SSL for Web Domain Always Disabled

Discussion in 'Installation/Configuration' started by Gosokan, Jun 27, 2021.

  1. Gosokan

    Gosokan New Member

    I'm using ISPConfig3 with Nginx and acme.sh on Ubuntu 20.04. However, there is a problem when a web domain is created.
    When I try to enable SSL and Let's Encrypt SSL option on Web Domain, SSL Directive is not installed in nginx virtual host configuration.

    Code:
    27.06.2021-04:12 - DEBUG - SSL Disabled. example.com
    
    Detailed debug mode /usr/local/ispconfig/server/server.sh
    Code:
    27.06.2021-04:12 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    27.06.2021-04:12 - DEBUG - Found 1 changes, starting update process.
    27.06.2021-04:12 - DEBUG - Calling function 'ssl' from plugin 'nginx_plugin' raised by event 'web_domain_update'.
    27.06.2021-04:12 - DEBUG - Calling function 'update' from plugin 'nginx_plugin' raised by event 'web_domain_update'.
    27.06.2021-04:12 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client4/web5' - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client4/web5' - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client4/web5'|awk 'END{print $2,$NF}' - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: setquota -u 'web5' '2097152' '2098176' 0 0 -a &> /dev/null - return code: 0
    setquota: Not setting block grace time on /dev/vda3 because softlimit is not exceeded.
    setquota: Not setting inode grace time on /dev/vda3 because softlimit is not exceeded.
    27.06.2021-04:12 - DEBUG - safe_exec cmd: setquota -T -u 'web5' 604800 604800 -a &> /dev/null - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client4/web5' - return code: 0
    27.06.2021-04:12 - DEBUG - Verified domain example.com should be reachable for letsencrypt.
    27.06.2021-04:12 - DEBUG - Create Let's Encrypt SSL Cert for: example.com
    27.06.2021-04:12 - DEBUG - Let's Encrypt SSL Cert domains:
    27.06.2021-04:12 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue  -d example.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert  -d example.com --key-file '/var/www/clients/client4/web5/ssl/example.com-le.key' --fullchain-file '/var/www/clients/client4/web5/ssl/example.com-le.crt' --reloadcmd 'systemctl force-reload nginx.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi
    sh: 1: [[: not found
    sh: 1: 2: not found
    sh: 1: [[: not found
    27.06.2021-04:12 - DEBUG - SSL Disabled. example.com
    27.06.2021-04:12 - DEBUG - safe_exec cmd: nginx -V 2>&1 | grep 'built with OpenSSL' | sed 's/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: nginx -V 2>&1 | grep 'running with OpenSSL' | sed 's/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0
    27.06.2021-04:12 - DEBUG - safe_exec cmd: which 'nginx' 2> /dev/null - return code: 0
    27.06.2021-04:12 - DEBUG - Enable TLS 1.3 for: example.com
    27.06.2021-04:12 - DEBUG - Writing the vhost file: /etc/nginx/sites-available/example.com.vhost
    27.06.2021-04:12 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web5.conf
    27.06.2021-04:12 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
    27.06.2021-04:12 - DEBUG - Restarting php-fpm: systemctl reload php7.4-fpm.service
    27.06.2021-04:12 - DEBUG - nginx status is: running
    27.06.2021-04:12 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    27.06.2021-04:12 - DEBUG - Checking nginx configuration...
    27.06.2021-04:12 - DEBUG - nginx configuration ok!
    27.06.2021-04:12 - DEBUG - Restarting httpd: systemctl restart nginx.service
    27.06.2021-04:12 - DEBUG - nginx restart return value is: 0
    27.06.2021-04:12 - DEBUG - nginx online status after restart is: running
    27.06.2021-04:12 - DEBUG - Processed datalog_id 322
    27.06.2021-04:12 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    
    No ssl certificate is generated at all. Then I tried to manually run acme.sh:
    root@server:~# acme.sh --issue -d example.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096

    Result:
    Code:
    Sun 27 Jun 2021 03:58:04 AM UTC] Creating domain key
    [Sun 27 Jun 2021 03:58:04 AM UTC] The domain key is here: /root/.acme.sh/example.com/example.com.key
    ....
    [Sun 27 Jun 2021 03:58:27 AM UTC] Cert success.
    [Sun 27 Jun 2021 03:58:27 AM UTC] Your cert is in  /root/.acme.sh/example.com/example.com.cer
    [Sun 27 Jun 2021 03:58:27 AM UTC] Your cert key is in  /root/.acme.sh/example.com/example.com.key
    [Sun 27 Jun 2021 03:58:27 AM UTC] The intermediate CA cert is in  /root/.acme.sh/example.com/ca.cer
    [Sun 27 Jun 2021 03:58:27 AM UTC] And the full chain certs is there:  /root/.acme.sh/example.com/fullchain.cer
    
    root@server:~# acme.sh --install-cert -d example.com --key-file '/var/www/clients/client4/web5/ssl/example.com-le.key' --fullchain-file '/var/www/clients/client4/web5/ssl/example.com-le.crt'

    Result:
    Code:
    [Sun 27 Jun 2021 04:17:17 AM UTC] Installing key to:/var/www/clients/client4/web5/ssl/example.com-le.key
    [Sun 27 Jun 2021 04:17:17 AM UTC] Installing full chain to:/var/www/clients/client4/web5/ssl/example.com-le.crt
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The reason for your problem is the wrong Linux shell. You linked /bin/bash and /bin/sh to /bin/dash, a shell with very limited functionality which causes these syntax errors that you see in the log. Seems as if you left out step 3 from Ubuntu perfect server guide which configures the shell. To fix your issue, do chapter 3 now:

    3. Change the Default Shell
    /bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore, we do this:
    dpkg-reconfigure dash

    Use dash as the default system shell (/bin/sh)? <-- No

    If you don't do this, the ISPConfig installation will fail.
     
    Gosokan likes this.

Share This Page