letsencrypt: where are files stored?

Discussion in 'Installation/Configuration' started by omtr, Jan 25, 2017.

  1. omtr

    omtr New Member

    Hi,

    unfortunately on my ISPconfig 3.1.1p1 (Debian 8.6) i cannot get SSL running. I started ~1,5 years ago with installing certbot from htt ps://dl. eff. org/certbot-auto (which was working, but just manually), later i installed letsencrypt via apt and i guess that was the point where things turned to a mess.
    At the moment, ssl connection are not working at all. i try to find the reason, my guess is that ispconfig uses other cert paths than letsencrypt (installed with apt). When i try to connect on the SSL site, i guess a "SSL_ERROR_RX_RECORD_TOO_LONG" error, but i think that's not the real reason because ssllabs.com/ssltest reports "Assessment failed: No secure protocols supported".
    Obviously tagging SSL and Letsencrypt SSL checkboxes in ispconfig does not have any impact at all at the moment, so my guess is that there is something brokwn in the apache configuration in general.

    Could anyone give me a hint where to look at first?
    Thank you very much for your help.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig stores them in /etc/letsencrypt/, but basically they can b anywhere as a software or user that calls certbot or letsencrypt can say where the certs shall be stored.
     
  3. omtr

    omtr New Member

    Thank you till for your lightspeed anweser.
    actually there are symlinks in /etc/letsencrypt/live/mydomain.tld:
    Code:
    cert.pem
    chain.pem
    fullchain.pem
    privkey.pem
    they point to /etc/letsencrypt/archive/mydomain.tld/*.
    these are two lines in /etc/apache2/sites-available/mydomain.tld.vhost:
    Code:
    SSLCertificateFile /var/www/clients/client1/web48/ssl/mydomain.tld-le.crt
    SSLCertificateKeyFile /var/www/clients/client1/web48/ssl/mydomain.tld-le.key
    these symlinks point to /etc/letsencrypt/live/mydomain.tld/* so i think that all needed files are where they should be. Right?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, this part looks fine. Do you use a custom apache or nginx vhost template? The way ssl certs are referenced has been changed in 3.1.1, so older custom templates need to be updated.
     
  5. omtr

    omtr New Member

    i use a vanilla ispconfig without any custom templates. i found this in my apache error log:
    Code:
    [Wed Jan 25 15:34:05.371310 2017] [:error] [pid 21145] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'.
    [Wed Jan 25 15:34:05.371435 2017] [:error] [pid 21145] python_init: Python executable found '/usr/bin/python'.
    obviously
    Code:
    apt-get remove libapache2-mod-python
    apt-get build-dep libapache2-mod-python
    apt-get install libapache2-mod-python
    does not fix the problem. am i missing something?
     
  6. omtr

    omtr New Member

    till, sorry bothering you again, but i'm desperately looking for help :-/
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    I doubt that the python messages are related to your problem, especially as 2.7.9 is > 2.7.5, so the error is basically a false positive here.
     
  8. omtr

    omtr New Member

    Thank you Till! Let me get back to that template topic. I never created any templates, but maybe i get you wrong: do you mean the 000-default.conf stored in /etc/apache2/sites-available?
     
  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I guess you are running to LE of which the old one is on /opt/certbot? Have you removed the old one before installing LE via apt install LE? Either one should work just fine but both I don't know. This could be one of the conflict you are looking.

    Plus, ISPC is the one managing the SSL for LE now and we don't do it manually. Check your website config again and see whether SSL and LE are ticked. If they are not ticked, there's your problem.

    But if they are ticked, uncheck them and save. Then check them back and save. See whether it can work thereafter.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    I mean the templates in /usr/local/ispconfig/server/conf-custom/ or /usr/local/ispconfig/server/conf/
     

Share This Page