SSL LE not working after many updates

Fresh install of ISPC on Ubuntu. See the facts below:
I have updated using ispconfig_update.sh --force in an effort to correct the problem of "Error code: SSL_ERROR_RX_RECORD_TOO_LONG" when browsing to a hosted website or when logging inot ISPC.
I can ping the fqdn of the server but when I use nslookup I get the 127 address. my hosts file looks like this:
`
# Your system has configured 'manage_etc_hosts' as True.
# As a result, if you wish for changes to this file to persist
# then you will need to either
# a.) make changes to the master file in /etc/cloud/templates/hosts.debian.tmpl
# b.) change or remove the value of 'manage_etc_hosts' in
# /etc/cloud/cloud.cfg or cloud-config from user-data
#
127.0.1.1 ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com ubuntu-s-1vcpu-1gb-sfo3-01
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
`
Here is my acme log:

Updating Crontab
Restarting services ...
Update finished.
root@ubuntu-s-1vcpu-1gb-sfo3-01:/var/log/ispconfig# ls
acme.log auth.log bak.log cron.log httpd ispconfig.log
root@ubuntu-s-1vcpu-1gb-sfo3-01:/var/log/ispconfig# cat acme.log
[Tue Feb 15 08:25:12 UTC 2022] Running cmd: setdefaultca
[Tue Feb 15 08:25:12 UTC 2022] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[Tue Feb 15 08:25:13 UTC 2022] Lets find script dir.
[Tue Feb 15 08:25:13 UTC 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue Feb 15 08:25:13 UTC 2022] _script='/root/.acme.sh/acme.sh'
[Tue Feb 15 08:25:13 UTC 2022] _script_home='/root/.acme.sh'
[Tue Feb 15 08:25:13 UTC 2022] Using config home:/root/.acme.sh
[Tue Feb 15 08:25:13 UTC 2022] Running cmd: issue
[Tue Feb 15 08:25:13 UTC 2022] _main_domain='ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com'
[Tue Feb 15 08:25:13 UTC 2022] _alt_domains='no'
[Tue Feb 15 08:25:13 UTC 2022] Using config home:/root/.acme.sh
[Tue Feb 15 08:25:13 UTC 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 08:25:13 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 08:25:13 UTC 2022] DOMAIN_PATH='/root/.acme.sh/ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com'
[Tue Feb 15 08:25:13 UTC 2022] Le_NextRenewTime='1650006689'
[Tue Feb 15 08:25:13 UTC 2022] _saved_domain='ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com'
[Tue Feb 15 08:25:13 UTC 2022] _saved_alt='no'
[Tue Feb 15 08:25:13 UTC 2022] Domains not changed.
[Tue Feb 15 08:25:13 UTC 2022] Skip, Next renewal time is: Sat Apr 16 07:11:29 UTC 2022
[Tue Feb 15 08:25:13 UTC 2022] Add '--force' to force to renew.
[Tue Feb 15 08:25:13 UTC 2022] Lets find script dir.
[Tue Feb 15 08:25:13 UTC 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue Feb 15 08:25:13 UTC 2022] _script='/root/.acme.sh/acme.sh'
[Tue Feb 15 08:25:13 UTC 2022] _script_home='/root/.acme.sh'
[Tue Feb 15 08:25:13 UTC 2022] Using config home:/root/.acme.sh
[Tue Feb 15 08:25:13 UTC 2022] Running cmd: installcert
[Tue Feb 15 08:25:13 UTC 2022] Using config home:/root/.acme.sh
[Tue Feb 15 08:25:13 UTC 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 08:25:13 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 08:25:13 UTC 2022] DOMAIN_PATH='/root/.acme.sh/ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com'
[Tue Feb 15 08:25:13 UTC 2022] Installing key to: /usr/local/ispconfig/interface/ssl/ispserver.key
[Tue Feb 15 08:25:13 UTC 2022] Installing full chain to: /usr/local/ispconfig/interface/ssl/ispserver.crt
[Tue Feb 15 08:26:02 UTC 2022] Running cmd: upgrade
[Tue Feb 15 08:26:02 UTC 2022] Using config home:/root/.acme.sh
[Tue Feb 15 08:26:02 UTC 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 08:26:02 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 08:26:02 UTC 2022] GET
[Tue Feb 15 08:26:02 UTC 2022] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Tue Feb 15 08:26:02 UTC 2022] timeout=
[Tue Feb 15 08:26:02 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Tue Feb 15 08:26:03 UTC 2022] ret='0'
[Tue Feb 15 08:26:03 UTC 2022] Already uptodate!
[Tue Feb 15 08:26:03 UTC 2022] Upgrade success!
[Tue Feb 15 08:26:03 UTC 2022] Running cmd: setdefaultca
[Tue Feb 15 08:26:03 UTC 2022] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

