SSL section is not created in domain vhost file - but only on some domains

Discussion in 'Installation/Configuration' started by sftp, Oct 19, 2016.

  1. sftp

    sftp New Member

    Hi everyone
    • OS: Debian 7, up-to-date
    • ISPConfig 3.1, git-stable (after I had issues with letsecnrypt and the stable version I read a suggestions to upgrade to git-stable)
    My problem:
    I have a server with 4 customers. From these 4 only 1 has this problem. If he (or me) tries to enable SSL (and letsecnrypt but the problem exists even with only SSL enabled) the .vhost-File for the domain is not correctly created / updated.
    The ip:443 part is missing completely in the vhost file. The certificate is created correctly (I set logging to debug and the letsencrpyt call shows no errors, also the file is there). As a result, this domain displays a warning because a ssl-cert from one of the other domains on the server is used, which of course is not valid for this domain.

    Whatever I try to do (enabling or disabling ssl, enable & disabling the domain, create new selfsigned ssl-certs etc.) the vhost parts just does not get written in the .vhost-file in /etc/apache2/sites-enabled/. I deleted all previous (startssl) certs which had been in the /ssl/ directory of the web and also (backuped and) removed the vhost-file completely. Id does get recreated by ISPconfig, but not with the ip:443 part. The other vhost-files from the other customers are fine.

    I try not to interfere with the config files by editing them manually.

    Has anybody any hints? Or another suggestions where to look for more hints?

    Thanks in advance!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The SSL part gets added when there is a valid ssl cert for that site. if there is no cert e.g. when letsencrypt was not able to create a cert as it did not reach the domain and all its subdomains, then no ssl pert gets added as apache would not start otherwise.
  3. sftp

    sftp New Member

    Thanks for your quick answer Till.
    I assume this is the case here, as I have the following line in the letsencrypt-log:

    2016-10-19 10:11:22,315:INFO:certbot.reporter:Reporting to user:
    Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/Domain.tld-0001/fullchain.pem. Your cert will expire on 2017-01-17. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew"
    Do you have any idea where to look? If I open the domain with the problem, I get redirected to the last domain I created a letsencrypt-cert for.

Share This Page