I'm using ISPConfig3 with Nginx and acme.sh on Ubuntu 20.04. However, there is a problem when a web domain is created. When I try to enable SSL and Let's Encrypt SSL option on Web Domain, SSL Directive is not installed in nginx virtual host configuration. Code: 27.06.2021-04:12 - DEBUG - SSL Disabled. example.com Detailed debug mode /usr/local/ispconfig/server/server.sh Code: 27.06.2021-04:12 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 27.06.2021-04:12 - DEBUG - Found 1 changes, starting update process. 27.06.2021-04:12 - DEBUG - Calling function 'ssl' from plugin 'nginx_plugin' raised by event 'web_domain_update'. 27.06.2021-04:12 - DEBUG - Calling function 'update' from plugin 'nginx_plugin' raised by event 'web_domain_update'. 27.06.2021-04:12 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client4/web5' - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client4/web5' - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client4/web5'|awk 'END{print $2,$NF}' - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: setquota -u 'web5' '2097152' '2098176' 0 0 -a &> /dev/null - return code: 0 setquota: Not setting block grace time on /dev/vda3 because softlimit is not exceeded. setquota: Not setting inode grace time on /dev/vda3 because softlimit is not exceeded. 27.06.2021-04:12 - DEBUG - safe_exec cmd: setquota -T -u 'web5' 604800 604800 -a &> /dev/null - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client4/web5' - return code: 0 27.06.2021-04:12 - DEBUG - Verified domain example.com should be reachable for letsencrypt. 27.06.2021-04:12 - DEBUG - Create Let's Encrypt SSL Cert for: example.com 27.06.2021-04:12 - DEBUG - Let's Encrypt SSL Cert domains: 27.06.2021-04:12 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d example.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert -d example.com --key-file '/var/www/clients/client4/web5/ssl/example.com-le.key' --fullchain-file '/var/www/clients/client4/web5/ssl/example.com-le.crt' --reloadcmd 'systemctl force-reload nginx.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C ; fi sh: 1: [[: not found sh: 1: 2: not found sh: 1: [[: not found 27.06.2021-04:12 - DEBUG - SSL Disabled. example.com 27.06.2021-04:12 - DEBUG - safe_exec cmd: nginx -V 2>&1 | grep 'built with OpenSSL' | sed 's/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: nginx -V 2>&1 | grep 'running with OpenSSL' | sed 's/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0 27.06.2021-04:12 - DEBUG - safe_exec cmd: which 'nginx' 2> /dev/null - return code: 0 27.06.2021-04:12 - DEBUG - Enable TLS 1.3 for: example.com 27.06.2021-04:12 - DEBUG - Writing the vhost file: /etc/nginx/sites-available/example.com.vhost 27.06.2021-04:12 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web5.conf 27.06.2021-04:12 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'. 27.06.2021-04:12 - DEBUG - Restarting php-fpm: systemctl reload php7.4-fpm.service 27.06.2021-04:12 - DEBUG - nginx status is: running 27.06.2021-04:12 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 27.06.2021-04:12 - DEBUG - Checking nginx configuration... 27.06.2021-04:12 - DEBUG - nginx configuration ok! 27.06.2021-04:12 - DEBUG - Restarting httpd: systemctl restart nginx.service 27.06.2021-04:12 - DEBUG - nginx restart return value is: 0 27.06.2021-04:12 - DEBUG - nginx online status after restart is: running 27.06.2021-04:12 - DEBUG - Processed datalog_id 322 27.06.2021-04:12 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. No ssl certificate is generated at all. Then I tried to manually run acme.sh: root@server:~# acme.sh --issue -d example.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096 Result: Code: Sun 27 Jun 2021 03:58:04 AM UTC] Creating domain key [Sun 27 Jun 2021 03:58:04 AM UTC] The domain key is here: /root/.acme.sh/example.com/example.com.key .... [Sun 27 Jun 2021 03:58:27 AM UTC] Cert success. [Sun 27 Jun 2021 03:58:27 AM UTC] Your cert is in /root/.acme.sh/example.com/example.com.cer [Sun 27 Jun 2021 03:58:27 AM UTC] Your cert key is in /root/.acme.sh/example.com/example.com.key [Sun 27 Jun 2021 03:58:27 AM UTC] The intermediate CA cert is in /root/.acme.sh/example.com/ca.cer [Sun 27 Jun 2021 03:58:27 AM UTC] And the full chain certs is there: /root/.acme.sh/example.com/fullchain.cer root@server:~# acme.sh --install-cert -d example.com --key-file '/var/www/clients/client4/web5/ssl/example.com-le.key' --fullchain-file '/var/www/clients/client4/web5/ssl/example.com-le.crt' Result: Code: [Sun 27 Jun 2021 04:17:17 AM UTC] Installing key to:/var/www/clients/client4/web5/ssl/example.com-le.key [Sun 27 Jun 2021 04:17:17 AM UTC] Installing full chain to:/var/www/clients/client4/web5/ssl/example.com-le.crt
The reason for your problem is the wrong Linux shell. You linked /bin/bash and /bin/sh to /bin/dash, a shell with very limited functionality which causes these syntax errors that you see in the log. Seems as if you left out step 3 from Ubuntu perfect server guide which configures the shell. To fix your issue, do chapter 3 now: 3. Change the Default Shell /bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore, we do this: dpkg-reconfigure dash Use dash as the default system shell (/bin/sh)? <-- No If you don't do this, the ISPConfig installation will fail.