" and "/var/log/ispconfig/acme.log or /root/.acme.sh/acme.sh.log" and neither are present. Does this mean that the script didn't/doesn't install letsencrypt support? - After reading I see that acme.sh is preferred with the later versions of ISPConfig. How do I confirm if it's installed? - If it's not installed, are there steps on installing to an ISPConfig server or is the install the same and i should follow the steps outline here: https://www.howtoforge.com/getting-started-with-acmesh-lets-encrypt-client/ ? If these are not the steps, can you link me to the proper steps to getting it installed properly? - I also tried following https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ but got stuck and wasn't able to find a way to confirm if acme.sh was installed on the system or not. I tried at cli "sudo acme.sh --version" which didn't return anything other than "sudo: acme.sh: command not found". If I install acme.sh as per https://www.howtoforge.com/getting-started-with-acmesh-lets-encrypt-client/ will it enable letsencrypt through ISPConfig and then I can simply add the SSL through the site from within ISPConfig or is there more involved? Thanks in advance for your time and help with this.
See here for the steps to solve your issue. Follow all steps from the first one to the last one: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ acme.sh is installed automatically by ISPConfig, it is in the /root folder, you can see its hidden folder with 'ls -la /root/', so you can't test it the way you did and that#s why the command you posted is not part of the debug rules. Just continue with the steps from LE FAQ and do what's described there.
I ran acme.sh manually in debug and noticed that it wasn't able to read the http://www.domain.com/.well-known/acme-challenge/ folder hence it wasn't able to verify the challenge file created by the acme script. I created a text.txt file under the acme-challenge folder and when i browse to http://www.domain.com/.well-known/acme-challenge/test.txt i get error 404 not found. Shouldn't I be able to see the contents of the text.txt file? I'm wondering if there is something going on with Apache.
The site i'm running is NextCloud in case that matters. I can browse the test.txt file by putting it in the root and going to http://www.domain.com/test.txt but once it's in the .well-known or acme-challenge folder i can no longer access the text.txt file and get 404 errors.
More info....I also did the debugging in ISPConfig per https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ but didn't notice any errors. The only error i'm noticing is the challenge failing and that's most likely because the check system cannot get to the challenge folder because i wasn't able to get to test.txt going directly to the path.
Also, just created http://www.domain.com/delete/testing.txt and was able to browse it without issue. Not sure why I'm not able to browse files within the challenge folder but others work.
Do not run acme.sh manually, it does not help in debugging the issue, a manual run can even prevent successful cert issuing in future. The result that you get from running it manually is no indication of your ISPConfig setup problem, it can just cause more damage to the setup, especially trying to create a challenge folder or similar on a site as the challenge folder used by ISPConfig is not located in a website. Go back to this page: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ and follow each step one after another until the end. If you have not figured out what the issue is after following each step, then post the debug output and the acme.sh log file.