And here is the result of a system analysis:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 20.04.3 LTS
[INFO] uptime: 08:11:29 up 21 min, 1 user, load average: 0.00, 0.02, 0.07
[INFO] memory:
total used free shared buff/cache available
Mem: 976Mi 588Mi 123Mi 54Mi 265Mi 185Mi
Swap: 0B 0B 0B
[INFO] systemd failed services status:
UNIT LOAD ACTIVE SUB DESCRIPTION
● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

1 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.7p1


##### VERSION CHECK #####

[INFO] php (cli) version is 7.4.27
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.27

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
Apache 2 (PID 4788)
[INFO] I found the following mail server(s):
Postfix (PID 1983)
[INFO] I found the following pop3 server(s):
Dovecot (PID 661)
[INFO] I found the following imap server(s):
Dovecot (PID 661)
[INFO] I found the following ftp server(s):
PureFTP (PID 1169)

##### LISTENING PORTS #####
(only ()
Local (Address)
[anywhere]:993 (661/dovecot)
[anywhere]:995 (661/dovecot)
[localhost]:11332 (695/rspamd
[localhost]:11333 (695/rspamd
[localhost]:11334 (695/rspamd
[localhost]:10023 (1030/postgrey)
[anywhere]:587 (1983/master)
[localhost]:6379 (858/redis-server)
[localhost]:11211 (671/memcached)
[anywhere]:110 (661/dovecot)
[anywhere]:143 (661/dovecot)
[anywhere]:465 (1983/master)
[anywhere]:21 (1169/pure-ftpd)
***.***.***.***:53 (674/named)
***.***.***.***:53 (674/named)
***.***.***.***:53 (674/named)
[localhost]:53 (674/named)
***.***.***.***:53 (561/systemd-resolve)
[anywhere]:22 (772/sshd
[anywhere]:25 (1983/master)
[localhost]:953 (674/named)
[anywhere]:4190 (661/dovecot)
*:*:*:*::*:993 (661/dovecot)
*:*:*:*::*:995 (661/dovecot)
*:*:*:*::*:11332 (695/rspamd
*:*:*:*::*:11333 (695/rspamd
*:*:*:*::*:11334 (695/rspamd
*:*:*:*::*:10023 (1030/postgrey)
*:*:*:*::*:3306 (910/mysqld)
*:*:*:*::*:587 (1983/master)
*:*:*:*::*:6379 (858/redis-server)
[localhost]10 (661/dovecot)
[localhost]43 (661/dovecot)
*:*:*:*::*:8080 (4788/apache2)
*:*:*:*::*:80 (4788/apache2)
*:*:*:*::*:8081 (4788/apache2)
*:*:*:*::*:465 (1983/master)
*:*:*:*::*:21 (1169/pure-ftpd)
*:*:*:*::*747d:f3ff:fe67:53 (674/named)
*:*:*:*::*b06e:b5ff:fe25:53 (674/named)
*:*:*:*::*:53 (674/named)
*:*:*:*::*:22 (772/sshd
*:*:*:*::*:25 (1983/master)
*:*:*:*::*:953 (674/named)
*:*:*:*::*:443 (4788/apache2)
*:*:*:*::*:4190 (661/dovecot)




