[SOLVED] ISPConfig 3.1.7p1 - Lets Encrypt - SSL_ERROR_RX_RECORD_TOO_LONG

Discussion in 'Installation/Configuration' started by rgbfreak, Oct 23, 2017.

  1. rgbfreak

    rgbfreak New Member

    Hi, I am nearly desperate.
    until yesterday, my server works fine. Since this day, I get this error, then i visit a webpage with a Lets Encrypt Certificate:
    SSL_ERROR_RX_RECORD_TOO_LONG
    I checked the logs. Nothing.
    I did the LE Error FAQ https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ - doesn't helped.
    I uninstall a LE certificate manually with /opt/certbot/certbot-auto delete and reinstall the LE certificate with ISPconfig with no major errors. Also the Ceckbox with LE certificate is checked.
    I uninstalled it again manually and installed it manually. This was the console output:
    Code:
    root@server1 /opt/certbot # /root/.local/share/letsencrypt/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@kursiv.rgb24.de  --domains kursiv.rgb24.de --webroot-path /usr/local/ispconfig/interface/acme
You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for kursiv.rgb24.de
Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/kursiv.rgb24.de/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/kursiv.rgb24.de/privkey.pem
   Your cert will expire on 2018-01-21. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
    Looks good so far.
    The Server OS is Debian Jessie
     
    rgbfreak, Oct 23, 2017
    #1
  2. rgbfreak

    rgbfreak New Member

    the HTF Report is attached.
     

    Attached Files:

    rgbfreak, Oct 23, 2017
    #2
  3. rgbfreak

    rgbfreak New Member

    I found the solution.
    I replaced the file /etc/apache2/sites-available/000-default-le-ssl.conf by an empty file.
    Now it works again.
     
    rgbfreak, Oct 24, 2017
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if you have run LE on the shell manually and created an SSL cert with it, this created the file /etc/apache2/sites-available/000-default-le-ssl.conf which caused this error. For that reason, we describe in the perfect server guides to not create SSL certs on the Shell with LE as this will break apache and therefore break ISPConfig.
     
    till, Oct 24, 2017
    #4
    rgbfreak likes this.
  5. rgbfreak

    rgbfreak New Member

    I actually run the certbot-auto in the shell.
    Because I just wanted to update the script itself because I got warnings that the certbot-auto script is outdated.
    But I alway cancel the certification. I used the certbot only for deleting certificates that I don't need anymore.
     
    rgbfreak, Oct 27, 2017
    #5

Share This Page