[SOLVED] Checking SSL and LE in site settings is not working

Hello there, all!

This is a new ISPC install on Deb 11. When I ran the ISPC installation script, I had to force an update to create the SSL certs for the system services and 8080. When I created my first site, I had to go back and re-check SSL and LE in the site settings because during creation, the cert wasn't created and the checkmarks were absent.

Creating a second site, I can't get the SSL certs to get created at all. I've tried waiting 24 hours for the domain to route to the server and I've tried checking those two boxes 4 times with time in between but the check marks revert to unchecked and the LE log in tools doesn't show anything regarding this domain.

To add to my confusion, the error I get when visiting the site to test the cert is SSL_ERROR_BAD_CERT_DOMAIN and it shows the domain of the first site I created on this server.

Could someone tell me what I'm likely doing wrong and how I might resolve this issue?

Thanks for your time!

 

Thanks very much for your help and sorry for wasting your time. I'll do some reading and testing before replying to the topic if I'm not able to troubleshoot it myself.

 

I've managed to figure out almost all of my issues. I have one that I can't figure out though.
When I created one of my sites, I had chosen no auto-www subdomain accidentally but when I figured out what I had done, I had edited the site settings to check the box and the site now has a www.subdomain that works. Of course, the SSL cert wasn't created to cover that so I unchecked SSL and LE then re-edited the site to include LE SSL. When doing that, the root domain cert works again but www shows an incorrect certificatate for domain.com and not www.domain.com.

Here's my log file from one of my attempts to have acme.sh create the certificate after adding the subdomain. It seems to think that there are no subdomains:

https://pastebin.com/cAHihkCZ

Could someone perhaps point out what I doing wrong?

 

Please attach the log file or put it in the code block ([ code ] [ /code ] without the spaces) foe us to see. We currently are unable to see it in your link.

Make sure both your domain and its www subdomain is pointed to that server and they have properly been propagated. We normally use dig command to check.

 

Sorry, I was worried that I would exceed a max char limit on the post. Here's the log:

Code:

[Fri 10 Mar 2023 12:18:11 PM CST] Running cmd: issue
[Fri 10 Mar 2023 12:18:11 PM CST] _main_domain='universalminingco.com'
[Fri 10 Mar 2023 12:18:11 PM CST] _alt_domains='no'
[Fri 10 Mar 2023 12:18:11 PM CST] Using config home:/root/.acme.sh
[Fri 10 Mar 2023 12:18:11 PM CST] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 10 Mar 2023 12:18:11 PM CST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 10 Mar 2023 12:18:11 PM CST] DOMAIN_PATH='/root/.acme.sh/universalminingco.com'
[Fri 10 Mar 2023 12:18:11 PM CST] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri 10 Mar 2023 12:18:11 PM CST] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri 10 Mar 2023 12:18:11 PM CST] GET
[Fri 10 Mar 2023 12:18:11 PM CST] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri 10 Mar 2023 12:18:11 PM CST] timeout=
[Fri 10 Mar 2023 12:18:11 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:16 PM CST] ret='0'
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_NEW_AUTHZ
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Fri 10 Mar 2023 12:18:16 PM CST] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 10 Mar 2023 12:18:17 PM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri 10 Mar 2023 12:18:17 PM CST] _on_before_issue
[Fri 10 Mar 2023 12:18:17 PM CST] _chk_main_domain='universalminingco.com'
[Fri 10 Mar 2023 12:18:17 PM CST] _chk_alt_domains
[Fri 10 Mar 2023 12:18:17 PM CST] Le_LocalAddress
[Fri 10 Mar 2023 12:18:17 PM CST] d='universalminingco.com'
[Fri 10 Mar 2023 12:18:17 PM CST] Check for domain='universalminingco.com'
[Fri 10 Mar 2023 12:18:17 PM CST] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri 10 Mar 2023 12:18:17 PM CST] d
[Fri 10 Mar 2023 12:18:17 PM CST] _saved_account_key_hash is not changed, skip register account.
[Fri 10 Mar 2023 12:18:17 PM CST] Read key length:2048
[Fri 10 Mar 2023 12:18:17 PM CST] Creating domain key
[Fri 10 Mar 2023 12:18:17 PM CST] Using config home:/root/.acme.sh
[Fri 10 Mar 2023 12:18:17 PM CST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 10 Mar 2023 12:18:17 PM CST] Use length 4096
[Fri 10 Mar 2023 12:18:17 PM CST] Using RSA: 4096
[Fri 10 Mar 2023 12:18:17 PM CST] The domain key is here: /root/.acme.sh/universalminingco.com/universalminingco.com.key
[Fri 10 Mar 2023 12:18:17 PM CST] Generate next pre-generate key.
[Fri 10 Mar 2023 12:18:17 PM CST] Use length 4096
[Fri 10 Mar 2023 12:18:17 PM CST] Using RSA: 4096
[Fri 10 Mar 2023 12:18:18 PM CST] _createcsr
[Fri 10 Mar 2023 12:18:18 PM CST] Single domain='universalminingco.com'
[Fri 10 Mar 2023 12:18:18 PM CST] Getting domain auth token for each domain
[Fri 10 Mar 2023 12:18:18 PM CST] d
[Fri 10 Mar 2023 12:18:18 PM CST] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 10 Mar 2023 12:18:18 PM CST] payload='{"identifiers": [{"type":"dns","value":"universalminingco.com"}]}'
[Fri 10 Mar 2023 12:18:18 PM CST] EC key
[Fri 10 Mar 2023 12:18:18 PM CST] HEAD
[Fri 10 Mar 2023 12:18:18 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 10 Mar 2023 12:18:18 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g -I '
[Fri 10 Mar 2023 12:18:26 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:26 PM CST] POST
[Fri 10 Mar 2023 12:18:26 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 10 Mar 2023 12:18:26 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:28 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:28 PM CST] code='201'
[Fri 10 Mar 2023 12:18:28 PM CST] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1001346377/169317534047'
[Fri 10 Mar 2023 12:18:28 PM CST] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1001346377/169317534047'
[Fri 10 Mar 2023 12:18:28 PM CST] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/209789289757'
[Fri 10 Mar 2023 12:18:28 PM CST] payload
[Fri 10 Mar 2023 12:18:28 PM CST] POST
[Fri 10 Mar 2023 12:18:28 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/209789289757'
[Fri 10 Mar 2023 12:18:28 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:28 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:28 PM CST] code='200'
[Fri 10 Mar 2023 12:18:28 PM CST] d='universalminingco.com'
[Fri 10 Mar 2023 12:18:28 PM CST] Getting webroot for domain='universalminingco.com'
[Fri 10 Mar 2023 12:18:28 PM CST] _w='/usr/local/ispconfig/interface/acme'
[Fri 10 Mar 2023 12:18:28 PM CST] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri 10 Mar 2023 12:18:28 PM CST] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A","token":"RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk"'
