I am trying to install SSL certificate on a website by checking "SSL" and "Let's Encryupt SSL" under the Domain tab. Please note I have more than 100 websites on the same server. After a short periode of time, the cheboxes are unchecked, and SSL is not installed. I have read Let's "Encrypt Error FAQ" at https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ to no help. All other websites gets their certificates updated without any error message in /var/log/letsencrypt/letsencrypt.log, but this specific websites does get an error. I have attached the end of the error log to this post. I have verified that the HTTP-01 challenges are added to /usr/local/ispconfig/interface/acme/.well-known-acme-challenge: I have verified from the Apache access log on the website that the challenges are read (provided an example that shows HTTP 200 status below) One thing I react to is that the challanges have owner root:root. Can this be thereason the Let's Encrypt server only sees a "404 Not found" message? I have attached the end of the letsencrypt.log file (IP and domain name is replaced with something else) showing the error messages. Versions: ISPConfig 3.2.5 (upgraded from 3.1.x that had the same problem, was hoping an upgrade would fix it)
That's fine, the files are world-readable, so the web server can access them. Ok, so you have a 200 code in the log, but a 404 code and page is returned when the challenge file is accessed? In this case, you might want to check the .htaccess file of the website, maybe it overrides the challenge and redirects it to a cms that's installed in that website.
Thanks for your answer! There is no .htaccess file installed, I made sure of that when debugging this error.
Maybe any settings in the apache directives field of the website or a custom config selected in the website settings?
Do all of the websites have LE certificate? Did any error message indicate hitting limits on number of certificates or domain names?
Please follow the steps under "What if the above steps don't help?" from https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and share the output.
Thank you all for responses to my problem. The problem has just been solved! The customer had added an AAAA record (IP6) in DNS for the domain, and Let's Encrypt seems to select IP6 before IP4. So most likely the firewall answered with a HTML 404 Not Found error. We deleted the AAAA record, and everything worked well. Actually, I should have noticed the error in the /var/log/letsencrypt/letsencrypt.log file where I failed to notice the IP6 in bold: certbot.errors.FailedChallenges: Failed authorization procedure. example.com (http-01): urn:ietfarams:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http ://example.com/.well-known/acme-challenge/z_63OIcAPB6ZwxOsWzrZylwE1u_AGbrL445CgCnKK8Y [2001:4da8:c:1b::]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" I hope this helps others sorting out the same mistake as we had.