[SOLVED]Let's encrypt not working no SSL cert created

Hello.

I've had an issue with an existing server, so I did install a full new server following the ubuntu 16.04 ispconfig 3.1 tutorial, like I usually did before to make sure verything would work nice.

I've met the finish line and everything seems to be looking good except that I cannot seem to use Lets Encrypt, I've followed the installation instruction, downloaded cerbot-auto and chose not to create anycertificate at the end.

When I do check the Let's Encrypt checkbox on any of my sites, it will not remain selected an not certificates are generated, the /etc/letsencrypt folder remains empty except for a file options-ssl-apache.conf

So I searched and did activate debug log which provides the following :

Code:

Thu Jan 19 20:47:01 CET 2017
Thu Jan 19 20:47:01 CET 2017
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Found 1 changes, starting update process.
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - WARNING - Action aborted, file is a symlink: //var/zzz/clients/client1/web6/web/error
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - WARNING - Action aborted, file is a symlink: //var/zzz/clients/client1/web6/web/error
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Create Let's Encrypt SSL Cert for: jdav-dev.org
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Let's Encrypt SSL Cert domains: jdav-dev.org --domains zzz.jdav-dev.org
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - WARNING - Let's Encrypt SSL Cert for: jdav-dev.org could not be issued.
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/jdav-dev.org.vhost
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - WARNING - Action aborted, file is a symlink: /var/zzz/clients/client1/web6/web/stats/.htaccess
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - WARNING - Action aborted, file is a symlink: /var/zzz/clients/client1/web6/web/stats/.htaccess
Thu Jan 19 20:47:01 CET 2017 19.01.2017-20:47 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web6.conf
Thu Jan 19 20:47:02 CET 2017 19.01.2017-20:47 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
Thu Jan 19 20:47:02 CET 2017 19.01.2017-20:47 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service
Thu Jan 19 20:47:02 CET 2017 19.01.2017-20:47 - DEBUG - Apache status is: running
Thu Jan 19 20:47:02 CET 2017 19.01.2017-20:47 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
Thu Jan 19 20:47:05 CET 2017 19.01.2017-20:47 - DEBUG - Restarting httpd: systemctl restart apache2.service
Thu Jan 19 20:47:05 CET 2017 19.01.2017-20:47 - DEBUG - Apache restart return value is: 0
Thu Jan 19 20:47:07 CET 2017 19.01.2017-20:47 - DEBUG - Apache online status after restart is: running
Thu Jan 19 20:47:07 CET 2017 19.01.2017-20:47 - DEBUG - Processed datalog_id 39
Thu Jan 19 20:47:07 CET 2017 19.01.2017-20:47 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
Thu Jan 19 20:47:07 CET 2017 finished.

As you can see the Let's encrypt tells it could not generate a certificate.

If I run the command manually it does seem to work as it generates a key but then it is not managed by Ispconfig then (running ./certbot-auto --domains zzz.jdav-dev.org)

Do you have any idea of what I'm missing ?

PS: the zzz are three w otherwise I could not send the thread

 

I can't find a A or CNAME record for zzz.jdav-dev.org.

 

Hello
Replace the z by w as explained in the PS.
It should be okay.
I had to change because otherwise the boardthinks I'm adding links which I am not allowed to because of the rules.
I had no issues before and do not changed the DNS except for the IP so it is not the problem.

 

He doesnt have /var/zzz
He uses /var/www but he cannot use the www because the forum think's he's posting a link but he's not allowed to
using DIG on the domain shows a record for both the jdav-dev.org domain and the auto www domain.

Code:

tijmen@LT53039:~$ dig www.jdav-dev.org

; <<>> DiG 9.9.5-3ubuntu0.11-Ubuntu <<>> www.jdav-dev.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23782
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.jdav-dev.org.  IN  A

;; ANSWER SECTION:
www.jdav-dev.org.  28800  IN  A  62.210.251.245

;; Query time: 45 msec
;; SERVER: 89.101.251.228#53(89.101.251.228)
;; WHEN: Fri Jan 20 09:19:29 STD 2017
;; MSG SIZE  rcvd: 50

tijmen@LT53039:~$ dig +nocmd jdav-dev.org any +multiline +noall +answer
jdav-dev.org.  28800 IN NS nsa.bookmyname.com.
jdav-dev.org.  28800 IN NS nsc.bookmyname.com.
jdav-dev.org.  28800 IN A 62.210.251.245
jdav-dev.org.  28800 IN NS nsb.bookmyname.com.
jdav-dev.org.  28800 IN MX 10 mail.jdav-dev.org.
jdav-dev.org.  28800 IN SOA nsa.bookmyname.com. hostmaster.bookmyname.com. (
  1484843809 ; serial
  43200  ; refresh (12 hours)
  3600  ; retry (1 hour)
  604800  ; expire (1 week)
  3600  ; minimum (1 hour)
  )

