Hi, I checked everything in Let’s Encrypt Error FAQ, still have an issue. When I created new website recently I checked Let's Encrypt SSL when I go back it's not checked. I tried to go to SSL tab under Website and Delete SSL, that didn't fix it. Still cannot make work. Somehow certificate is not valid or some misconfiguration on my server. When I go to https://mywebsite.com I get This Connection Is Not Private - when I view Certificate in browser it shows - This certificate not valid (host name mismatch) Certificate expiration date is June 23, 2018 I created website on March 23 2018, I also tried to manually delete all files from /var/www/mywebsite.com/ssl and placed check on Let's Encrypt SSL under Website still broken. What else can I check? I have these files in folder /etc/letsencrypt/live/mywebsite.com# cert.pem chain.pem fullchain.pem privkey.pem README Also I have these files in archive folder /etc/letsencrypt/archive/mywebsite.com# ls cert1.pem chain1.pem fullchain1.pem privkey1.pem Code: /var/www/mywebsite.com/ssl# ls mywebsite.com-le.bundle mywebsite.com-le.bundle.old.20180325154602 mywebsite.com-le.crt.old.20180325154003 mywebsite.com-le.key.old.20180325012303 mywebsite.com-le.key.old.20180325154802 mywebsite.com-le.bundle.old.20180325012303 mywebsite.com-le.bundle.old.20180325154802 mywebsite.com-le.crt.old.20180325154103 mywebsite.com-le.key.old.20180325151402 mywebsite.com-le.bundle.old.20180325151402 mywebsite.com-le.crt mywebsite.com-le.crt.old.20180325154602 mywebsite.com-le.key.old.20180325154003 mywebsite.com-le.bundle.old.20180325154003 mywebsite.com-le.crt.old.20180325012303 mywebsite.com-le.crt.old.20180325154802 mywebsite.com-le.key.old.20180325154103 mywebsite.com-le.bundle.old.20180325154103 mywebsite.com-le.crt.old.20180325151402 mywebsite.com-le.key mywebsite.com-le.key.old.20180325154602 less /var/log/letsencrypt/letsencrypt.log Code: 2018-03-25 20:48:02,162:DEBUG:certbot.main:Root logging level set at 20 2018-03-25 20:48:02,162:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-03-25 20:48:02,163:DEBUG:certbot.main:certbot version: 0.10.2 2018-03-25 20:48:02,163:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'mywebsite.com', '--domains', 'www.mywebsite.com', '--webroot-path', '/usr/local/ispconfig/interface/acme'] 2018-03-25 20:48:02,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2018-03-25 20:48:02,164:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2018-03-25 20:48:02,167:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f36969daa10> Prep: True 2018-03-25 20:48:02,167:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f36969daa10> and installer None 2018-03-25 20:48:02,192:DEBUG:certbot.main:picked account: <Account(340499477cb3ae28b091aa44778c27de)> 2018-03-25 20:48:02,193:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2018-03-25 20:48:02,195:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2018-03-25 20:48:02,375:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 562 2018-03-25 20:48:02,376:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 562 Replay-Nonce: jCQoJ3DX2XasBCS07gFDmZUFjeQBrOl0fpd-dK6mpBw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 25 Mar 2018 20:48:02 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 25 Mar 2018 20:48:02 GMT Connection: keep-alive { "XuNFDYUX74E": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } 2018-03-25 20:48:02,416:DEBUG:parsedatetime:parse (top of loop): [30 days][] 2018-03-25 20:48:02,427:DEBUG:parsedatetime:CRE_UNITS matched 2018-03-25 20:48:02,428:DEBUG:parsedatetime:parse (bottom) [][30 days][][] 2018-03-25 20:48:02,428:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False 2018-03-25 20:48:02,428:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False 2018-03-25 20:48:02,428:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=3, tm_mday=25, tm_hour=20, tm_min=48, tm_sec=2, tm_wday=6, tm_yday=84, tm_isdst=0)) 2018-03-25 20:48:02,428:DEBUG:parsedatetime:_buildTime: [30 ][][days] 2018-03-25 20:48:02,428:DEBUG:parsedatetime:units days --> realunit days 2018-03-25 20:48:02,429:DEBUG:parsedatetime:return 2018-03-25 20:48:02,429:INFO:certbot.renewal:Cert not yet due for renewal 2018-03-25 20:48:02,429:INFO:certbot.main:Keeping the existing certificate
[Solved for above domain] I ran a ISPConfig Debug, one of the other websites had Apache Directive which was causing apache issues, I cleared and certificate is valid now.