##### IPTABLES #####
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0
ufw-before-input all -- [anywhere]/0 [anywhere]/0
ufw-after-input all -- [anywhere]/0 [anywhere]/0
ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0
ufw-reject-input all -- [anywhere]/0 [anywhere]/0
ufw-track-input all -- [anywhere]/0 [anywhere]/0

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0
ufw-before-forward all -- [anywhere]/0 [anywhere]/0
ufw-after-forward all -- [anywhere]/0 [anywhere]/0
ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0
ufw-reject-forward all -- [anywhere]/0 [anywhere]/0
ufw-track-forward all -- [anywhere]/0 [anywhere]/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0
ufw-before-output all -- [anywhere]/0 [anywhere]/0
ufw-after-output all -- [anywhere]/0 [anywhere]/0
ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0
ufw-reject-output all -- [anywhere]/0 [anywhere]/0
ufw-track-output all -- [anywhere]/0 [anywhere]/0

Chain ufw-after-forward (1 references)
target prot opt source destination

Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137
ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138
ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139
ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445
ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67
ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68
ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target prot opt source destination

Chain ufw-after-output (1 references)
target prot opt source destination

Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8
ufw-user-forward all -- [anywhere]/0 [anywhere]/0

Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- [anywhere]/0 [anywhere]/0
ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID
DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12
ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8
ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68
ufw-not-local all -- [anywhere]/0 [anywhere]/0
ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353
ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900
ufw-user-input all -- [anywhere]/0 [anywhere]/0

Chain ufw-before-logging-forward (1 references)
target prot opt source destination

Chain ufw-before-logging-input (1 references)
target prot opt source destination

Chain ufw-before-logging-output (1 references)
target prot opt source destination

Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- [anywhere]/0 [anywhere]/0
ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED
ufw-user-output all -- [anywhere]/0 [anywhere]/0

Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10
LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL
RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST
RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10
DROP all -- [anywhere]/0 [anywhere]/0

Chain ufw-reject-forward (1 references)
target prot opt source destination

Chain ufw-reject-input (1 references)
target prot opt source destination

Chain ufw-reject-output (1 references)
target prot opt source destination

Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- [anywhere]/0 [anywhere]/0

Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- [anywhere]/0 [anywhere]/0

Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- [anywhere]/0 [anywhere]/0

Chain ufw-track-forward (1 references)
target prot opt source destination

Chain ufw-track-input (1 references)
target prot opt source destination

Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW
ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW

Chain ufw-user-forward (1 references)
target prot opt source destination

Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081
ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210
ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53

Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- [anywhere]/0 [anywhere]/0

Chain ufw-user-logging-forward (0 references)
target prot opt source destination

Chain ufw-user-logging-input (0 references)
target prot opt source destination

Chain ufw-user-logging-output (0 references)
target prot opt source destination

Chain ufw-user-output (1 references)
target prot opt source destination




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh

 

I am lost here thanks for any assistance you can be!

 

Thanks for the reply! Here is the result of :
ls -la /usr/local/ispconfig/interface/ssl/
root@ubuntu-s-1vcpu-1gb-sfo3-01:~# ls -la /usr/local/ispconfig/interface/ssl/
total 68
drwxr-x--- 2 root root 4096 Feb 15 08:25 .
drwxr-x--- 9 ispconfig ispconfig 4096 Feb 15 03:30 ..
-rwxr-x--- 1 root root 45 Feb 15 08:26 empty.dir
-rwxr-x--- 1 root root 5674 Feb 15 08:25 ispserver.crt
-rwxr-x--- 1 root root 1919 Feb 15 07:11 ispserver.crt-20220215071111.bak
-rwxr-x--- 1 root root 5674 Feb 15 08:25 ispserver.crt-20220215082457.bak
-rwxr-x--- 1 root root 1679 Feb 15 08:25 ispserver.key
-rwxr-x--- 1 root root 3272 Feb 15 07:11 ispserver.key-20220215071111.bak
-rwxr-x--- 1 root root 1679 Feb 15 08:25 ispserver.key-20220215082457.bak
-rwxr-x--- 1 root root 7353 Feb 15 08:25 ispserver.pem
-rwxr-x--- 1 root root 5191 Feb 15 07:11 ispserver.pem-20220215071111.bak
-rwxr-x--- 1 root root 7353 Feb 15 08:25 ispserver.pem-20220215082457.bak

