Hi I have just checked my emails, and although it's not related I noticed I am getting quite a few spam emails coming through. So to combat this thought I would create a blacklist of the main domains. However, I have noticed that my CP on port 8080 is no longer secure. I have not changed anything so would have thought it would not just stop working. All other sites are working as expected. My question is, why has this happened and more to the point is there a way to fix it so that it does not happen again. Many thanks
Do you use Let's encrypt for the ISPConfig vhost on port 8080? If yes, check in the letsencrypt.log if the renewal failed.
Thanks for the reply Till I use the acme.sh scripts as guided in this guide however I did a search for a letsencrypt.log but came up with nothing
I just disabled the LE then re-enabled it I got the following email Code: martin.gregson.me.uk - 13.04.2021-12:20 - WARNING - Could not verify domain www.martin.gregson.me.uk, so excluding it from letsencrypt request. why is it trying to verify www?
Yes you are correct I have turned it "auto subdomain www" to none for now But surely it would still find its way back to my server? I've tried disabling and re-enabling SSL and LE but still not working How do I update/renew the certificate?
If you turn it on, then it's on, and if you turn it off, then it's off. Settings do not change unless you change them. Then check the log again to find out why LE refuses to issue the cert. Certs renew automatically as long as the domain still points to the server.
Hi Thom Thanks for the reply. I've looked at the link you sent and I have seen this link several times. I must have done something wrong because having read I don't have the "/var/log/letsencrypt" directory because I using the acme.sh method. Having said that I also don't have acme.sh.log in the "/.acme.sh/" directory. I know the link gives details in the section entitled "What if the above steps don't help?", on how to get other messages but, shouldn't the system have a log file for such an important part of the system? Have I missed some part of the install?
Do you have /var/log/ispconfig/acme.log? I think it might be that the installer doesn't specify a path, so the default /root/.acme.sh/acme.sh.log is used, whereas the server plugins which renew and act on the interface changes specifies /var/log/ispconfig/acme.log. Probably the installer should use that path, too, and the faq updated (to mention both for now, and just /var/log/ispconfig/acme.log if/when the installer uses it).
Thanks for that Jesse That particular log was empty but there is a rotated log file with the following Code: [Wed 14 Apr 00:00:02 BST 2021] di='/root/.acme.sh/martin.gregson.me.uk/' [Wed 14 Apr 00:00:02 BST 2021] d='martin.gregson.me.uk' [Wed 14 Apr 00:00:02 BST 2021] Using config home:/root/.acme.sh [Wed 14 Apr 00:00:02 BST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Wed 14 Apr 00:00:02 BST 2021] DOMAIN_PATH='/root/.acme.sh/martin.gregson.me.uk' [Wed 14 Apr 00:00:02 BST 2021] Renew: 'martin.gregson.me.uk' [Wed 14 Apr 00:00:02 BST 2021] Le_API='https://acme-v02.api.letsencrypt.org/directory' [Wed 14 Apr 00:00:02 BST 2021] Using config home:/root/.acme.sh [Wed 14 Apr 00:00:02 BST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Wed 14 Apr 00:00:02 BST 2021] Skip, Next renewal time is: Mon 10 May 00:01:59 UTC 2021 [Wed 14 Apr 00:00:02 BST 2021] Add '--force' to force to renew. [Wed 14 Apr 00:00:02 BST 2021] Return code: 2 [Wed 14 Apr 00:00:02 BST 2021] Skipped martin.gregson.me.uk With my limited knowledge, this looks like it just skipped that particular site but no explanation
You don't, there is a valid certificate. Make sure the panel uses that cert (see https://www.howtoforge.com/communit...-admin-server-failed.86726/page-2#post-420892 )
Never mind I found the answer If your using certbot – Code: acme.sh -f -r -d yourdomain.com I have tried running this but get the error: Code: martin.gregson.me.uk:Verify error:Fetching http://martin.gregson.me.uk/.well-known/acme-challenge/-***************[ looking at the log file on the verification I get this [CODE]Verifying: martin.gregson.me.uk d='martin.gregson.me.uk' keyauthorization='-*******************************************************************' uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12325922109/CVslog' _currentRoot='/usr/local/ispconfig/interface/acme' wellknown_path='/usr/local/ispconfig/interface/acme/.well-known/acme-challenge' writing token:-************** to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/-*********** Changing owner/group of .well-known to ispconfig:ispconfig url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1232592****/CVslog' payload='{}' POST _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12325*****/CVslog' _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' _ret='0' code='200' trigger validation code: 200 sleep 2 secs to verify checking url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1232592*****/CVslog' payload POST Deciphering this is beyond my knowledge and skill.
No, the cert is still valid, that's why it did not got renewed. Check what's the exact error is that your browser shows you, does it really claim that the SSL cert is expired and if yes, when did it expire.