I need a new ISPConfig server. This is at least my 5th installation attempt with the exact same problem. I followed this tutorial : https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/ I only skipped - 9.1 Install Metronome XMPP Server (optional) - 10.2 Install SuPHP (optional, but not recommended) I have a A DNS entry : web.mydomain.fr. 0 A 92.222.69.241 And a CNAME entry : wiki.mydomain.fr. 0 CNAME web.mydomain. (OVH DNS PANEL) I access to ISPConfig GUI on https://web.mydomain.fr:8080 I only created a new site : wiki.mydomain.fr Without let's encrypt SSL it's fine, I have access to the wiki.mydomain.fr default site, but when I enable the let's encrypt SSL then I get a autoredirect to https (even if I try to got to http) and a "Connexion secure failed" with SSL_ERROR_RX_RECORD_TOO_LONG error message. My last 4th installations had the same problem, and I can't figure out why... I would really appreciate some help... This is my firewall script : Code: #!/bin/sh # Clean iptables -t filter -F iptables -t filter -X # Drop all iptables -t filter -P INPUT DROP iptables -t filter -P FORWARD DROP iptables -t filter -P OUTPUT DROP # Do not close established connexions iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # loopback iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT #### SECURITY ## # Flood / DDOS iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT # Port scans iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT #### RULES #### # ICMP iptables -t filter -A INPUT -p icmp -j ACCEPT iptables -t filter -A OUTPUT -p icmp -j ACCEPT # SSH iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT # DNS iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT # HTTP, HTTPS iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 8080 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT # Mail SMTP iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT # NTP iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT # FTP iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 21 -j ACCEPT iptables --append INPUT --protocol tcp --dport 11000:11100 --jump ACCEPT The ISPConfig diagnostic script : Code: ##### ISPCONFIG ##### ISPConfig version is 3.1.5 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.6.30-0+deb8u1 [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.30-0+deb8u1 ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 986) [INFO] I found the following mail server(s): Postfix (PID 1476) [INFO] I found the following pop3 server(s): Dovecot (PID 662) [INFO] I found the following imap server(s): Unknown process (init) (PID 1) [INFO] I found the following ftp server(s): PureFTP (PID 1381) ##### LISTENING PORTS ##### (seulement () Adresse (distante) [anywhere]:465 (1476/master) [anywhere]:27665 (1383/portsentry) [anywhere]:1524 (1383/portsentry) [anywhere]:21 (1381/pure-ftpd) ***.***.***.***:53 (620/named) [localhost]:53 (620/named) [anywhere]:22 (617/sshd) [anywhere]:119 (1383/portsentry) [anywhere]:1080 (1383/portsentry) [anywhere]:25 (1476/master) [anywhere]:12345 (1383/portsentry) [localhost]:953 (620/named) [anywhere]:12346 (1383/portsentry) [anywhere]:635 (1383/portsentry) [anywhere]:49724 (1383/portsentry) [anywhere]:540 (1383/portsentry) [anywhere]:1 (1383/portsentry) [anywhere]:993 (1/init) [anywhere]:20034 (1383/portsentry) [anywhere]:32771 (1383/portsentry) [anywhere]:995 (662/dovecot) [anywhere]:32772 (1383/portsentry) [anywhere]:40421 (1383/portsentry) [anywhere]:32773 (1383/portsentry) [anywhere]:32774 (1383/portsentry) [localhost]:10023 (751/postgrey.pid) [localhost]:10024 (1256/amavisd-new) [anywhere]:41256 (579/rpc.statd) [localhost]:10025 (1476/master) [anywhere]:31337 (1383/portsentry) [localhost]:10026 (1256/amavisd-new) [localhost]:3306 (979/mysqld) [localhost]:10027 (1476/master) [anywhere]:587 (1476/master) [anywhere]:6667 (1383/portsentry) [anywhere]:11 (1383/portsentry) [localhost]:11211 (613/memcached) [anywhere]:5742 (1383/portsentry) [anywhere]:110 (662/dovecot) [anywhere]:79 (1383/portsentry) [anywhere]:15 (1383/portsentry) [anywhere]:143 (1/init) [anywhere]:111 (566/rpcbind) [anywhere]:54320 (1383/portsentry) [anywhere]:2000 (1383/portsentry) [anywhere]:10000 (999/perl) *:*:*:*::*:465 (1476/master) *:*:*:*::*:8081 (986/apache2) *:*:*:*::*:21 (1381/pure-ftpd) *:*:*:*::*:53 (620/named) *:*:*:*::*:22 (617/sshd) *:*:*:*::*:25 (1476/master) *:*:*:*::*:953 (620/named) *:*:*:*::*:443 (986/apache2) *:*:*:*::*:993 (1/init) *:*:*:*::*:995 (662/dovecot) *:*:*:*::*:54787 (579/rpc.statd) *:*:*:*::*:10023 (751/postgrey.pid) *:*:*:*::*:10024 (1256/amavisd-new) *:*:*:*::*:10026 (1256/amavisd-new) *:*:*:*::*:587 (1476/master) [localhost]10 (662/dovecot) [localhost]43 (1/init) [localhost]11 (566/rpcbind) [localhost]0000 (999/perl) *:*:*:*::*:8080 (986/apache2) *:*:*:*::*:80 (986/apache2) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpts:11000:11100 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 ACCEPT udp -- [anywhere]/0 [anywhere]/0 limit: avg 1/sec burst 5 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 limit: avg 1/sec burst 5 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:123 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21
The error means that this website has no SSL. Check in ispconfig if the ssl and letsencrypt checkboxes of this site are active, if not, activate them again, then wait a minute and check if the site works now.
I got some updates. I checked the let's encrypt ssl on a website and it worked, green locker. A bit later, I tried it again on 2 other sites, and I have the "This connexion is not secured", as the ssl certificate was not verified. Do I have to wait some time before the ssl cert is verified ?
It might be that you have to activate that option a second time after about a minute, there is an issue in 3.1.5 which has been resolved already that causes this. As alternative, you can run: ispconfig_update.sh on the shell as root and select 'git-stable' as version to get this bugfix upfront of the 3.1.6 release.