I have issue with another older site. Checked Let's Encrypt SSL does not stay checked. less /var/log/letsencrypt/letsencrypt.log Code: 2018-03-26 15:59:03,090:DEBUG:certbot.main:Root logging level set at 20 2018-03-26 15:59:03,090:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-03-26 15:59:03,091:DEBUG:certbot.main:certbot version: 0.10.2 2018-03-26 15:59:03,091:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'domain2.com', '--domains', 'www.domain2.com', '--webroot-path', '/usr/local/ispconfig/interface/acme'] 2018-03-26 15:59:03,091:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2018-03-26 15:59:03,092:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None 2018-03-26 15:59:03,094:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f9317069a10> Prep: True 2018-03-26 15:59:03,095:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f9317069a10> and installer None 2018-03-26 15:59:03,120:DEBUG:certbot.main:Picked account: <Account(340499477cb3ae28b091aa44778c27de)> 2018-03-26 15:59:03,121:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2018-03-26 15:59:03,123:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2018-03-26 15:59:03,599:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 562 2018-03-26 15:59:03,601:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 562 Replay-Nonce: g794eXOIAV1ANYpHSHoKobxOEWgVEUZyHjAv12DYyVw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Mon, 26 Mar 2018 15:59:03 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 26 Mar 2018 15:59:03 GMT Connection: keep-alive { "c7Cc6o2Pz_g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } 2018-03-26 15:59:03,665:DEBUG:parsedatetime:parse (top of loop): [30 days][] 2018-03-26 15:59:03,680:DEBUG:parsedatetime:CRE_UNITS matched 2018-03-26 15:59:03,681:DEBUG:parsedatetime:parse (bottom) [][30 days][][] 2018-03-26 15:59:03,682:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False 2018-03-26 15:59:03,682:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False 2018-03-26 15:59:03,682:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=3, tm_mday=26, tm_hour=15, tm_min=59, tm_sec=3, tm_wday=0, tm_yday=85, tm_isdst=0)) 2018-03-26 15:59:03,682:DEBUG:parsedatetime:_buildTime: [30 ][][days] 2018-03-26 15:59:03,682:DEBUG:parsedatetime:units days --> realunit days 2018-03-26 15:59:03,683:DEBUG:parsedatetime:return 2018-03-26 15:59:03,683:INFO:certbot.renewal:Cert not yet due for renewal 2018-03-26 15:59:03,683:INFO:certbot.main:Keeping the existing certificate
The older website was wordpress, I had to update wp-config.php to update HTTP to HTTPS define('WP_HOME','https://domain2.com); define('WP_SITEURL','https://domain2.com'); Now that webiste works as SSL and shows "Secured" however, Let's Encrypt SSL box does not stay checked under Webiste inside of ISPConfig.
Set the log level to Debug under System > System > Server Config to DEBUG Commented out the line with server.sh cron job in crontab -e I get this: Code: /usr/local/ispconfig/server/server.sh 26.03.2018-11:23 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 26.03.2018-11:23 - DEBUG - Found 1 changes, starting update process. 26.03.2018-11:23 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 26.03.2018-11:23 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 26.03.2018-11:23 - DEBUG - Create Let's Encrypt SSL Cert for: domain2.com 26.03.2018-11:23 - DEBUG - Let's Encrypt SSL Cert domains: --domains domain2.com --domains www.domain2.com 26.03.2018-11:23 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains domain2.com --domains www.domain2.com --webroot-path /usr/local/ispconfig/interface/acme Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Cert not yet due for renewal Keeping the existing certificate 26.03.2018-11:23 - DEBUG - Let's Encrypt Cert config path is: /etc/letsencrypt/renewal/domain2.com.conf. 26.03.2018-11:23 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/domain2.com/fullchain.pem exists. 26.03.2018-11:23 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web1/.php-fcgi-starter 26.03.2018-11:23 - DEBUG - Enable SSL for: domain2.com 26.03.2018-11:23 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/domain2.com.vhost 26.03.2018-11:23 - DEBUG - Processed datalog_id 6313 26.03.2018-11:23 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 26.03.2018-11:23 - DEBUG - Restarting httpd: systemctl reload apache2.service 26.03.2018-11:23 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished. /usr/local/ispconfig/server/server.sh 26.03.2018-11:23 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 26.03.2018-11:23 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished.
Strange, for some reason, Let's Encrypt SSL box does not stay checked. I tried multiple times, it goes back to unchecked. Certificate is valid and website works under HTTPS.
FYI: All other other websites I have Let's Encrypt SSL check box are all unchecked but SSL certificate is valid and website works under HTTPS. Do you know why is this?