[Fri 10 Mar 2023 12:18:28 PM CST] token='RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk'
[Fri 10 Mar 2023 12:18:28 PM CST] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A'
[Fri 10 Mar 2023 12:18:28 PM CST] keyauthorization='RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk.KzNqYKn1QemP1Gi4onDLLq4Q2o3diSID-E9yHTpIs8o'
[Fri 10 Mar 2023 12:18:28 PM CST] dvlist='universalminingco.com#RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk.KzNqYKn1QemP1Gi4onDLLq4Q2o3diSID-E9yHTpIs8o#https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A#http-01#/usr/local/ispconfig/interface/acme'
[Fri 10 Mar 2023 12:18:28 PM CST] d
[Fri 10 Mar 2023 12:18:28 PM CST] vlist='universalminingco.com#RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk.KzNqYKn1QemP1Gi4onDLLq4Q2o3diSID-E9yHTpIs8o#https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A#http-01#/usr/local/ispconfig/interface/acme,'
[Fri 10 Mar 2023 12:18:28 PM CST] d='universalminingco.com'
[Fri 10 Mar 2023 12:18:28 PM CST] ok, let's start to verify
[Fri 10 Mar 2023 12:18:29 PM CST] Verifying: universalminingco.com
[Fri 10 Mar 2023 12:18:29 PM CST] d='universalminingco.com'
[Fri 10 Mar 2023 12:18:29 PM CST] keyauthorization='RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk.KzNqYKn1QemP1Gi4onDLLq4Q2o3diSID-E9yHTpIs8o'
[Fri 10 Mar 2023 12:18:29 PM CST] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A'
[Fri 10 Mar 2023 12:18:29 PM CST] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri 10 Mar 2023 12:18:29 PM CST] wellknown_path='/usr/local/ispconfig/interface/acme/.well-known/acme-challenge'
[Fri 10 Mar 2023 12:18:29 PM CST] writing token:RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk to /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/RQcM5HlRfst_s2YjeYcH0zTGiRH1n8jYClEETlGvBZk
[Fri 10 Mar 2023 12:18:29 PM CST] Changing owner/group of .well-known to ispconfig:ispconfig
[Fri 10 Mar 2023 12:18:29 PM CST] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A'
[Fri 10 Mar 2023 12:18:29 PM CST] payload='{}'
[Fri 10 Mar 2023 12:18:29 PM CST] POST
[Fri 10 Mar 2023 12:18:29 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A'
[Fri 10 Mar 2023 12:18:29 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:29 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:29 PM CST] code='200'
[Fri 10 Mar 2023 12:18:29 PM CST] trigger validation code: 200
[Fri 10 Mar 2023 12:18:29 PM CST] Pending, The CA is processing your order, please just wait. (1/30)
[Fri 10 Mar 2023 12:18:29 PM CST] sleep 2 secs to verify again
[Fri 10 Mar 2023 12:18:31 PM CST] checking
[Fri 10 Mar 2023 12:18:31 PM CST] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A'
[Fri 10 Mar 2023 12:18:31 PM CST] payload
[Fri 10 Mar 2023 12:18:31 PM CST] POST
[Fri 10 Mar 2023 12:18:31 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/209789289757/PH6F_A'
[Fri 10 Mar 2023 12:18:31 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:31 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:31 PM CST] code='200'
[Fri 10 Mar 2023 12:18:31 PM CST] Success
[Fri 10 Mar 2023 12:18:31 PM CST] pid
[Fri 10 Mar 2023 12:18:31 PM CST] pid
[Fri 10 Mar 2023 12:18:31 PM CST] No need to restore nginx, skip.
[Fri 10 Mar 2023 12:18:31 PM CST] _clearupdns
[Fri 10 Mar 2023 12:18:31 PM CST] dns_entries
[Fri 10 Mar 2023 12:18:31 PM CST] skip dns.
[Fri 10 Mar 2023 12:18:31 PM CST] Verify finished, start to sign.
[Fri 10 Mar 2023 12:18:31 PM CST] i='2'
[Fri 10 Mar 2023 12:18:31 PM CST] j='27'
[Fri 10 Mar 2023 12:18:31 PM CST] Lets finalize the order.
[Fri 10 Mar 2023 12:18:31 PM CST] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1001346377/169317534047'
[Fri 10 Mar 2023 12:18:31 PM CST] url='https://acme-v02.api.letsencrypt.org/acme/finalize/1001346377/169317534047'
