Hello, i have hade this more then once. 1> When enabling letsencrypt the panel is not getting a certifcate i see then in: /var/log/ispconfig/ispconfig.log WARNING - Let's Encrypt SSL Cert for: nxxxxx.nl could not be issued. and /var/log/letsencrypt/letsencrypt.log is empty 2> nano But when i run server.sh manualy from the commandline as root it works. /var/log/ispconfig/ispconfig.log is empty and /var/log/letsencrypt/letsencrypt.log shows me a lot of debug information... any idees why one will not work but 2 works? Im running ispconfig 3.1.13
this is not explaining why it as a cron not works (sometimes it works) but when manualy run the same script it works
It might be that the domain was not ready (reachable) at the time the cron run it and when you run it a bit later manually then the domain was reachable and the LE cert was created. When you see an LE failure in the ispconfig.log but nothing at all in LE log, then ispconfig could not reach the domain and therefore LE was skipped right away. You can disable this LE check under System > Server config > web.
Wel the client has tried it in a timeperiod of 16 hours more then 10 times from the panel. I treid it withe the same result, few seconds later from the commandline it works in one time. Now tried a different domain in debug mode from the panel: 15.01.2019-13:34 - DEBUG - Found 1 changes, starting update process. 15.01.2019-13:34 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 15.01.2019-13:34 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 15.01.2019-13:34 - DEBUG - Verified domain xxx.nl should be reachable for letsencrypt. 15.01.2019-13:34 - DEBUG - Verified domain www.xxxn.nl should be reachable for letsencrypt. 15.01.2019-13:34 - DEBUG - Create Let's Encrypt SSL Cert for: xxxxx.nl 15.01.2019-13:34 - DEBUG - Let's Encrypt SSL Cert domains: --domains xxxxx.nl --domains www.xxxx.nl 15.01.2019-13:35 - DEBUG - exec: /root/.local/share/letsencrypt/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains 11eleven.nl --domains www.xxx.nl --webroot-path /usr/local/ispconfig/interface/acme 15.01.2019-13:35 - WARNING - Let's Encrypt SSL Cert for: 11eleven.nl could not be issued. 15.01.2019-13:35 - WARNING - /root/.local/share/letsencrypt/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains 11eleven.nl --domains www.xxx.nl --webroot-path /usr/local/ispconfig/interface/acme 15.01.2019-13:35 - DEBUG - Writing the vhost file: /etc/httpd/conf/sites-available/xxxx.nl.vhost From the commandline: /usr/local/ispconfig/server/server.sh 15.01.2019-13:41 - DEBUG - Found 1 changes, starting update process. 15.01.2019-13:41 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 15.01.2019-13:41 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 15.01.2019-13:41 - DEBUG - Verified domain xxx.nl should be reachable for letsencrypt. 15.01.2019-13:41 - DEBUG - Verified domain www.xxx.nl should be reachable for letsencrypt. 15.01.2019-13:41 - DEBUG - Create Let's Encrypt SSL Cert for: xxx.nl 15.01.2019-13:41 - DEBUG - Let's Encrypt SSL Cert domains: --domains xxx.nl --domains www.xxx.nl 15.01.2019-13:41 - DEBUG - exec: /root/.local/share/letsencrypt/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains 11eleven.nl --domains www.11eleven.nl --webroot-path /usr/local/ispconfig/interface/acme 15.01.2019-13:41 - DEBUG - Let's Encrypt Cert config path is: /etc/letsencrypt/renewal/xxx.nl.conf. 15.01.2019-13:41 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/xxxl/cert.pem exists. 15.01.2019-13:41 - DEBUG - Enable SSL for: 11eleven.nl i have no clue why cron not works but commandline dows work (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
Today i noticed a site that was not renewed i watched: /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ No files are created by cron. I did a manualy certbot renew. A lot of certificated ware renewed. Somehow, someware is something broken. :-(
Only in the period that ispconfig was not supporting letsencrypt But the cron, and the commandline are both executing the same command. if i do locate letsencrypt i see: /opt/eff.org /root/letsencrypt/ locate certbot-auto /opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt /root/letsencrypt/certbot-auto /root/letsencrypt/letsencrypt-auto-source/certbot-auto.asc
That should be ok, strange. The ispconfig cronjobs in the root crontab are all active and not commented out? For renewal, ispconfig just runs 'certbot --renew' itself, so there is not much that can go wrong normally.
yes the cronjobs are working, but somehow it keeps failing So somehow running it as cron works different then running server.sh from the commandline (centos 6)
Try to find out what the PATH variable contains when you are root user and then set the same PATH variable in the crontab, maybe there are some differences which cause the problems.
hm looks like i find something i had 2 accounts in /etc/letsencrypt/accounts/ i moved the new one to a backup location. Now suddenly everthing is worken. A new account was created drwx------ 3 root root 4096 Aug 31 2016 acme-v01.api.letsencrypt.org drwx------ 2 root root 4096 Jan 16 12:11 acme-v02.api.letsencrypt.org i only have abouth 30 domains that is pointing to the account that i moved away. So have to wait to see what happend on renewing
