I have sites running fine in https in old server, which is using cpanel. I migrated the site and installed a fresh demo wordpress site to test ISPconfig to see if they are working fine in https, but all sites got below error when open the site in https. http is fine. Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure script '<URL>'. This request has been blocked; the content must be served over HTTPS. it seems the server not getting the base url correctly for https site. Is there any setting in ISPconfig may create such issue? what should I check? The SSL is installed in a load balancer instead of ISPconfig Lets'encrype thank you CentOS 7.4 ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.13 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.4.16 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 143 (IMAP server) seems NOT to be listening [WARN] Port 993 (IMAP server SSL) seems NOT to be listening [WARN] Port 110 (POP3 server) seems NOT to be listening [WARN] Port 995 (POP3 server SSL) seems NOT to be listening [WARN] Port 465 (SMTP server SSL) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connecti ons you have to enable this. [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) con nections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (httpd) (PID 5742) [INFO] I found the following mail server(s): Postfix (PID 3295) [WARN] I could not determine which pop3 server is running. [WARN] I could not determine which imap server is running. [INFO] I found the following ftp server(s): PureFTP (PID 3341) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:9003 (6906/php-fpm [localhost]:11211 (851/memcached) [anywhere]:80 (5742/httpd) [anywhere]:8081 (5742/httpd) [anywhere]:21 (3341/pure-ftpd) [anywhere]:22 (1728/sshd) [anywhere]:8888 (5742/httpd) [anywhere]:25 (3295/master) [anywhere]:443 (5742/httpd) [localhost]:32000 (1425/java) [localhost]:9000 (817/php-fpm [anywhere]:3306 (3122/mysqld) [localhost]:9002 (6926/php-fpm *:*:*:*::*:21 (3341/pure-ftpd) *:*:*:*::*:25 (3295/master) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465,587 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993 f2b-FTP tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-FTP (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0
That's a setting in WordPress and not in ISPConfig. Go to WP general settings and change both fields which contain an URL there to https://
I tried to install the Let's Encrypt SSL directly to my site via ISPconfig. after enable it for my site, I got warning that the SSL is not matching my site. I checked the details, and somehow see that My site www.mydomain.com SSL is using an Aliasdomain SSL of it called sub.mydomain.com. therefore causing my site https not working. I am totally confused that why Aliasdomain SSL is used by www.mydomain.com
thank you. I can get the SSL working, but it's only valid for 3 months instead of 1 year. is it normal?
Thank you so much. Do I need to setup anything for SSL to be renewed automatically? I have domains that are already running SSL in other server. I am going migrate to new server with ISPconfig (bye Cpanel), I will need to recreate SSL for all these domains. is there a way that I can avoid or reduce the downtime? all the domains are indexed by google in https. I think I can not create LE SSL in advance before I change all domains A record to new server with ISPconfig, right? then downtime will be long.
I created mydomain.com as "site", and created many domains and subdomains as "Alias-domain" of mydomain.com. I did a test to add all domains IP to my pc hosts file for the new server, and create LE SSL for mydomain.com before changing all A record to new server with ISPconfig. I hope to ensure https working in new server before changing A record. it can generate SSL for all sites, but the SSL cert is always same for all domains, and the cert is for the first Aliasdomain. this domain https works with my hosts file new server IP, but all other domains https give error that my cert is not matching the domains. then I changed all domain A record to new server, and recreate LE SSL for mydomain.com successfully. but the same issue that all domains using a aliasdomain SSL, so https site can not open.
You can not trick Let's encrypt to get an SSL cert by editing your hosts file. Let's encrypt queries the official external DNS server of the domain to get the Ip address of the server and then connects from the internet remotely to that server to verify that it#s the server where the request came from. So trying to use a hosts file will not help you, you have to wait until the real domain name points to the server in DNS and the alias and subdomains will not get added to the cert unless their dns is pointing to the server.
