No LetsEncrypt Certificate will be issued - Ispc 3.2, Debian 10 .novalocal

Discussion in 'Installation/Configuration' started by MarkM, Dec 13, 2020.

  1. MarkM

    MarkM New Member

    Hi!
    I have a problem to install the LetsEncrypt Certificate for Ispc, because my host domain is ending with .novalocal (server1.example.com.novalocal), I am not able to change this as provided in "Configure the Hostname" (The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1)

    ouoH0lIbgr.jpg
    Is there a way to solve this. I read that the since Version 15 the DHCP /novalocal.conf can not be modified anymore. May you have a solution I have not found or a Tip for me. Thank you
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    How are you changing it? What exactly happens when you try to change?
    Is this novalocal thing some VMWare setup? Or your service provicer forces that name? Some context, please.
    Version 15 of what?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    In some virtualization systms like openvz and probably virtuozzo too, the server hostname is set outside of the vm on the host system. If you are not running the host system yourself, contact support of your hosting company to get help with changing the hostname. let's encrypt will issue ssl certs only for real registered domain names, so you won't get a LE cert for a fictive domain.
     
  4. MarkM

    MarkM New Member

    Hi! Thank you for the reply!
    I am using a LunaNode VM. With the domain Provider I made an DNS A record for the hosting.domain.com and domain.com to the LunaNode VM puplic IP.

    I was able to change it, in fact to delete the .novalocal, so only the hosting.domain.com remains, but still face the problem with the LE Certificate. This Issue only exist with debian 10, with Ubuntu 20.xx the LECertificate will be issued. May I should during installation not try to issue a certificate, but rather make afterwards an update of Ispc.

    I have an registered Domain. When LE ask me about the FQDN, shall I use the domain.com or the hosting.domain.com? May there I make a mistake! :confused:
     
    Last edited: Dec 14, 2020
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The server hostname is always a subdomain like hosting.domain.com. Do not use domain.com as hostname as this would cause issues later as you won't be able to use domain.com then as normal website or email domain.
     
  6. MarkM

    MarkM New Member

    Yes, this I know, I read a lot in this nice forum, so the FQDN for the LE Certificate will remain the hosting.domain.com
     
  7. MarkM

    MarkM New Member

    Still get the error! LECertificate will not be issued!

    Checking / creating certificate for hosting.domain.com
    Using certificate path /etc/letsencrypt/live/hosting.domain.com
    Using apache for certificate validation
    Did not find any valid acme client (acme.sh or certbot)
    Could not issue letsencrypt certificate, falling back to self-signed.
    Generating RSA private key, 4096 bit long modulus (2 primes)

    I used this Tutorial:
    The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You must have missed the step to install certbot. Go through that again and then reconfigure services by doing a force upgrade to the latest stable with
    Code:
    ispconfig_update.sh
     
  9. MarkM

    MarkM New Member

    OK! But in the tutorial it says:

    4hXe6fboUp.jpg
     
  10. MarkM

    MarkM New Member

    Skipping bootstrap because certbot-auto is deprecated on this system.
    Your system is not supported by certbot-auto anymore.
    Certbot cannot be installed.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Correct, but where is the cert /etc/letsencrypt/live/hosting.domain.com from then? According to the path, this is a certbot created cert.
     
  12. MarkM

    MarkM New Member

    I do not know, may from the previous update I installed?

    Checking / creating certificate for hosting.domain.com
    Using certificate path /etc/letsencrypt/live/hosting.domain.com
    Using apache for certificate validation
    Did not find any valid acme client (acme.sh or certbot)
    Could not issue letsencrypt certificate, falling back to self-signed.
    Generating RSA private key, 4096 bit long modulus (2 primes)
     
  13. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Go through the Perfect Server guide to install a Let's Encrypt client (certbot/acme.sh) correctly.
     
  14. MarkM

    MarkM New Member

    I try my best, but I thought acme.sh will be installed together with the Ispc installation? If I want to use certbot, which version and when i should install, after bind?
     
  15. MarkM

    MarkM New Member

    I installed Certbot! Now it worked! :)
    Thank you!
     

Share This Page