And here is : cat /etc/apache2/sites-available/ispconfig.vhost

######################################################
# This virtual host contains the configuration
# for the ISPConfig controlpanel
######################################################

Listen 8080
NameVirtualHost *:8080

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost

Alias /mail /var/www/ispconfig/mail

<Directory /var/www/ispconfig/>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
<Directory /usr/local/ispconfig/interface/web/>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>

<IfModule mod_fcgid.c>
DocumentRoot /var/www/ispconfig/
SuexecUserGroup ispconfig ispconfig
<Directory /var/www/ispconfig/>
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
</FilesMatch>
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
Require all granted
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>

<IfModule mpm_itk_module>
DocumentRoot /usr/local/ispconfig/interface/web/
AssignUserId ispconfig ispconfig
AddType application/x-httpd-php .php
<Directory /usr/local/ispconfig/interface/web>
# php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
Options +FollowSymLinks
AllowOverride None
Require all granted
php_value magic_quotes_gpc 0
</Directory>
</IfModule>

# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

# SSL Configuration
SSLEngine On
SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
#SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder On

<IfModule mod_headers.c>
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
Header always edit Set-Cookie (.*) "$1; Secure"
<IfVersion >= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000"
</IfVersion>
<IfVersion < 2.4.7>
Header set Strict-Transport-Security "max-age=15768000"
</IfVersion>
RequestHeader unset Proxy early
</IfModule>

SSLUseStapling On
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors Off
</VirtualHost>

Thanks for your help Tim.

 

When I run the update I get an error saying:

Checking / creating certificate for ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com
Using certificate path /root/.acme.sh/ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com
Server's public ip(s) (137.184.127.237) not found in A/AAAA records for ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com:

The record exists in ISPConfig dns for this client. The hosts file on the server reads:
127.0.1.1 ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com ubuntu-s-1vcpu-1gb-sfo3-01
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

I have namecheaps records pointing to three digitalocean name servers and do's name servers have these records:
@ record pointing to the IP of the ispc server.
* pointing to the IP
acmealliedllc.com pointing to the IP
ubuntu-s-1vcpu-1gb-sfo3-01.acmealliedllc.com pointing to the IP

 

The /etc/hosts file should have the public IP and FQDN of the host. ISPConfig autoinstaller makes thtat and installation guide instructs to make that.
Please post code and listing in CODE tags. See here: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
What name server is your host using?

 

Agreed.

You may try also force updating ISPConfig using git-development, choose create ssl during that update and see if that resolve your problem.

 

Just added the public ip and fqdn to the hosts file. It didn't solve the issue. This has to be DNS.

Code:

systemd-resolve --status
Global
       LLMNR setting: no                 
MulticastDNS setting: no                 
  DNSOverTLS setting: no                 
      DNSSEC setting: no                 
    DNSSEC supported: no                 
  Current DNS Server: 67.207.67.2         
         DNS Servers: 67.207.67.2         
                      67.207.67.3         
          DNSSEC NTA: 10.in-addr.arpa     
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp               
                      d.f.ip6.arpa       
                      home               
                      internal           
                      intranet           
                      lan                 
                      local               
                      private             
                      test               

Link 3 (eth1)
      Current Scopes: DNS       
DefaultRoute setting: yes       
       LLMNR setting: yes       
MulticastDNS setting: no         
  DNSOverTLS setting: no         
lines 1-43

 

From my side I see SSL_ERROR_RX_RECORD_TOO_LONG which is more on server side fault, not dns.

 

Sorry, I forgot to enter the port. It is indeed self-signed.

 

It's just the customer site I can't get to with https now. I just tried to update again and still get that error even though I put the fqdn in the hosts file.

 

When I check the box for LE and save it then go back it doesn't save the setting

 

I take it back this time it stuck and now the site is https. huh.

 

Thanks to everyone who chimed in here. The last time I ran the update I still got the unable to resolve error but this time it's working.
I love ispconfig man. The new update feature is awesome and knowing where to look for logs now is super helpful.

B