@wedge Check the /var/log/letsencrypt/letsencrypt.log

 

Hello.
I do not know about the symlinks except that I did nothing at all, to change the structure of folder or anything. The actual warning talks about for error a folder that does not exist I had removed it because I'm not needing those default page. I restored them and it is the same. I believe now I can post www so here is the log from my last attempt.

Code:

20.01.2017-09:16 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
20.01.2017-09:16 - DEBUG - Found 1 changes, starting update process.
20.01.2017-09:16 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
20.01.2017-09:16 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
20.01.2017-09:16 - DEBUG - Create Let's Encrypt SSL Cert for: jdav-dev.org
20.01.2017-09:16 - DEBUG - Let's Encrypt SSL Cert domains: jdav-dev.org --domains www.jdav-dev.org
20.01.2017-09:16 - WARNING - Let's Encrypt SSL Cert for: jdav-dev.org could not be issued.
20.01.2017-09:16 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/jdav-dev.org.vhost
20.01.2017-09:16 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web6.conf
20.01.2017-09:16 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
20.01.2017-09:16 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service
20.01.2017-09:16 - DEBUG - Apache status is: running
20.01.2017-09:16 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
20.01.2017-09:16 - DEBUG - Restarting httpd: systemctl restart apache2.service
20.01.2017-09:16 - DEBUG - Apache restart return value is: 0
20.01.2017-09:16 - DEBUG - Apache online status after restart is: running
20.01.2017-09:16 - DEBUG - Processed datalog_id 41
20.01.2017-09:16 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

I tried to search a bit more looking at the code, from what I understand the ispconfig is doing a which command to find certbot or letsencrypt executable. But that command returns nothing even if I do a which certbot-auto

I follow these instructions to install letsencrypt :

Code:

mkdir /opt/certbot
cd /opt/certbot
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto

But when I checked the letsencrypt certbot page they are talking about doing this to install it

Code:

sudo apt-get install python-letsencrypt-apache

Should I do what certbot site is telling ?

 

It has to install that python module yets.
Also, check the /var/log/letsencrypt/letsencrypt.log

 

Well I did install with the apt-*get and it works just fine now.
So I believe the certbot-auto installation change also because from what I remember previously it would create lots of file, but running only ./certbot-auto did not work here is the log I had before after running the command manually. When letsencrypt was trying to create SSL from the above log it would not generate any letsencrypt.log file.

Code:

root@sd-74694:/opt/certbot# ./certbot-auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: atlanteans.net
2: www.atlanteans.net
3: aurelien-li.net
4: www.aurelien-li.net
5: courirahanches.fr
6: www.courirahanches.fr
7: jdav-dev.org
8: www.jdav-dev.org
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):c
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.
root@sd-74694:/opt/certbot# cat /var/log/letsencrypt/letsencrypt.log
2017-01-20 08:47:01,746:DEBUG:certbot.main:Root logging level set at 20
2017-01-20 08:47:01,747:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-01-20 08:47:01,747:DEBUG:certbot.main:certbot version: 0.10.1
2017-01-20 08:47:01,747:DEBUG:certbot.main:Arguments: []
2017-01-20 08:47:01,747:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2017-01-20 08:47:01,748:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-01-20 08:47:02,270:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x7f6c00d8d7d0>
Prep: True
2017-01-20 08:47:02,271:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x7f6c00d8d7d0> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x7f6c00d8d7d0>
2017-01-20 08:47:13,845:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/home/wedge/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/wedge/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 849, in main
    return config.func(config, plugins)
  File "/home/wedge/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 570, in run
    domains, certname = _find_domains_or_certname(config, installer)
  File "/home/wedge/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 302, in _find_domains_or_certname
    raise errors.Error("Please specify --domains, or --installer that "
Error: Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.

As the apearance is also different from the tutorial, I'm wondering if it's not because of a version change of certbot-auto, from what I can see I was on a 0.8 version on my previous server, while on this new server it is version 0.10.

Well I think I can mark the thread as solved anyway as using the apt-get did properly install everything. And thanks for your help

 

Same problem here. Installation by apt-get solved it. Thank you