[Fri 10 Mar 2023 12:18:31 PM CST] payload='{"csr": "MIIEtzCCAp8CAQAwIDEeMBwGA1UEAwwVdW5pdmVyc2FsbWluaW5nY28uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzDPTcZhoCwfRBKeueyIa1HreKq5i5q29juDqWDCYep9OXwYmPIU8lXo1GyZXx6oCDXHSO7iXvtB55Pt1BCcEGTqAkTiaqi0qbNCQPl2bUqnjyNgriPjjzXE6mFbe1aSaq6gUNR9WpS87jSGHbEufFPP7Vk1HuxYO9ZtkGhE6H2UnSlLSsbB78VuwjrCEFFFUTFgLwafDIsY2UGkLZLuPOJF25qzXg7FkivhfCORUoLEOP_wXC8qae8J9DTK19lHMY5OAg6APawilYVOvXKw0j83eqJR0BilEyzubh_ZPXLyp8O5Yed6l_Vg710tambOS4grwVq81Bl0TiJRkI5kQf3-B-pEEmPd-Bn8vvt3uFvGb_vARN-31086LeQDQDsPKqOztWN_Vy6IUfsM3D06saTRoqoL471idr-h3FwW4nQr_dAZXtTTKucvGVvX2Vf3l9K10sr0ogLqsK434vPh7IcReWoFNhA0Zy12mIPQnmaWOp2bOOOTy_vPV3DyunD_VvW0U9wpdQcd8A8KMbBnc3hG2uAiU9iakblNyjeIQVkXEMs5n27HWvUIJPcUf66RmlMSYrRw3pWg2GrNTCxD1Y0Erk_DyvTaBAuhNkjzPHgIStFncOvyUuOhFu1DvSJt50QwTYm4kmgvHw9XDSF4VeoRhwR0jjq-GEErBVIvdvPkCAwEAAaBSMFAGCSqGSIb3DQEJDjFDMEEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCAGA1UdEQQZMBeCFXVuaXZlcnNhbG1pbmluZ2NvLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAe0MLAVauhlhjIVWT9Z8grX5Vwas9o7eo1nYH03exkxMOzp4ippJ_ZDufcA-dnZWLhsaA3SiXTxepy7DrO9Ow1gUs6sKG8pGEkyr5_Ke3rb50pv1xnSfSV_Q7BNy73gnU-4fFybVltw2NEFg6hXyKbP-AS_6EUzt77JFKHgaQjjsOYsZIeaxgBmvYKZsPURmr9QZ7cT3WoHzUkkryfezDDVQJmQxP6HkDtWQI1M6R_Ijm9kVDqh82UhEhivh1uAT6KMQNvYdB7K29rhfcmal2yRkeCzQQvxclKNDSynvbQ_zOmCd8aj1ldekS9mcoZfE3KOWvPl-iDfntDsaScj2OZxCcgzmKcNBZxmgCDBAwUNwWrFrCbNk5gGfOngeg-tp64bM3RKDWGJfJR1me4aLRNiE52dYfXlVzKb3sIqkAm2CsOdiED9skS_GSnGLWlKp5vc7-NuxPB0oU65Sv9POFWCKIMpKL2DhBc0bInvoa04TgbIG3Hpyr-oWSm7ORtRBbRJB5CET4cR48LThyxy17_3qDzuWUI7ifyjJ8Dg7F9rKs-CAgSy9KnE7kYBuyMzG4NTXT6XPnJiQDSQz6Kdrv4gDmm6xI69jS_ZJ9A9I7M4KhPxJUARSy_ROGDzPAosn0WxFFFjzGYA233_-6Y5M56iGuKXN0wsp-viPG-xRY5Ds"}'
[Fri 10 Mar 2023 12:18:31 PM CST] POST
[Fri 10 Mar 2023 12:18:31 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/1001346377/169317534047'
[Fri 10 Mar 2023 12:18:31 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:32 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:32 PM CST] code='200'
[Fri 10 Mar 2023 12:18:32 PM CST] Order status is valid.
[Fri 10 Mar 2023 12:18:32 PM CST] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04cfaaa31e7aab8034ad854bad3566b21702'
[Fri 10 Mar 2023 12:18:32 PM CST] Downloading cert.
[Fri 10 Mar 2023 12:18:32 PM CST] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04cfaaa31e7aab8034ad854bad3566b21702'
[Fri 10 Mar 2023 12:18:32 PM CST] url='https://acme-v02.api.letsencrypt.org/acme/cert/04cfaaa31e7aab8034ad854bad3566b21702'
[Fri 10 Mar 2023 12:18:32 PM CST] payload
[Fri 10 Mar 2023 12:18:32 PM CST] POST
[Fri 10 Mar 2023 12:18:32 PM CST] _post_url='https://acme-v02.api.letsencrypt.org/acme/cert/04cfaaa31e7aab8034ad854bad3566b21702'
[Fri 10 Mar 2023 12:18:32 PM CST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Mar 2023 12:18:32 PM CST] _ret='0'
[Fri 10 Mar 2023 12:18:32 PM CST] code='200'
[Fri 10 Mar 2023 12:18:32 PM CST] Found cert chain
[Fri 10 Mar 2023 12:18:32 PM CST] _end_n='36'
[Fri 10 Mar 2023 12:18:32 PM CST] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04cfaaa31e7aab8034ad854bad3566b21702'
[Fri 10 Mar 2023 12:18:32 PM CST] Cert success.
[Fri 10 Mar 2023 12:18:32 PM CST] Your cert is in: /root/.acme.sh/universalminingco.com/universalminingco.com.cer
[Fri 10 Mar 2023 12:18:32 PM CST] Your cert key is in: /root/.acme.sh/universalminingco.com/universalminingco.com.key
[Fri 10 Mar 2023 12:18:32 PM CST] The intermediate CA cert is in: /root/.acme.sh/universalminingco.com/ca.cer
[Fri 10 Mar 2023 12:18:32 PM CST] And the full chain certs is there: /root/.acme.sh/universalminingco.com/fullchain.cer
[Fri 10 Mar 2023 12:18:32 PM CST] Your pre-generated next key for future cert key change is in: /root/.acme.sh/universalminingco.com/universalminingco.com.key.next
[Fri 10 Mar 2023 12:18:32 PM CST] _on_issue_success
[Fri 10 Mar 2023 12:18:32 PM CST] Lets find script dir.
[Fri 10 Mar 2023 12:18:32 PM CST] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri 10 Mar 2023 12:18:32 PM CST] _script='/root/.acme.sh/acme.sh'
[Fri 10 Mar 2023 12:18:32 PM CST] _script_home='/root/.acme.sh'
[Fri 10 Mar 2023 12:18:32 PM CST] Using default home:/root/.acme.sh
[Fri 10 Mar 2023 12:18:32 PM CST] Using config home:/root/.acme.sh
[Fri 10 Mar 2023 12:18:32 PM CST] Running cmd: installcert
[Fri 10 Mar 2023 12:18:32 PM CST] Using config home:/root/.acme.sh
[Fri 10 Mar 2023 12:18:32 PM CST] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri 10 Mar 2023 12:18:32 PM CST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 10 Mar 2023 12:18:32 PM CST] DOMAIN_PATH='/root/.acme.sh/universalminingco.com'
[Fri 10 Mar 2023 12:18:32 PM CST] Installing key to: /var/www/clients/client1/web2/ssl/universalminingco.com-le.key
[Fri 10 Mar 2023 12:18:32 PM CST] Installing full chain to: /var/www/clients/client1/web2/ssl/universalminingco.com-le.crt
[Fri 10 Mar 2023 12:18:32 PM CST] Run reload cmd: systemctl force-reload apache2.service
[Fri 10 Mar 2023 12:18:33 PM CST] Reload success

