Hi All I have multiple WordPress sites which are all hosted and running fine with SSL enabled... but I have just moved a very old PHP 5.6 site which is not Wordpress into ISPConfig... I imported the files from /var/www/html and rewrote a few bespoke PHP scripts which referenced the old file structure and afterwards it was all working However the site will only run as HTTP and whenever I click the SSL & Lets Encrypt SSL boxes, it says its applying the settings, but once set the site will still only work in HTTP and the SSL/Lets Encrypt SSL boxes are unchecked again. I suspect the issue is because the original site was encrypted with Lets Encrypt and it may already have directories there which ISPConfig needs to write to but doesnt have permission. Short of setting the whole site to 777, I am not sure what to do - can anyone offer any advice where to start with fixing this? Many thanks
As mentioned in any related thread, just follow the Let's encrypt error FAQ to find out why LE refuses to issue a certificate to you. https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ That#s not related and never change permissions of a sites web folder, especially not to 777 as the site might stop working then plus you open up a huge security hole.
Thanks Yes, I would never do that for just that reason, it was supposed to be a flippant comment - thanks though
It turns out certbot wasnt installed, so I installed it and it now shows as version 0.40.0 - but still wont work. Also there is no /var/log/letsencrypt directory... so I cant get any logs... so will follow the "Enable the ISPConfig debug mode" and post details back later. Thanks
Recent versions of ISPCOnfig use acme.sh, not certbot. So installing certbot may make situation worse. Please follow instuctions here to clarify issues: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
As @Taleman mentioned already, ISPConfig uses acme.sh nowadays. Check /var/log/ispconfig/acme.log for debugging information.
As @Taleman and @pyte mentioned, installing certbot was a bad idea and might have damaged your setup. Take care to remove certbot before proceeding.
Thanks @Taleman @pyte @till I misread line 1 on the SSL tut... "Check that you have a Let’s Encrypt client installed. On servers installed before the release of ISPConfig 3.2, this is most likely certbot." And thought I needed to install certbot But... it gets worse, I followed a tut on how to completely remove certbot from Ubuntu 20.04 and subsequently it uninstalled Apache... so I reinstalled this and obviously no sites are working - not even the ISPConfig UI... so I am going to get a coffee and then see if I need to delete the VPS and start from scratch again
Install Apache back, then run Code: ispconfig_update.sh --force and let it reconfigure services when it asks about that. If that does not work, check /var/log/dpkg.log what packages were removed, and install then back except certbot.
For the future, always doublecheck when removing packages/do a depclean/autoremove, as it sometimes can be a bit tricky and will remove packages that you don't want it to delete at all. And if you're unsure about what some commands do or if you need package X, may consider looking it up online beforehand or ask.
I ran the ISPConfig update - but Apache errors... There are only 3 lines in /var/log/apache2/error.log... [Tue Jan 17 14:33:01.806316 2023] [mpm_event:notice] [pid 8400:tid 140321117801536] AH00489: Apache/2.4.41 (Ubuntu) configured -- resuming normal operations [Tue Jan 17 14:33:01.806417 2023] [core:notice] [pid 8400:tid 140321117801536] AH00094: Command line: '/usr/sbin/apache2' [Tue Jan 17 14:33:34.636953 2023] [mpm_event:notice] [pid 8400:tid 140321117801536] AH00491: caught SIGTERM, shutting down
When I check apache status, it says that there is an error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost; Jan 17 14:36:31 server.xxx.co.uk systemd[1]: apache2.service: Failed with result 'exit-code'. Jan 17 14:36:31 server.xxx.co.uk systemd[1]: Failed to start The Apache HTTP Server. Jan 17 14:42:46 server.xxx.co.uk systemd[1]: Starting The Apache HTTP Server... Jan 17 14:42:46 server.xxx.co.uk apachectl[300]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost: Jan 17 14:42:46 server.xxx.co.uk apachectl[300]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration Jan 17 14:42:46 server.xxx.co.uk apachectl[287]: Action 'start' failed. Jan 17 14:42:46 server.xxx.co.uk apachectl[287]: The Apache error log may have more information. Jan 17 14:42:46 server.xxxx1on1hosting.co.uk systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE Jan 17 14:42:46 server.1on1hosting.co.uk systemd[1]: apache2.service: Failed with result 'exit-code'. Jan 17 14:42:46 server.1on1hosting.co.uk systemd[1]: Failed to start The Apache HTTP Server. The entry on this line (20) says: SSLEngine On I have read that - sudo a2enmod ssl Then restart Apache should fix this?
OK, tried this now get a different error... AH00526: Syntax error on line 95 of /etc/apache2/sites-enabled/000-apps.vhost: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration Action 'start' failed. Line 95 reads; RewriteEngine On
OK, I ran - a2enmod rewrite And now Apache is running, but still no ISPConfig UI, so am running update again
I did write: If that does not work, check /var/log/dpkg.log what packages were removed, and install then back except certbot.
Thanks @Taleman - I did do this too... the items uninstalled were Apache, Mailman and Python-certbot... so I reinstalled Apache and used the --force update. When this just gave me the Ubuntu landing page on website:80, I reinstalled Mailman and this still didnt work. So, as this is now hosting a production company website I had to make a call on the fastest way to get back up and running - so decided to migrate again. Many thanks for all the advice - once I have rebuilt the system I will re-visit the SSL problem which was the start of my self-inflicted mistake.
I have just completed building a new VPS and re-migrating my sites, so havent played with SSL again yet as am just finishing off some custom PHP scripts on one site. However I have noticed that one of the Wordpress sites which has migrated is now not supporting HTTPS... I will go through the SSL FAQ link which @till sent me earlier and report back if I still have no joy... but won't install Certbot this time