Hello! I am facing issues with SSL for websites for ISPConfig. I followed below: Added a new website and made sure not to check SSL & Let's Encrypt checkboxes in first attempt After saving, I then edited the website & checked SSL & Let's Encrypt Waited sometime but the HTTPS was not implemented I verified the domain's vhost file and found that there was no virtualhost 443 entry Token file in .well-known/acme-challenge was also not generated No error was reported when executed /usr/local/ispconfig/server/server.sh Version details: ISPConfig v3.2dev20210313 PHP 7.0.33 Apache 2.4.18 Ubuntu 16.04.7 LTS Kindly note, the HTTPS for the ISPConfig panel is working absolutely well. Please guide about fixing this.
You can check it immediately, no need to first save and then enable it. Please go through https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ to find the problem. Also, note that Ubuntu 16.04 is officialy not supported in ISPConfig 3.2 and above. Also, you are running a nightly build of ISPConfig - I would advice you to use the stable release for production systems.
Thanks @Th0m There are few places online where users have mentioned to do so. I have followed the link, upgraded ISPConfig to v3.2.3 and tried to create the same website again, but SSL is still not showing up. There is no error shown. How can I check if Let’s Encrypt is disabled in ISPConfig?
I have never seen this, maybe it was needed in the past, but it is not now. What do you mean with this?
Please follow the Let's encrypt FAQ step by step: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and post the debug output. @Th0m posted the link already and we can not help you to solve your issue if you don't follow the instructions. And please do not do any other steps as it makes debugging less easy and might produce other issues.
The Let's Encrypt checkbox for this web will be disabled. Follow the steps from the guide to find out what is going wrong.
Alright. I have followed the link line by line but no luck. What are your thoughts about the token file not being generated and absent virtualhost 443 record in vhost file?
Then take a look at the log, as described, and eventually run the script in debug mode. It is described in the guide how to enable this. After doing so, enable the LE checkbox for the web and run the server.sh script manually.
Post the debug output as mentioned in #5. That's ok, the token is there for less than a second, so you can't know if it existed or not. This must be the case if no SSL cert could be obtained from LE.
Here it is: Code: 16.03.2021-12:06 - DEBUG - Unable to register function 'process' from plugin 'software_update_plugin' for event 'software_update_inst_insert' 16.03.2021-12:06 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 16.03.2021-12:06 - DEBUG - Found 2 changes, starting update process. 16.03.2021-12:06 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 16.03.2021-12:06 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web8' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web8'|awk 'END{print $2,$NF}' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -u 'web8' '10240' '11264' 0 0 -a &> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -T -u 'web8' 604800 604800 -a &> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0 16.03.2021-12:06 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web8/.php-fcgi-starter 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0 16.03.2021-12:06 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/dmf.gstest.com.vhost 16.03.2021-12:06 - DEBUG - Apache status is: running 16.03.2021-12:06 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 16.03.2021-12:06 - DEBUG - Restarting httpd: systemctl restart apache2.service 16.03.2021-12:06 - DEBUG - Apache restart return value is: 0 16.03.2021-12:06 - DEBUG - Apache online status after restart is: running 16.03.2021-12:06 - DEBUG - Processed datalog_id 107 16.03.2021-12:06 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 16.03.2021-12:06 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web8' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web8'|awk 'END{print $2,$NF}' - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -u 'web8' '10240' '11264' 0 0 -a &> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -T -u 'web8' 604800 604800 -a &> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0 16.03.2021-12:06 - DEBUG - Verified domain dmf.gstest.com should be reachable for letsencrypt. 16.03.2021-12:06 - WARNING - Could not verify domain www.dmf.gstest.com, so excluding it from letsencrypt request. 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - Create Let's Encrypt SSL Cert for: dmf.gstest.com 16.03.2021-12:06 - DEBUG - Let's Encrypt SSL Cert domains: 16.03.2021-12:06 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d dmf.gstest.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert -d dmf.gstest.com --key-file '/var/www/clients/client1/web8/ssl/dmf.gstest.com-le.key' --fullchain-file '/var/www/clients/client1/web8/ssl/dmf.gstest.com-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C ; fi sh: 1: [[: not found sh: 1: 2: not found sh: 1: [[: not found 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0 16.03.2021-12:06 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web8/.php-fcgi-starter 16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0 16.03.2021-12:06 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/dmf.gstest.com.vhost 16.03.2021-12:06 - DEBUG - Apache status is: running 16.03.2021-12:06 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 16.03.2021-12:07 - DEBUG - Restarting httpd: systemctl restart apache2.service 16.03.2021-12:07 - DEBUG - Apache restart return value is: 0 16.03.2021-12:07 - DEBUG - Apache online status after restart is: running 16.03.2021-12:07 - DEBUG - Processed datalog_id 108 16.03.2021-12:07 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. root@panel:/etc/apache2/sites-available# vi /etc/apache2/sites-available/dmf.gstest.com.vhost
Did you change the default shell, as described in the perfect server guide? https://www.howtoforge.com/tutorial...tpd-bind-postfix-doveot-and-ispconfig/#g0.0.9
No, I did not. Now after doing so and re-enabling the SSL, it worked like a charm. I have the certificate working now. Thank you so much!
Glad to hear it is resolved. Please note once more, Ubuntu 16.04 is officialy not supported anymore. I would recommend you to use Ubuntu 20.04 or Debian 10 for a production system.