Hi, unfortunately on my ISPconfig 3.1.1p1 (Debian 8.6) i cannot get SSL running. I started ~1,5 years ago with installing certbot from htt ps://dl. eff. org/certbot-auto (which was working, but just manually), later i installed letsencrypt via apt and i guess that was the point where things turned to a mess. At the moment, ssl connection are not working at all. i try to find the reason, my guess is that ispconfig uses other cert paths than letsencrypt (installed with apt). When i try to connect on the SSL site, i guess a "SSL_ERROR_RX_RECORD_TOO_LONG" error, but i think that's not the real reason because ssllabs.com/ssltest reports "Assessment failed: No secure protocols supported". Obviously tagging SSL and Letsencrypt SSL checkboxes in ispconfig does not have any impact at all at the moment, so my guess is that there is something brokwn in the apache configuration in general. Could anyone give me a hint where to look at first? Thank you very much for your help.
ISPConfig stores them in /etc/letsencrypt/, but basically they can b anywhere as a software or user that calls certbot or letsencrypt can say where the certs shall be stored.
Thank you till for your lightspeed anweser. actually there are symlinks in /etc/letsencrypt/live/mydomain.tld: Code: cert.pem chain.pem fullchain.pem privkey.pem they point to /etc/letsencrypt/archive/mydomain.tld/*. these are two lines in /etc/apache2/sites-available/mydomain.tld.vhost: Code: SSLCertificateFile /var/www/clients/client1/web48/ssl/mydomain.tld-le.crt SSLCertificateKeyFile /var/www/clients/client1/web48/ssl/mydomain.tld-le.key these symlinks point to /etc/letsencrypt/live/mydomain.tld/* so i think that all needed files are where they should be. Right?
Yes, this part looks fine. Do you use a custom apache or nginx vhost template? The way ssl certs are referenced has been changed in 3.1.1, so older custom templates need to be updated.
i use a vanilla ispconfig without any custom templates. i found this in my apache error log: Code: [Wed Jan 25 15:34:05.371310 2017] [:error] [pid 21145] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'. [Wed Jan 25 15:34:05.371435 2017] [:error] [pid 21145] python_init: Python executable found '/usr/bin/python'. obviously Code: apt-get remove libapache2-mod-python apt-get build-dep libapache2-mod-python apt-get install libapache2-mod-python does not fix the problem. am i missing something?
I doubt that the python messages are related to your problem, especially as 2.7.9 is > 2.7.5, so the error is basically a false positive here.
Thank you Till! Let me get back to that template topic. I never created any templates, but maybe i get you wrong: do you mean the 000-default.conf stored in /etc/apache2/sites-available?
I guess you are running to LE of which the old one is on /opt/certbot? Have you removed the old one before installing LE via apt install LE? Either one should work just fine but both I don't know. This could be one of the conflict you are looking. Plus, ISPC is the one managing the SSL for LE now and we don't do it manually. Check your website config again and see whether SSL and LE are ticked. If they are not ticked, there's your problem. But if they are ticked, uncheck them and save. Then check them back and save. See whether it can work thereafter.
I mean the templates in /usr/local/ispconfig/server/conf-custom/ or /usr/local/ispconfig/server/conf/