I'm running ISPConfig 3.1 latest for my own domains. Having a multi server setup: 1 'Main' server with all services 1 Second server wich is a mirror of the 1st 1 Second DNS server with dns only All seems to be working fine, thanks for the great tutorials! I've got about 4 domains on ISPconfig. For 3 domains, lets encrypt works fine. For the main domain, i cant get the certificate verified. It sees the website, no owner information is supplied but verification is niet specified. https://www.tsictdiensten.nl Code: 2017-01-20 07:45:10,580:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/tsictdiensten.nl/fullchain.pem. Your cert will expire on 2017-04-20. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew"
That's the thing. There are not errors in /var/log/letsencrypt/letsencrypt.log Code: HTTP 200 Server: nginx Content-Type: application/pkix-cert Content-Length: 1174 Boulder-Request-Id: xxxxxxxxxxxxxxxxxxxxxxxx Replay-Nonce: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Fri, 20 Jan 2017 07:45:09 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 20 Jan 2017 07:45:09 GMT Connection: keep-alive -snip- 2017-01-20 07:45:09,048:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/tsictdiensten.nl and live directory /etc/letsencrypt/live/tsictdiensten.nl created. 2017-01-20 07:45:09,049:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/tsictdiensten.nl/cert.pem. 2017-01-20 07:45:09,049:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/tsictdiensten.nl/privkey.pem. 2017-01-20 07:45:09,049:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/tsictdiensten.nl/chain.pem. 2017-01-20 07:45:09,050:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/tsictdiensten.nl/fullchain.pem. 2017-01-20 07:45:09,050:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/tsictdiensten.nl/README. 2017-01-20 07:45:10,577:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/tsictdiensten.nl.conf. 2017-01-20 07:45:10,580:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/tsictdiensten.nl/fullchain.pem. Your cert will expire on 2017-04-20. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" 2017-01-20 07:45:10,580:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le -edit- Can i turn of let's encrypt for the websites, remote the files created in /etc/letsencrypt, then turn it back on the websites? Will that give me a fresh start?
The log looks fine indeed. you can try to disable LE for this one website, then wait a minute and then enable it again and see if the checkbox stays enabled after a minute.
Hm, ended up disabling ssl + LE, deleting the files inside the /etc/letsencrypt/archive,live,renew etc folders. Then f*cked up my webserver, because somehow it hadnt synced the disable ssl yet. Manualy edited out the SSL settings from the .vhost files. Then rebooted. Deleted all websites and recreated them (wasnt hosting any actual websites yet, except from my main site, restored backup from that site). Now all SSL seems to be fine.
Not getting anywhere yet Also, seeing debugging error in the log about an outdate version. The /opt/certbot/certbot-auto.sh is different version then /root/.local/share/letsencrypt/bin/letsencrypt file? If i turn of the SSL+LE, wait 1 min then turn it back on, the LE log shows: 2017-01-23 07:47:03,493:INFO:certbot.renewal:Cert not yet due for renewal 2017-01-23 07:47:03,493:INFO:certbot.main:Keeping the existing certificate But i need it to make a new cert, so that validations is started again. Should i revoke this cert somehow? -edit- Too many certificates already issued for exact set of domains: Have to wait for a week..
you need to force renewal. Not too many certs issued but the issued certs are too far from expiration.
Yeah but how to force it? -edit- I guess i should have mentioned that i removed the domain in /etc/letsencrypt/*/domain/
So, i could request a new certificate today. Somehow, DNS-> NS01 and TLS-01 keep pending? It does write the certificates eventually. Code: Connection: keep-alive { "identifier": { "type": "dns", "value": "tsictdiensten.nl" }, "status": "valid", "expires": "2017-03-20T08:00:06Z", "challenges": [ { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxx", "token": "xxx" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxxx", "token": "xxxx" }, { "type": "http-01", "status": "valid", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xxxxxxx, "token": "xxxxx", "keyAuthorization": "6xxxxxx", "validationRecord": [ { "url": "http://tsictdiensten.nl/.well-known/acme-challenge/xxxxxx", "hostname": "tsictdiensten.nl", "port": "80", "addressesResolved": [ "92.222.70.196" ], "addressUsed": "92.222.70.196" } -btw- Does LetsEncrypt or ISPConfig install somethign from puppetlabs?
@till any ideas? -edit- what the f? Whenever i move index.php to index.php_old and visit my website, i get the 404. But when i go to the https at that point, certificate works... -edit2- Probably something in the sourcecode pointing to http instead of https. None lets-encrypt error.
@till or @sjau solved! Had some http references to images on the interwebs =O (default template.. lal) Fixed now! https working as intended Thnx for the support.