According to the manual I ran: and after the installation I got: So this obviously differs from the manual, what now? btw. I am not using apache2 but nginx with the latest Debian8 according to a perfect server setup.
Just checking the letsencrypt box in ISPCFG3 only ends up in an email: Subject: 29.10.2016-12:43 - WARNING - Let's Encrypt SSL Cer... 29.10.2016-12:43 - WARNING - Let's Encrypt SSL Cert for: domain.tld could not be issued. checking the logs I see: Code: 2016-10-29 11:43:02,063:WARNING:certbot.cli:You are running with an old copy of letsencryp t-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages. 2016-10-29 11:43:02,063:DEBUG:certbot.cli:Deprecation warning circumstances: /root/.local/ share/letsencrypt/bin/letsencrypt / {'LANG': 'en_GB.UTF-8', 'SHELL': '/bin/sh', 'SHLVL': '3', 'PWD': '/usr/local/ispconfig/server', 'LOGNAME': 'root', 'HOME': '/root', 'PATH': '/us r/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', '_': '/root/.local/share/letse ncrypt/bin/letsencrypt'} lots of cryptic text 2016-10-29 11:43:03,762:DEBUG:certbot.reporter:Reporting to user: Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates Domain: www.domain.tld Type: unauthorized Detail: Invalid response from http://www.domain.tld/.well-known/acme-challenge/cj CWGZSa7ibipS1AzAEcEfPXgjfqutjOYN7VaI9Efs: "<html> the lst error let met to check DNS and I had forgotten this domain was protected by CloudFlare so I removed CloudFlare from the equation but nginx is still giving a 403 forbidden error.
nginx logs were showing: Code: access forbidden by rule so I figured out that I had modified: /usr/local/ispconfig/server/conf-custom/nginx_vhost.conf.master based on a copy of /usr/local/ispconfig/server/conf/nginx_vhost.conf.master but meanwhile a change had happened in the original and Code: ## Disable .htaccess and other hidden files location ~ /\. { deny all; access_log off; log_not_found off; } had been replaced by Code: ## Disable .htaccess and other hidden files location ~ /\.(?!well-known/acme-challenge/) { deny all; access_log off; log_not_found off; } so now I am one step further, nginx properly forwards the request but is is caught by Wordpress, reporting: page not found so letsencrypt now says: Code: <html " FailedChallenges: Failed authorization procedure. www.die-kellerkinder.eu (http-01): urn:a cme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response fr om http://www.domain.tld/.well-known/acme-challenge/JWpwXwnoB2UasdfZStzaN4gWLQi4N i8h4ro3V6hI0OE
Ensure that you do not override or redirect request for letsencrypt in your custom wordpress directives.
these are the 2 custom nginx directives, do you see any problems here? Code: location / { try_files $uri $uri/ /index.html /index.php?$args; } location ~* \.(jpg|jpeg|png|gif|ico|pdf|woff|css|js)$ { expires 7d; add_header Cache-Control public; } here is the full vhost file on pastebin: http://pastebin.com/b42G6DDX
apache2ctl is not needed as ispconfig does not use any of the certbot auto config features. Regarding nginx config, most likely the location / catches the acme request and forwards it to wordpress, you can e.g. try to add an exclude with a if statement.
I will try and figure out an exclude statement. Do you by any chance have a default location snippet for / that is known to work? I could test it and see if that one also works with Wordpress. not sure what to say about apache2ctl, I did exactly the following according to: https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt Code: root@alfred:/opt/certbot# ls -al total 52 drwxr-xr-x 2 root root 4096 Oct 29 13:37 . drwxr-xr-x 4 root root 4096 Oct 29 13:36 .. -rwxr-xr-x 1 root root 44442 Oct 15 19:15 certbot-auto ./certbot-auto Saving debug log to /var/log/letsencrypt/letsencrypt.log │ │ Failed to find apache2ctl in PATH: │ │ /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
I was wondering why the manual says to manually download and install certbot which then in turn complains about it being old when the certbot website: https://certbot.eff.org/#debianjessie-nginx itself suggests: Code: sudo apt-get install certbot -t jessie-backports Code: 2016-10-29 11:43:02,063:WARNING:certbot.cli:You are running with an old copy of letsencryp t-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages. 2016-11-01 14:57:07,177:DEBUG:certbot.main:certbot version: 0.9.3 Also, not making much progress, found a hint that I would need this specific location which I added to my test site which now leads to a nginx 404 error. If I go to /var/www/domain.tld/web/ I cannot find any .well-know directory or symlink, how is this supposed to work? Code: location ~ /.well-known { }
Seems like my /usr/local/ispconfig/server/conf-custom/nginx_vhost.conf.master was heavily outdated. I have now copied the current /usr/local/ispconfig/server/conf/nginx_vhost.conf.master and added my edits to it. The missing part was: Code: location ~ /\.well-known/acme-challenge/ { root /usr/local/ispconfig/interface/acme/; index index.html index.htm; try_files $uri =404; } Let'sencrypt certificate is installed and working. Code: 2016-11-01 15:38:10,253:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/domain.tld/fullchain.pem. Your cert will expire on 2017-01-30. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" The update does not work btw. looks like letsencrypt is missing!? Code: letsencrypt-auto renew letsencrypt-auto: command not found Still my questions above still stand.
@till: I ran into the same issue and on top of that I cannot find my copy of the manual for ISPCFG 3.1 I purchased. Could I possibly get another download link please?