Reduce DNS TTLs prior to moving. If you don't have a lot of domains, you can simply change DNS to point to your ISPConfig server, wait till DNS clears (eg. a couple minutes if you set TTL's that low), then enable the letsencrypt checkbox on the domain in ISPConfig. If you have a lot to do you might hit daily/weekly/etc. limits of requests for letsencrypt certificates, in which case you can either spread the moves out over time, or you could just copy the current certificates from the cpanel server and paste them into the SSL tab in ISPConfig, then start moving to letsencrypt managed certificates little by little. One thought comes to mind: I think the migration tool can migrate from cpanel servers, does it also copy ssl certificates? (@till) If so, you might consider that route to make things easy and support the developers.
Hi I have changed all domain A record to ISPconfig new server, and they all are updated in external DNS server. All sites are running fine in HTTP in new server now. I then checked the Let's Encrypt SSL and SSL boxes for mydomain.com in "site", all other domains are aliasdomains of mydomain.com. after loading a while, the Let's Encrypt SSL and SSL box remainded checked for mydomain.com in "site", so I assume the SSL created. however, when testing all domains in https, the SSL cert is always same for all domains, and the cert is for the first Aliasdomain. but all other domains https give error that my cert is not matching the domains. all my site in https is down now, except the first Aliasdomain. I tried to copy Cpanel LE SSL to ISPconfig, but the data fields are different. Cpanel LE SSL https://www.screencast.com/t/OqsisAIaRm ISPconfig SSL page https://www.screencast.com/t/ZC9TL3tJ
Ah, sorry, I missed that you only had to move aliasdomains. Check the letsencrypt faq for troubleshooting steps (ie. verbosely run the job that requests the certificates, as well as check letsencrypt log file).
I have 2 types of aliasdomain: sub.mydomain.com & otherdomain.com I checked the box "Don't add to Let's Encrypt certificate" for all aliasdomain that are not sub.mydomain.com and recreate the SSL. now mydomain.com & sub.mydomain.com SSL are matching and working. I see error in log, but don't know how to fix it. I checked the folder in http://aliasdomain1.com/.well-known/acme-challenge/ there is no required file created there for those domains. there are other files created for other domains. I checked: 1) /.well-known/acme-challenge/ directory exists currently … and that the permissions on both .well-known and acme-challenge are 755. 2) I added a test file ( test.txt ) and check that if I can reach it in browser. http://www.mydomain.com/.well-known/acme-challenge/test.txt (SSL working) http://www.aliasdomain.com/.well-known/acme-challenge/test.txt (SSL not working) somehow both I got 404 error [root@server letsencrypt]# tail -f letsencrypt.log.3 orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 370, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 155, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 226, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) FailedChallenges: Failed authorization procedure. aliasdomain1.com (http-01): urn:ietfarams:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://aliasdomain1.com/.well-known/acme-challenge/F_1Ye-ZH5iDb5tV6KZU4-xK6Z2iBAqlI9D0CKBX908w: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n", aliasdomain2.com (http-01): urn:ietfarams:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://aliasdomain2.com/.well-known/acme-challenge/9_fi85TxdmTeSW93lg22hyi3dM84UO3zck_DEJPzthc: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
Do you have a /.well-known/acme-challenge/ directory under the website root? You should not have that at all in an ISPConfig server, it should be an alias to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ and shared among all sites.
Yes, I have a /.well-known/acme-challenge/ directory under the website root as I migrated from cpanel. What exactly I need to do to create an alias to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ and shared among all sites?
How did you install ISPConfig? That alias is setup automatically as part of the installation procedure. You could try downloading ispconfig source again and run the update.php script from it, allowing it to reconfigure services. If that doesn't work, I would find the Perfect Server guide corresponding to your OS version and re-check all steps, including reinstalling ispconfig (with update.php, not install.php).
No, as per your above error you are running nginx and I only have apache servers at hand. Likely you could search the forums here and find it, or someone with nginx might dig it up.
