I installed the 7 server ISPconfig setup conform https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/ The only problem is no Let's Encrypt cert can be issued for the webmail server. Webmail can be reached only by http://webmail.example.com/webmail not https. I checked: System > Server config > Webmail server > Web > SSL settings > Skip Lets Encrypt Check. After that I tried to issue the LE cert again but no succes. Looked in every log-file but cannot find the reason. Could it be that it has anything to do with the server where webmail.example.com is created. During the 7 server setup the site mx1.example.com is created on the server itself (mx1.example.com) and the site mx2.example.com is created on the server itself (mx2.example.com), but the site webmail.example.com has to be created on de web.example.com server! If so is there a way to correct this without breaking the 7 server setup?
Thanks Till, on the webmailserver (serverhostname) https://serverhostname:8081/webmail > not working http://serverhostname:8081/webmail > not working https://serverhostname/webmail > not working http://serverhostname/webmail > is working but without LE cert!
Ok, just looked at how Thom configured this exactly in the setup you used. In your case, webmail is indeed an ISPConfig website and not on port 8081. In this case, you must enable the SSL and Let's Encrypt checkbox in the website you used for the webmail installation in ISPConfig and press save, to enable https.
That's exactly what I did several times but simply is not working. The red warning dot disappears after about 20 seconds but no cert issued. The http site works but https not. Could part of the problem be the fact that the webmail site (a .net domain) is created on the webserver with a .nl domain?
Please see here for the checklist to debug why you do not get a Let's Encrypt SSL certificate: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/
Hi Till, this is the result of the LE faq: Why does Letsencrypt not create an SSL cert? Hostname, IPv4 and IPv6 are resolving and accept ping from the internet. Host A, AAAA, and PTR records in DNS. Also CAA for LE. Firewall is open for 22, 80 and 443. Why does the Let’s Encrypt in ISPConfig get disabled automatically? That is wat is happening, yes. What can I do if SSL certificate creation with Let’s Encrypt for a website fails? LE client is installed, all certs are there except one for webmail.example.com Acme.sh is up to date. ISPConfig 3.3.0p1 Tested with and without "Skip Letsencrypt Check not applicable All checked and working * Checked, all websites use it Apache 2.4 not applicable Checked, not enabled I created a hello.txt file in: /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ on de webserver.example.com. But the file is not found via http://webmail.example.com/.well-known/acme-challenge/hello.txt. "The requested URL was not found on this server." Using the hostname of the web/db server where all sites are residing succes. http://webserver.example.com/.well-known/acme-challenge/hello.txt TESTING ! In the acme.log I found the following: [Sat May 3 07:30:14 PM CEST 2025] original='{ "identifier": { "type": "dns", "value": "zms.xxxxx.net" }, "status": "invalid", "expires": "2025-05-10T17:30:08Z", "challenges": [ { "type": "http-01", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2372083147/514968909477/Gy13cg", "status": "invalid", "validated": "2025-05-03T17:30:11Z", "error": { "type": "urn:ietfarams:acme:error:unauthorized", "detail": "2a02:xxxx:xxxx:cb01::ed: Invalid response from http://zms.xxxxx.net/.well-known/acme-challenge/lv0f86KzIns0wLUk-Ha7Ba5rJs_0c0_NjgFYkzs_GRc: 404", "status": 403 }, "token": "lv0f86KzIns0wLUk-Ha7Ba5rJs_0c0_NjgFYkzs_GRc", "validationRecord": [ { "url": "http://zms.xxxxx.net/.well-known/acme-challenge/lv0f86KzIns0wLUk-Ha7Ba5rJs_0c0_NjgFYkzs_GRc", "hostname": "zms.xxxxx.net", "port": "80", "addressesResolved": [ "213.xxx.xxx.237", "2a02:xxxx:xxxx:cb01::ed" ], "addressUsed": "2a02:xxxx:xxxx:cb01::ed" I'm a bit lost on the track that should lead to the solution :-(
Maybe your IPv6 address is not working or resolves to the wrong server while IPv4 works? And please check which symlinks are in the apache/nginx sites-enabled folder on this server.
I have double checked the IPv4 and IPv6 addresses and the resolving of hostnames etc. Symlinks on webserver.example.com:
Okay, so you have other websites on the webmail server besides webmail? Does Let's Encrypt work for these other websites on this server?
There is no site on the webmail server because following the instructions : "Now log in to ISPConfig and go to Sites -> Add new website. Enter "webmail.example.com" as domain. Disable auto-subdomain and enable Let's Encrypt. Also enable PHP." So I created it on the web server, web.example.com! My initial question (#1) was:
For all the sites on de web.example.com server LE is working. The only one that does not is the domain webmail.example.com (zms.xfold.net).
Hi Till, Problem solved. I created the site webmail.example.com on de web server host (web.example.com) during setup following the written instructions. At that moment I already had a strange feeling about it. After trying everything to solve the problem I just plunged in and deleted the webmail server site and created a new one. I made sure to create this on the webmail server (webmail.example.com) and bingo, a cert was issued and I could reach the RC site on https://webmail.example.com! I believe there should be a supplement tot the setup instructions for the Webmail server. The above text in 8 Installing the webmail server should be supplemented with: Make sure you create this on the correct server (webmail.example.com). Regards, Jos
creating the webmail interface on a web server instead of the mailserver is not a problem. it works perfectly fine. i know because that's how i've installed it. you have other sites on this server, did you name the server zms.xfold.net and create a website in ispconfig named zms.xfold.net?
