SSL fail

zustudios · Apr 17, 2019

I just did a new install. When I create a website I click ssl and letsencrypt. Then I save. Then I go back to the website ssl and letsencrypt boxes are unticked. I'm not getting ssl.

till · Apr 17, 2019

1) Update ISPConfig to git-stable, there is a bug in certbot and the git-stable version from ISPConfig contains a workaround for that bug.
2) If the issue still occurs after you updated, then read here: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/

zustudios · Apr 17, 2019

till said: ↑

1) Update ISPConfig to git-stable, there is a bug in certbot and the git-stable version from ISPConfig contains a workaround for that bug.
2) If the issue still occurs after you updated, then read here: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Click to expand...

I tried it it didn't change anything. I went to the debug link and got:

17.04.2019-11:22 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
17.04.2019-11:22 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.

till · Apr 17, 2019

You have to enable the ssl and letsencrypt checkbox again and then press save. The debug log shows that ssl and letsencrypt checkbox were not enabled again at the time you run the debug.

zustudios · Apr 17, 2019

It's still not working. Isn't there a ssh command that scans my system and tells me what's wrong with it? I think I saw it on the forum(before you post).

till · Apr 17, 2019

zustudios said: ↑

Isn't there a ssh command that scans my system and tells me what's wrong with it?
Click to expand...

The relevant info is in the debug mode and only there, plus the letsencrypt.log, but that's all described in the FAQ, so please go trough the FAQ step by step. You posted some debug output, but missed to enable ssl and let's encrypt, which makes the output useless. So please redo it:

1) Disable server.sh cronjob in crontab.
2) enable debugging.
3) enable ssl and let's encrypt checkbox.
4) run server.sh on the shell and post the result.

and ensure that you updated to 'git-stable' by using the ispconfig_update.sh command first.

zustudios · Apr 17, 2019

root@ns1:~# /usr/local/ispconfig/server/server.sh

17.04.2019-11:40 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
17.04.2019-11:40 - DEBUG - Found 3 changes, starting update process.
17.04.2019-11:40 - DEBUG - Calling function 'server_ip' from plugin 'apache2_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Writing the conf file: /etc/apache2/sites-available/ispconfig.conf
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'apps_vhost_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'network_settings_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Network configuration disabled in server settings.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'postfix_server_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'xmpp_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Processed datalog_id 13
17.04.2019-11:40 - DEBUG - Calling function 'server_ip' from plugin 'apache2_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Writing the conf file: /etc/apache2/sites-available/ispconfig.conf
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'apps_vhost_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'network_settings_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Network configuration disabled in server settings.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'postfix_server_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'xmpp_plugin' raised by event 'server_update'.
17.04.2019-11:40 - DEBUG - Processed datalog_id 14
17.04.2019-11:40 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
17.04.2019-11:40 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
17.04.2019-11:40 - DEBUG - Verified domain zuhost.tk should be reachable for letsencrypt.
17.04.2019-11:40 - DEBUG - Verified domain www.zuhost.tk should be reachable for letsencrypt.
17.04.2019-11:40 - DEBUG - Create Let's Encrypt SSL Cert for: zuhost.tk
17.04.2019-11:40 - DEBUG - Let's Encrypt SSL Cert domains: --domains zuhost.tk --domains www.zuhost.tk
17.04.2019-11:40 - WARNING - Let's Encrypt SSL Cert for: zuhost.tk could not be issued.
17.04.2019-11:40 - WARNING -
17.04.2019-11:40 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web2/.php-fcgi-starter
17.04.2019-11:40 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/zuhost.tk.vhost
17.04.2019-11:40 - DEBUG - Apache status is: running
17.04.2019-11:40 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
17.04.2019-11:41 - DEBUG - Restarting httpd: systemctl restart apache2.service
17.04.2019-11:41 - DEBUG - Apache restart return value is: 0
17.04.2019-11:41 - DEBUG - Apache online status after restart is: running
17.04.2019-11:41 - DEBUG - Processed datalog_id 15
17.04.2019-11:41 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
17.04.2019-11:41 - DEBUG - Restarting httpd: systemctl restart apache2.service
17.04.2019-11:41 - DEBUG - Calling function 'restartXMPP' from module 'xmpp_module'.
17.04.2019-11:41 - DEBUG - Restarting xmpp: systemctl restart metronome.service
17.04.2019-11:41 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.
root@ns1:~#

till · Apr 17, 2019

Ok, as you can see, the cert could not be issued. Check the letsencrypt.log file to see why Let#s encrypt did not issue that cert to you.

zustudios · Apr 17, 2019

I don't have a /var/log/letsencrypt directory.

till · Apr 17, 2019

But you have certbot installed on your system?

zustudios · Apr 17, 2019

I just did the tutorial for ubuntu 16.04 The perfect server.

zustudios · Apr 17, 2019

till said: ↑

But you have certbot installed on your system?
Click to expand...

