Code: lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 9.13 (stretch) Release: 9.13 Codename: stretch Code: php -v PHP 7.0.33-0+deb9u10 (cli) (built: Oct 6 2020 17:08:28) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies with Zend OPcache v7.0.33-0+deb9u10, Copyright (c) 1999-2017, by Zend Technologies Hi there, I have a site with a Sectigo SSL cert that's due to expire in about a week. A new replacement cert has been purchased and I've copied/pasted the certificate and bundle into the SSL tab of the website. The job queue seems to be finishing but when I check the site it redirects to HTTP and says the site isn't secure. Can you please help? Regards, Devin
Please go to the SSL tab of that site, select 'save certificate' in the action field, then press save again. and check that the 'SSL' checkbox on the first tab is active.
Examine log files, some of them should contain info on why certificate was not installed. If that fails, debugging info from this document in the "not writing changes to disk" may help. https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Is the SSL checkbox for the site checked? Try unchecking it, save, then check again and save. The behavior you describe is strange though, a site with a broken ssl certificate either loads the wrong site or the correct site with errors, it should not redirect from broken https to http, so you may have something else going on. If this is an apache server, whate does apachectl -S output, and what is the site in question?
Does this site run a cms, e.g. WordPress or similar? If yes, are all URL's in the CMS are set to https:// ? If you use Wordpress and it contains http:// URLs in its config, then the cms will redirect from https to http on its own.
Hi there, I thought I posted this earlier, but I guess not. It turns out that the private key and cert didn't match. I had the CA reissue, and Till's initial instructions did the trick. That said, I'm trying to install a Let's Encrypt cert on the same server, but a different domain and it just keeps hanging. Any idea what's up with that? Regards, Devin
See the Let's Encrypt error faq, link in https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Thanks Taleman. I went through the steps and verified everything. It still isn't working so I enabled Let's Encrypt for the web and run the server.sh script manually. Here's the output... Code: root@xxxx:~# /usr/local/ispconfig/server/server.sh 23.11.2021-18:41 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 23.11.2021-18:41 - DEBUG - Found 1 changes, starting update process. 23.11.2021-18:41 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 23.11.2021-18:41 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 23.11.2021-18:41 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web14' - return code: 0 23.11.2021-18:41 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web14' - return code: 0 23.11.2021-18:41 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web14'|awk 'END{print $2,$NF}' - return code: 0 23.11.2021-18:41 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 23.11.2021-18:41 - DEBUG - safe_exec cmd: setquota -u 'web14' '0' '0' 0 0 -a &> /dev/null - return code: 0 23.11.2021-18:41 - DEBUG - safe_exec cmd: setquota -T -u 'web14' 604800 604800 -a &> /dev/null - return code: 0 23.11.2021-18:41 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web14' - return code: 0 23.11.2021-18:41 - DEBUG - Create Let's Encrypt SSL Cert for: xxxx.com 23.11.2021-18:41 - DEBUG - Let's Encrypt SSL Cert domains: 23.11.2021-18:41 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains xxxx.com --domains www.xxxx.com --webroot-path /usr/local/ispconfig/interface/acme Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None An unexpected error occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 417, in wrap_socket cnx.do_handshake() File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1174, in _raise_ssl_error _raise_current_error() File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue raise exception_type(errors) OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')] During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 594, in urlopen chunked=chunked) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 350, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 837, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 323, in connect ssl_context=context) File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 324, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 424, in wrap_socket raise ssl.SSLError('bad handshake: %r' % e) ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send timeout=timeout File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen raise SSLError(e) requests.packages.urllib3.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",) During handling of the above exception, another exception occurred: requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",) Please see the logfiles in /var/log/letsencrypt for more details. 23.11.2021-18:41 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 23.11.2021-18:41 - WARNING - Let's Encrypt SSL Cert for: xxxx.com could not be issued. 23.11.2021-18:41 - WARNING - /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains xxxx.com --domains www.xxxx.com --webroot-path /usr/local/ispconfig/interface/acme 23.11.2021-18:41 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 23.11.2021-18:41 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/xxxx.com.vhost 23.11.2021-18:41 - DEBUG - Apache status is: running 23.11.2021-18:41 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 23.11.2021-18:41 - DEBUG - Restarting httpd: systemctl restart apache2.service 23.11.2021-18:41 - DEBUG - Apache restart return value is: 0 23.11.2021-18:41 - DEBUG - Apache online status after restart is: running 23.11.2021-18:41 - DEBUG - Processed datalog_id 205 23.11.2021-18:41 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. Does anything look out of sorts here?
Could this have something to do with the fact that I have a Sectigo SSL cert installed on the same IP address that I'm trying to install a Let's Encrypt cert?