DIg seems to show that both the domain and sub are pointing correctly:

Code:

schwim@schwim-vm-bll:~$ dig @8.8.8.8 universalminingco.com

; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> @8.8.8.8 universalminingco.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62882
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;universalminingco.com.       IN   A

;; ANSWER SECTION:
universalminingco.com.   21600   IN   A   74.91.124.242

;; Query time: 176 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Mar 10 20:32:39 EST 2023
;; MSG SIZE  rcvd: 66

schwim@schwim-vm-bll:~$ dig @8.8.8.8 www.universalminingco.com

; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> @8.8.8.8 www.universalminingco.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36882
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.universalminingco.com.   IN   A

;; ANSWER SECTION:
www.universalminingco.com. 21600 IN   A   74.91.124.242

;; Query time: 55 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Mar 10 20:32:47 EST 2023
;; MSG SIZE  rcvd: 70

schwim@schwim-vm-bll:~$ 

 

From your log, I can see that the certs have been successfully obtained for the domain and then installed to /var/www/clients/client1/web2/ssl/ but not for the www. Did you choose autosubdomain to www before you disable and re-enable SSL and LE for the site and did you click save thereafter? Show us the screenshots if you are not sure.

Check if you vhost error file for that domain too, because there could be something that failed during creating its vhost file as well.

 

I think I understand what you're asking. I've tried countless combinations but I do save after each change and I wait for the pending alert at the top of the page to disappear before testing or trying anything else.

This last attempt, I:
Unchecked SSL and saved.
changed subdomain to none and saved
changed subdomain to www and saved
checked SSL and saved
checked LE SSL and saved

After this process, LE is unchecked again, domain.com has a usable cert and www.domain.com does not.




