When I enable the Lets Encrypt box of my domain, kalfaoglu.com, it gets disabled again next time I visit it. I enabled debugs, but I don't understand why it's not working. I had an extra conf file that I accidentally had created when I used "certbot" manually, but I deleted that. So, letsencrypt should work now but it doesn't for some reason. I'll try to attach the letsencrypt's log file.. Many thanks for any tips.. PS: The DNS servers for my domain are on the same machine -- the same ispconfig server. So, there shouldn't be a "cannot resolve" issue there.
is that vhost proxying to somewhere else? possibly there's no exception for the certificate validation paths.. Code: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: kalfaoglu.com Type: unauthorized Detail: 178.63.47.182: Invalid response from http://kalfaoglu.com/.well-known/acme-challenge/Cts-TEHLVvughS2TLkW0b9CPua0UMwxJpqipYHpTUqQ: 404 Domain: www.kalfaoglu.com Type: unauthorized Detail: 178.63.47.182: Invalid response from http://www.kalfaoglu.com/.well-known/acme-challenge/VMrtMP7U4cCiSl-W8C8WF9d8vjtWWNlKYudouw8ZOAc: 404 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
No, it's a very simple setup - just apache, no nginx even.. That's why I'm puzzled. Maybe the config has something weird. I'll check!
Please post the debug output that you get when you enable the let's Encrypt checkbox and then run server.sh script.
Yes, that's fine. So ISPConfig is calling certbot correctly but Let's Encrypt is not able to reach your domains by accessing the token certbot created. I've explained in this post how you can manually test what certbot and LE are doing for authentication: https://forum.howtoforge.com/thread...-including-them-in-the-san.93589/#post-463196 Possible reasons for the issue are that the domains are not pointing to this server or that you somehow manually rewrote requests to the /.well-known/acme-challenge/ so they end up in a wrong place,
Or maybe you removed the ISPConfig acme configuration while cleaning up the manual certbot changes? Code: root@server1:~# ls -la /etc/apache2/sites-enabled/999-acme.conf lrwxrwxrwx 1 root root 38 Sep 22 08:16 /etc/apache2/sites-enabled/999-acme.conf -> /etc/apache2/sites-available/acme.conf root@server1:~# cat /etc/apache2/sites-enabled/999-acme.conf Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted <IfModule mpm_itk_module> AssignUserId ispconfig ispconfig </IfModule> </Directory>
Many thanks, I think its the acme.conf.. I have this: Code: [root@latte sites-available]# more acme.conf Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted <IfModule mpm_itk_module> AssignUserId ispconfig ispconfig </IfModule> </Directory> ]# ls -ld /usr/local/ispconfig/interface/acme/.well-known/acme-challenge drwxr-x---. 2 apache apache 52 Jan 23 22:02 /usr/local/ispconfig/interface/acme/.well-known/acme-challenge # ls -l /usr/local/ispconfig/interface/acme/.well-known/acme-challenge -rwxr-x---. 1 apache apache 45 Dec 21 22:46 empty.dir -rw-r--r-- 1 apache apache 11 Jan 23 21:32 hello.txt but: $ curl http://kalfaoglu.com/.well-known/acme-challenge/hello.txt <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html> there is no .htaccess at the /var/www/kalfaoglu.com/web so that's not redirecting anything.. investigation continues
FOUND IT.. there was another acme.conf in the /etc/httpd/conf.d It contained: Code: Alias /.well-known/acme-challenge/ "/var/www/challenges/" # Note, blocking access to <Location "/"> in a <VirtualHost> will override # these global permissions. You will need to modify those domains # to allow access to /.well-known/, or just copy the <Location> from below. # See: http://httpd.apache.org/docs/2.2/sections.html <Location "/.well-known/acme-challenge/"> Options -Indexes Order allow,deny Allow from all </Location> <Directory "/var/www/challenges"> Options -Indexes Order allow,deny Allow from all </Directory> removed that and now it works.. many thanks everyone!