I'm not sure.
I just did the tutorial for ubuntu 16.04 The perfect server.

till · Apr 17, 2019

Maybe you missed a step. Redo the commands from chapter 9:

Code:

apt install software-properties-common
add-apt-repository ppa:certbot/certbot
apt update
apt -y remove letsencrypt
apt -y install python-certbot-apache

zustudios · Apr 17, 2019

Thanks it worked.

zustudios · Apr 17, 2019

till said: ↑
Maybe you missed a step. Redo the commands from chapter 9:
Code:
apt install software-properties-common
add-apt-repository ppa:certbot/certbot
apt update
apt -y remove letsencrypt
apt -y install python-certbot-apache
Click to expand...
I thought it worked but it didn't

till · Apr 17, 2019

What's in the let's encrypt log after you enabled ssl and let's encrypt again and then run server.sh?

zustudios · Apr 17, 2019

root@ns1:~# /usr/local/ispconfig/server/server.sh

17.04.2019-12:53 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
17.04.2019-12:53 - DEBUG - Found 1 changes, starting update process.
17.04.2019-12:53 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
17.04.2019-12:53 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
17.04.2019-12:53 - DEBUG - Verified domain zuhost.tk should be reachable for letsencrypt.
17.04.2019-12:53 - DEBUG - Verified domain www.zuhost.tk should be reachable for letsencrypt.
17.04.2019-12:53 - DEBUG - Create Let's Encrypt SSL Cert for: zuhost.tk
17.04.2019-12:53 - DEBUG - Let's Encrypt SSL Cert domains: --domains zuhost.tk --domains www.zuhost.tk
17.04.2019-12:53 - WARNING - Let's Encrypt SSL Cert for: zuhost.tk could not be issued.
17.04.2019-12:53 - WARNING -
17.04.2019-12:53 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web2/.php-fcgi-starter
17.04.2019-12:53 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/zuhost.tk.vhost
17.04.2019-12:53 - DEBUG - Apache status is: running
17.04.2019-12:53 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
17.04.2019-12:53 - DEBUG - Restarting httpd: systemctl restart apache2.service
17.04.2019-12:53 - DEBUG - Apache restart return value is: 0
17.04.2019-12:53 - DEBUG - Apache online status after restart is: running
17.04.2019-12:53 - DEBUG - Processed datalog_id 10
17.04.2019-12:53 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.
root@ns1:~#

till · Apr 17, 2019

and still no letsencrypt.log file? In that case, please try this:
Code:
apt-get remove --purge certbot python-certbot-apache
to remove certbot and then reinstall it with this method:
Code:
cd /usr/local/bin
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --install-only

zustudios · Apr 17, 2019

root@ns1:/usr/local/bin# /usr/local/ispconfig/server/server.sh

17.04.2019-13:03 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
17.04.2019-13:03 - DEBUG - Found 1 changes, starting update process.
17.04.2019-13:03 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
17.04.2019-13:03 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
17.04.2019-13:03 - DEBUG - Verified domain zuhost.tk should be reachable for letsencrypt.
17.04.2019-13:03 - DEBUG - Verified domain www.zuhost.tk should be reachable for letsencrypt.
17.04.2019-13:03 - DEBUG - Create Let's Encrypt SSL Cert for: zuhost.tk
17.04.2019-13:03 - DEBUG - Let's Encrypt SSL Cert domains: --domains zuhost.tk --domains www.zuhost.tk
17.04.2019-13:03 - DEBUG - exec: /opt/eff.org/certbot/venv/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains zuhost.tk --domains www.zuhost.tk --webroot-path /usr/local/ispconfig/interface/acme
You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. The letsencrypt client has also been renamed to Certbot. We recommend upgrading to the latest certbot-auto script, or using native OS packages.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.zuhost.tk
http-01 challenge for zuhost.tk
Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
Waiting for verification...
Cleaning up challenges
17.04.2019-13:04 - DEBUG - Let's Encrypt Cert config path is: /etc/letsencrypt/renewal/zuhost.tk.conf.
17.04.2019-13:04 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/zuhost.tk/fullchain.pem exists.
17.04.2019-13:04 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web2/.php-fcgi-starter
17.04.2019-13:04 - DEBUG - Enable SSL for: zuhost.tk
17.04.2019-13:04 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/zuhost.tk.vhost
17.04.2019-13:04 - DEBUG - Apache status is: running
17.04.2019-13:04 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
17.04.2019-13:04 - DEBUG - Restarting httpd: systemctl restart apache2.service
17.04.2019-13:04 - DEBUG - Apache restart return value is: 0
17.04.2019-13:04 - DEBUG - Apache online status after restart is: running
17.04.2019-13:04 - DEBUG - Processed datalog_id 11
17.04.2019-13:04 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.
root@ns1:/usr/local/bin#

till · Apr 17, 2019

Ok, so it works now.

Log in or Sign up

SSL fail

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Log in or Sign up

SSL fail

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

zustudios Member

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Useful Searches