most of my letsencrypt ssl certs seem to be working but one site (1stfamilyhomecare.com) I cannot get an ssl cert installed. I check ssl and letsencrypt, in ispconfig3 save - but when it come back they are both unchecked. and the site is being auto-recirected to ssl to of course it cant display properly! how do I debug and see where the problem lies? where can I find the logs and figure out the problem? thanks! further info from the /var/log/letsencrypt/letsencrypt.log [root@ns10 letsencrypt]# cat letsencrypt.log 2020-12-13 12:11:05,371EBUG:certbot._internal.main:certbot version: 1.8.0 2020-12-13 12:11:05,374EBUG:certbot._internal.main:Arguments: ['--domains', '1stfamilyhomecareinc.com', '--domains', 'www.1stfamilyhomecareinc.com'] 2020-12-13 12:11:05,375EBUG:certbot._internal.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2020-12-13 12:11:05,406EBUG:certbot._internal.log:Root logging level set at 20 2020-12-13 12:11:05,407:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2020-12-13 12:11:05,417:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/asoldiersgift-movie.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,427:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/j-mfilter.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,441:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ns9.cdbsystems.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,443:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/sitantiques.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,447:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/technomages.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,450:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/thaiherbsfoodtruck.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,458:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.conciergecareva.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,460:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.drrestorationva.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,462:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.jmandsonselectricalservices.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,464:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.moredollars4gold.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,467:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.mtvernonantiquecenter.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,469:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.techtreasurechest.com.conf with version 1.8.0 of Certbot. This might not work. 2020-12-13 12:11:05,471:INFO:certbot._internal.storage:Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.womenintravelandtourism.com.conf with version 1.8.0 of Certbot. This might not work. hmm so how to I update certbot and try?
I wanted to make sure I update it properly seem to remember I screwed it up the last time! certbot -auto? and tell it not to make any certs - c to cancel out? and how to have it create JUST the 1stfamilyhomecareinc ssl? or do I always want to do that in ispconfig by unchecking and rechecking the box? FURTHER info: running certbot certificates: [root@ns10 bin]# ./certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/asoldiersgift-movie.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/j-mfilter.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/ns9.cdbsystems.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/sitantiques.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/technomages.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/thaiherbsfoodtruck.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.conciergecareva.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.drrestorationva.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.jmandsonselectricalservices.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.moredollars4gold.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.mtvernonantiquecenter.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.techtreasurechest.com.conf with version 1.8.0 of Certbot. This might not work. Attempting to parse the version 1.9.0 renewal configuration file found at /etc/letsencrypt/renewal/www.womenintravelandtourism.com.conf with version 1.8.0 of Certbot. This might not work. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: 1stfamilyhomecareinc.com Serial Number: 3a9fe32b9390c4a1dd92fc43fd28f8e51bc Domains: 1stfamilyhomecareinc.com Expiry Date: 2021-03-10 07:04:54+00:00 (VALID: 86 days) Certificate Path: /etc/letsencrypt/live/1stfamilyhomecareinc.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/1stfamilyhomecareinc.com/privkey.pem (rest ignored). it says we have valid cert for 1stfamilyhomecareinc - but ispconfig has both boxes unchecked and I cant check them and have it stick!
bit more info - the cert looks valid at /etc/letsencrypt/live/1stfamilyhomecareinc - but I cannot get the 443 section to stick in the vhost file! so no ssl segment hence no ssl (and we go to the wrong site at the same time). other letsencrypt certs seem to function properly! how can I see what ispconfig is complaining about?
Please put logs, config, etc within code tags (in the editor: Insert -> Code). Please go through the FAQ I shared.
gone through faq however has not helped. I provided logs that I see. I notice that in the centos 8 perfect server the instructions for installing certbot are: --snip-- Now we will add support for Let's encrypt. mkdir /opt/certbot cd /opt/certbot wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto Now run the certbot-auto command which will download and install the software and it's dependencies. ./certbot-auto --snip-- in another letsencrypt install howto on howtoforge centos 8 instructions are simply dnf install certbot. I did the former. now i obviously want to update certbot it complains that some of the conf files are 1.9 and it is only v1.8. how can I update certbot without disturbing anything?? and from what I can tell the OTHER letsencrypt ssls are working fine. this one website will not install SSL so the vhost file has no :443 section. I guess I could install it manually??? but surely somewhere I can find out WHAT is failing in ispconfig when I check SSL and letsencrypt and they uncheck themselves. the letsencrypt log is listed above. where else do I look??? or do I give up and just manually edit the vhost as nasty a solution as that is? from the letsencrypt log: Code: [root@ns10 letsencrypt]# cat letsencrypt.log 2020-12-13 12:11:05,371:DEBUG:certbot._internal.main:certbot version: 1.8.0 2020-12-13 12:11:05,374:DEBUG:certbot._internal.main:Arguments: ['--domains', '1stfamilyhomecareinc.com', '--domains', 'www.1stfamilyhomecareinc.com'] 2020-12-13 12:11:05,375:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2020-12-13 12:11:05,406:DEBUG:certbot._internal.log:Root logging level set at 20 2020-12-13 12:11:05,407:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log it never says anything is failing???
Try setting the server log level to debug, disable server.sh cron job, check the ssl & letsencrypt check boxes for the site, then run server.sh manually - what is the full output from that? Do you know where you got your version 1.9.0 config files from? I wonder if you have multiple certbot clients installed; possibly you just had one, then downgraded to the other?
ENLIGHTMENT -and might want to pass this one to others --- I compared the conf files in /etc/letsencrypt/renewal and the misbehavingsite.conf file had only ONE line after the [[webroot_map]] block. I added www.misbehavingsite.com = /user/local/ispconfig/interface/acme and now ispconfig kept the entries checked when i checked ssl and letsencrypt and then saved them! and ssl works and site is now up! so missing line at the end of the conf file in /etc/letsencrypt/renewal in the [webroot_map] block KILLS us stone dead! inquiring minds might want to know! now... how to update certbot to 1.9? and .... how much of a screw up would using the dnf install certbot cause instead? that would obviously make it easier to keep certbot updated! would it keep the existing files? or nuke the HELL out of my site? <-- not still non-threatening titles!
so - just wanting to make sure ./certbot-auto --install-only will upgrade the certbot client without disturbing anything? or will it have other nasty effects?
The help message says it will, "install certbot, upgrade if needed, and exit", so that is what I'd expect. I don't know that I've ever run it myself.