I am attemping to secure a migrated server. In the tutorial I get the following error. Code: cd /usr/local/ispconfig/interface/ssl/ root@mx:/usr/local/ispconfig/interface/ssl# mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak root@mx:/usr/local/ispconfig/interface/ssl# mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak root@mx:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak root@mx:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt root@mx:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key root@mx:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem cat: ispserver.key: No such file or directory cat: ispserver.crt: No such file or directory root@mx:/usr/local/ispconfig/interface/ssl# chmod 600 ispserver.pem When I attempt to create a new cert using the forced update method I get the following. Code: Create new ISPConfig SSL certificate (yes,no) [no]: yes genrsa: Can't open "/usr/local/ispconfig/interface/ssl/ispserver.key" for writing, No such file or directory Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory 140126385984640:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r') 140126385984640:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: unable to load Private Key Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory 139893651992832:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r') 139893651992832:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: unable to load Private Key Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory 140055019345024:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r') 140055019345024:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: unable to load Private Key PHP Warning: rename(/usr/local/ispconfig/interface/ssl/ispserver.key.insecure,/usr/local/ispconfig/interface/ssl/ispserver.key): No such file or directory in /tmp/ispconfig3_install/install/lib/installer_base.lib.php on line 2185 Ive been through all the the sites and setup certs for them all I've checked all the settings in server config, they seem to be ok. Been battling this off and on for the past 5 days, still no further ahead. Used this tutorial to install ispc3 Used this tutorial to add the required PHP versions. Used this tutorial to secure ispc3 Still running on the backup server, so no loss of service. Regards Fred
Did you create a website for the hostname of the server and activated let's encrypt for it as described in the tutorial? Did you check that the Let's encrypt checkbox stayed ticked? As a side note, you can get a Let's encrypt cert only when the domain points to this server, did the server hostname resolves correctly to this server when you enter it in the browser?
No I didn't create a site for the ispc3 host as I have never and to do so before. I also didn't have to do so when I created the backup/temporary server 2 weeks ago. But for the sake of the test I created a site for the ispc3 host and now I cannot access the host at all. Currently whilst the temporary server is operating I'm accessing the host via IP "https://ispc3hostip:8080". The new site I created was the actual fqdn of the ispc3 host "ispc3.mydomain.tld". I already had a site that was simply mydomain.tld Yes I reset my port forwarding to point to the new server prior to doing anything with lets encrypt. No I did not test the DNS prior. As I can not longer access the ispc3 UI i'm going to rebuild the server and start over again. Regards Fred
The Securing ISPConfig guide starts with creating a website for the ISPConfig and using that to do the securing certificate setup.
For clarity, do I have to create the website before I migrate? And after I have created the site how does the migration tool handle the existance of the site I created and secured? Currently I am attempting to secure ispc3 after I have migrated. The odd thing is that I didn't have this problem when I did the original migration to a laptop so I can upgrade the array on the server hardware. I simply migrated to a laptop, set the IP for all the sites and rebuilt (via the ispc3 UI) all the the LE certs. Then I secured ispc3. So I assumed I could do the same back to the server once the new array was installed. In the first instance I am connecting to ispc3 with https://ispc3-local-IP:8080 Then once I have secured ispc3 I use the public ip to access it. I have even attempted removing all files in /usr/local/ispconfig/interface/ssl/ and forcing ispc3 to update hence rebuilding the cert for ispc3. Regards Fred
Your issue is not related to the migration and it does not matter if you secure your system before or after a migration. So it's no problem that you secure the system now after you migrated it. But as @Taleman mentioned, the steps to secure the system require it that you have a working website for the hostname of the server which has SSL and Let's encrypt enabled. Without that website, the commands must fail as the LE cert is missing then.