The vhost file in sites-available for the domain:

Code:

<Directory /var/www/universalminingco.com>
       AllowOverride None
               Require all denied
       </Directory>

<VirtualHost *:80>


                   DocumentRoot /var/www/clients/client1/web2/web
           
       ServerName universalminingco.com
       ServerAlias www.universalminingco.com
       ServerAdmin [email protected]


       ErrorLog /var/log/ispconfig/httpd/universalminingco.com/error.log

       Alias /error/ "/var/www/universalminingco.com/web/error/"
       ErrorDocument 400 /error/400.html
       ErrorDocument 401 /error/401.html
       ErrorDocument 403 /error/403.html
       ErrorDocument 404 /error/404.html
       ErrorDocument 405 /error/405.html
       ErrorDocument 500 /error/500.html
       ErrorDocument 502 /error/502.html
       ErrorDocument 503 /error/503.html


       <Directory /var/www/universalminingco.com/web>
               # Clear PHP settings of this website
               <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                       SetHandler None
               </FilesMatch>
               Options +SymlinksIfOwnerMatch
               AllowOverride All
                               Require all granted
                       </Directory>
       <Directory /var/www/clients/client1/web2/web>
               # Clear PHP settings of this website
               <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                       SetHandler None
               </FilesMatch>
               Options +SymlinksIfOwnerMatch
               AllowOverride All
                               Require all granted
                       </Directory>




       # suexec enabled
       <IfModule mod_suexec.c>
           SuexecUserGroup web2 client1
       </IfModule>
       <IfModule mod_fastcgi.c>
               <Directory /var/www/clients/client1/web2/cgi-bin>
                                       Require all granted
                                   </Directory>
               <Directory /var/www/universalminingco.com/web>
                   <FilesMatch "\.php[345]?$">
                       <If "-f '%{REQUEST_FILENAME}'">
                           SetHandler php-fcgi
                       </If>
                   </FilesMatch>
               </Directory>
               <Directory /var/www/clients/client1/web2/web>
                   <FilesMatch "\.php[345]?$">
                       <If "-f '%{REQUEST_FILENAME}'">
                           SetHandler php-fcgi
                       </If>
                   </FilesMatch>
               </Directory>
                Action php-fcgi /php-fcgi virtual
               Alias /php-fcgi /var/www/clients/client1/web2/cgi-bin/php-fcgi-*-80-universalminingco.com
                FastCgiExternalServer /var/www/clients/client1/web2/cgi-bin/php-fcgi-*-80-universalminingco.com -idle-timeout 300 -socket /var/lib/php7.4-fpm/web2.sock -pass-header Authorization  -pass-header Content-Type
       </IfModule>
       <IfModule mod_proxy_fcgi.c>
           #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.4-fpm/web2.sock|fcgi://localhost//var/www/clients/client1/web2/web/$1
           <Directory /var/www/universalminingco.com/web>
               <FilesMatch "\.php[345]?$">
                   <If "-f '%{REQUEST_FILENAME}'">
                       SetHandler "proxy:unix:/var/lib/php7.4-fpm/web2.sock|fcgi://localhost"
                   </If>
               </FilesMatch>
           </Directory>
           <Directory /var/www/clients/client1/web2/web>
               <FilesMatch "\.php[345]?$">
                   <If "-f '%{REQUEST_FILENAME}'">
                       SetHandler "proxy:unix:/var/lib/php7.4-fpm/web2.sock|fcgi://localhost"
                   </If>
               </FilesMatch>
           </Directory>
           </IfModule>



       # add support for apache mpm_itk
       <IfModule mpm_itk_module>
           AssignUserId web2 client1
       </IfModule>

       <IfModule mod_dav_fs.c>
       # Do not execute PHP files in webdav directory
           <Directory /var/www/clients/client1/web2/webdav>
               <ifModule mod_security2.c>
                   SecRuleRemoveById 960015
                   SecRuleRemoveById 960032
               </ifModule>
               <FilesMatch "\.ph(p3?|tml)$">
                   SetHandler None
               </FilesMatch>
           </Directory>
           DavLockDB /var/www/clients/client1/web2/tmp/DavLock
           # DO NOT REMOVE THE COMMENTS!
           # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
           # WEBDAV END
       </IfModule>

           
   

</VirtualHost>


<VirtualHost *:443>


                   DocumentRoot /var/www/clients/client1/web2/web
           
       ServerName universalminingco.com
       ServerAlias www.universalminingco.com
       ServerAdmin [email protected]

       <IfModule mod_http2.c>
           Protocols h2 http/1.1
       </IfModule>

       <IfModule mod_brotli.c>
           AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/xml application/xml+rss application/atom+xml application/json application/x-font-ttf application/vnd.ms-fontobject image/x-icon
       </IfModule>

