Hello, can you please point me to a "how to" to add ssl certs to websites using letsencrypt? Thanks..
There is just one checkbox that you have to enable, see chapter 4.6.1.1 after you installed letsencrypt, which is describe din the manual as well.
Hi! I tried the let's encrypt function, and it works nicely, but only with an unaltered vhost configuration. When I use a directive snippet (in my case a snippet for drupal) it doesn't work, because the directive which is added by ISPConfig is overridden by the snippet. location ~ /\.well-known/acme-challenge/ { root /usr/local/ispconfig/interface/acme/; index index.html index.htm; try_files $uri =404; } The above snippet is added to the end of the vhost file. Is there a way to add it with higher priority, so the directive snippets don't override it?
Ensure that your custom directive snippet does not override the letsencrypt config by adding an exclusion for the path. You can see that in the rewrite rules that ispconfig adds.
Hi! I'm using Nginx, so I don't think there's a real exclusion for a path. But theoretically I should be able to just put the .well-known folder to a higher priority. I modified my snippet, but it' still gives me this error: Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains. Waiting for verification... Cleaning up challenges Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge Failed authorization procedure. domain.tld (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.tld/.well-known/acme-challenge/D7lE6zQfcDTRvsUgZ4WcFZkxXESKDVcLsDLViAwz0tA: "<html> Here's my Snippet: location / { location ^~ \.well-known/acme-challenge/ { root /usr/local/ispconfig/interface/acme/; index index.html index.htm; try_files $uri =404; } ## Trying to access private files directly returns a 404. location ^~ /sites/default/files/private/ { internal; } ## Drupal 7 generated image handling, i.e., imagecache in core. See: ## http://drupal.org/node/371374. location ~* /files/styles/ { ## Image hotlinking protection. If you want hotlinking ## protection for your images uncomment the following line. #include apps/drupal/hotlinking_protection.conf; access_log off; expires 30d; try_files $uri @rewrite; } ## All static files will be served directly. location ~* ^(?!/system/files).*\.(css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { access_log off; expires 30d; ## No need to bleed constant updates. Send the all shebang in one ## fell swoop. tcp_nodelay off; ## Set the OS file cache. open_file_cache max=3000 inactive=120s; open_file_cache_valid 45s; open_file_cache_min_uses 2; open_file_cache_errors off; } location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { return 404; } try_files $uri @rewrite; } location @rewrite { access_log off; expires 30d; rewrite ^ /index.php; } ## Any other attempt to access PHP files returns a 404. location ~* ^.+\.php$ { return 404; } location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; } location ~ (^|/)\. { return 403; } Any Ideas?
You should check which part of your snippet is catching the request and then adjust the regex part in your snippet to exclude requests to \.well-known/acme-challenge/