Hi, i was trying https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ after adding sub.domain.com as a site i lost access . is there anyway through command line to retreive access to server. all website are down now. Thanks
Did that and apache is not restarting. showing this error: Code: -- Unit apache2.service has begun starting up. Feb 15 15:54:27 mhd101 apachectl[8366]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled Feb 15 15:54:27 mhd101 apachectl[8366]: AH00526: Syntax error on line 63 of /etc/apache2/sites-enabled/000-ispconfig.vhost: Feb 15 15:54:27 mhd101 apachectl[8366]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Feb 15 15:54:27 mhd101 apachectl[8366]: Action 'start' failed. Feb 15 15:54:27 mhd101 apachectl[8366]: The Apache error log may have more information. Feb 15 15:54:27 mhd101 systemd[1]: apache2.service: Control process exited, code=exited status=1 Feb 15 15:54:27 mhd101 systemd[1]: Failed to start The Apache HTTP Server.
ok, your problem is the missing ssl cert in the ISPConfig vhost. An easy way to recreate it is to do an ispconfig update: ispconfig_update.sh choose git-stable as update target. when the updater asks you to craete a new ssl cert for the ispconfig vhost, choose yes.
Thanks Till, i gained access back to server. but i again tried to walkthrough the tutorial and got stuck again. what could be the major cause?
Maybe the let's encrypt ssl cert could not be issued. Did you check that the SSL and let's encrypt checkboxes of the website were the domain name is the hostname of your server stay checked and are you able to reach that website with https?
Hi Till, again with some trouble. now all the steps are ok except when i restart apache. when issuing service apache2 restart Enter passphrase for SSL/TLS keys for sub.domain.tld:8877 (RSA):
The problem is your SSL cert. You seem to have installed an SSL cert that is password protected but for Apache, you have to install one without password protection as Apache and the whole server will not start otherwise.
Hi Till, i have followed the turtorial in my first post. and thee ssl should be from let's encrypt. is there a way to trace where i did something wrong? Thanks
I haven't seen an encrypted key for LE yet. Maybe you use a different key file instead of linking to the key that letsencrypt created.
something weird. i have checked in /etc/letsencrypt/live/ and i found sub.domain.tld and another sub.domain.tld-0001 when i used the the 0001 everything worked perfect. Now if i delete both folders and redo all the steps again should that be ok. or should i do something else to correct this. also what could be the reason for having these 2 folders.?
Letsencrypt does this renaming sometimes when something changes in the ssl cert. Using the -0001 version is the right way by pointing the symlinks to that version instead, I won't leet LE recreate the certs.