       ErrorLog /var/log/ispconfig/httpd/universalminingco.com/error.log

       Alias /error/ "/var/www/universalminingco.com/web/error/"
       ErrorDocument 400 /error/400.html
       ErrorDocument 401 /error/401.html
       ErrorDocument 403 /error/403.html
       ErrorDocument 404 /error/404.html
       ErrorDocument 405 /error/405.html
       ErrorDocument 500 /error/500.html
       ErrorDocument 502 /error/502.html
       ErrorDocument 503 /error/503.html

  <IfModule mod_ssl.c>
       SSLEngine on
       SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
       # SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
       SSLHonorCipherOrder     on
       # <IfModule mod_headers.c>
       # Header always add Strict-Transport-Security "max-age=15768000"
       # </IfModule>
       SSLCertificateFile /var/www/clients/client1/web2/ssl/universalminingco.com-le.crt
       SSLCertificateKeyFile /var/www/clients/client1/web2/ssl/universalminingco.com-le.key
                 SSLUseStapling on
         SSLStaplingResponderTimeout 5
         SSLStaplingReturnResponderErrors off
             </IfModule>

       <Directory /var/www/universalminingco.com/web>
               # Clear PHP settings of this website
               <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                       SetHandler None
               </FilesMatch>
               Options +SymlinksIfOwnerMatch
               AllowOverride All
                               Require all granted
                       </Directory>
       <Directory /var/www/clients/client1/web2/web>
               # Clear PHP settings of this website
               <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                       SetHandler None
               </FilesMatch>
               Options +SymlinksIfOwnerMatch
               AllowOverride All
                               Require all granted
                       </Directory>




       # suexec enabled
       <IfModule mod_suexec.c>
           SuexecUserGroup web2 client1
       </IfModule>
       <IfModule mod_fastcgi.c>
               <Directory /var/www/clients/client1/web2/cgi-bin>
                                       Require all granted
                                   </Directory>
               <Directory /var/www/universalminingco.com/web>
                   <FilesMatch "\.php[345]?$">
                       <If "-f '%{REQUEST_FILENAME}'">
                           SetHandler php-fcgi
                       </If>
                   </FilesMatch>
               </Directory>
               <Directory /var/www/clients/client1/web2/web>
                   <FilesMatch "\.php[345]?$">
                       <If "-f '%{REQUEST_FILENAME}'">
                           SetHandler php-fcgi
                       </If>
                   </FilesMatch>
               </Directory>
                Action php-fcgi /php-fcgi virtual
               Alias /php-fcgi /var/www/clients/client1/web2/cgi-bin/php-fcgi-*-443-universalminingco.com
                FastCgiExternalServer /var/www/clients/client1/web2/cgi-bin/php-fcgi-*-443-universalminingco.com -idle-timeout 300 -socket /var/lib/php7.4-fpm/web2.sock -pass-header Authorization  -pass-header Content-Type
       </IfModule>
       <IfModule mod_proxy_fcgi.c>
           #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.4-fpm/web2.sock|fcgi://localhost//var/www/clients/client1/web2/web/$1
           <Directory /var/www/universalminingco.com/web>
               <FilesMatch "\.php[345]?$">
                   <If "-f '%{REQUEST_FILENAME}'">
                       SetHandler "proxy:unix:/var/lib/php7.4-fpm/web2.sock|fcgi://localhost"
                   </If>
               </FilesMatch>
           </Directory>
           <Directory /var/www/clients/client1/web2/web>
               <FilesMatch "\.php[345]?$">
                   <If "-f '%{REQUEST_FILENAME}'">
                       SetHandler "proxy:unix:/var/lib/php7.4-fpm/web2.sock|fcgi://localhost"
                   </If>
               </FilesMatch>
           </Directory>
           </IfModule>



       # add support for apache mpm_itk
       <IfModule mpm_itk_module>
           AssignUserId web2 client1
       </IfModule>

       <IfModule mod_dav_fs.c>
       # Do not execute PHP files in webdav directory
           <Directory /var/www/clients/client1/web2/webdav>
               <ifModule mod_security2.c>
                   SecRuleRemoveById 960015
                   SecRuleRemoveById 960032
               </ifModule>
               <FilesMatch "\.ph(p3?|tml)$">
                   SetHandler None
               </FilesMatch>
           </Directory>
           DavLockDB /var/www/clients/client1/web2/tmp/DavLock
           # DO NOT REMOVE THE COMMENTS!
           # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
           # WEBDAV END
       </IfModule>

   


</VirtualHost>

<IfModule mod_ssl.c>
        SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>

 

Setting it to debug, disabling cron and running the script in the terminal resulted in this:

Code:

crontab: installing new crontab
root@system:~# /usr/local/ispconfig/server/server.sh
11.03.2023-07:29 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
11.03.2023-07:29 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
root@system:~#

 

Oh man, I'm sorry. I should have realized that was required. Here's the output:

Code:

crontab: installing new crontab
root@system:~# /usr/local/ispconfig/server/server.sh
11.03.2023-08:25 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
11.03.2023-08:25 - DEBUG [server:177] - Found 1 changes, starting update process.
11.03.2023-08:25 - DEBUG [plugins.inc:118] - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
11.03.2023-08:25 - DEBUG [plugins.inc:118] - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: chattr -i '/var/www/clients/client1/web2' - return code: 0
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: df -T '/var/www/clients/client1/web2'|awk 'END{print $2,$NF}' - return code: 0
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
11.03.2023-08:25 - WARNING - Could not verify domain universalminingco.com, so excluding it from letsencrypt request.
11.03.2023-08:25 - WARNING - Could not verify domain www.universalminingco.com, so excluding it from letsencrypt request.
11.03.2023-08:25 - WARNING - Let's Encrypt SSL Cert for: universalminingco.com could not be issued.
11.03.2023-08:25 - WARNING -
11.03.2023-08:25 - DEBUG [db mysql.inc:523] - NON-String given in escape function! (boolean)
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
11.03.2023-08:25 - DEBUG [apache2 plugin.inc:1828] - Enable SSL for: universalminingco.com
11.03.2023-08:25 - DEBUG [apache2 plugin.inc:1874] - Writing the vhost file: /etc/apache2/sites-available/universalminingco.com.vhost
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
11.03.2023-08:25 - DEBUG [apache2 plugin.inc:3445] - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web2.conf
11.03.2023-08:25 - DEBUG [services.inc:56] - Calling function 'restartPHP_FPM' from module 'web_module'.
11.03.2023-08:25 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'php7.4-fpm' 2>&1 - return code: 0
11.03.2023-08:25 - DEBUG [web module.inc:316] - Restarting php-fpm: systemctl reload php7.4-fpm.service
11.03.2023-08:25 - DEBUG [apache2 plugin.inc:1992] - Apache status is: running
11.03.2023-08:25 - DEBUG [services.inc:56] - Calling function 'restartHttpd' from module 'web_module'.
11.03.2023-08:25 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service
11.03.2023-08:25 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0
11.03.2023-08:25 - DEBUG [web module.inc:246] - Restarting httpd: systemctl restart apache2.service
11.03.2023-08:25 - DEBUG [apache2 plugin.inc:1995] - Apache restart return value is: 0
11.03.2023-08:25 - DEBUG [apache2 plugin.inc:2006] - Apache online status after restart is: running
11.03.2023-08:25 - DEBUG [modules.inc:240] - Processed datalog_id 54
11.03.2023-08:25 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
root@system:~#

 

This worked, thank you very much for that. I have two questions.

1) What would be my next step if I wanted to trace down why the server can't reach that subdomain? It's reachable via dig and browser and sites that I didn't mess up by deselecting auto-www don't have the problem, just this one domain where I set that option later.

2) Is there a negative repercussion to leaving the "Skip Lets Encrypt Check" box checked?

Thank you very much for all your help, I really appreciate it.

 

Like Till wrote in #13, check what devices, like a router or similar network device in front of the system, that is between the system and Internet.

 

Thank you both for your continued help, I really appreciate it.

To better explain my situation, I now have 5 domains on this server. 4, I left auto-www checked during creation and this problematic domain, I left it unchecked during creation but went back and checked it after it was created. The four other domains have no issue with LE covering www in the cert, just this one. Dig and browser resolve www correctly to this domain. vhost looks ok. All are being routed via A records from the same registrar.

In the scenario above, what's the likelihood that a router or firewall could be at fault for this? Is it more likely that I messed something up by adding auto-www after the site had been created?

I'm not trying to beat a dead horse, I just want to make sure I don't mess something like this up again if I can help it.

 

How about a robots.txt that disallows all from /? Would that cause www.domain.com to fail but not domain.com?