[Ubuntu 20.04.02|ISPConfig 3.2.5|certbot 1.16.0] letsencrypt not issuing new certificate

Discussion in 'Installation/Configuration' started by fishtail, Jul 1, 2021.

  1. fishtail

    fishtail New Member

    Hi.
    I have registered a new site in ISPConfig, switched to the SSL tab, filled out the info, switched back to the "Domain" tab, and checked "Let's Encrypt SSL", waited a few minutes, go back to the same config, and the checkboxes disappeared.
    I've examined letsencrypt.log, no new entries.
    Thoughts? Any assistance is greatly appreciated.
    Thanks...
     
    fishtail, Jul 1, 2021
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Jul 1, 2021
    #2
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Also, there is no need to fill those details. You can leave the SSL tab alone when using Let's Encrypt.
     
    Th0m, Jul 1, 2021
    #3
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Agreed with @Th0m statement above i.e. you don't need to fill them in. Further, you need to delete them, if you have done that earlier. Do follow the FAQ mentioned by @till above to troubleshoot if you the same problem again.
     
    ahrasis, Jul 2, 2021
    #4
  5. fishtail

    fishtail New Member

    hey guys, thanks for jumping in with suggestions. I've finally got something writing to letsencrypt.log...what do you guys think the problem is?

    Code:
    2021-07-01 23:17:02,522:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-07-01 23:17:02,743:DEBUG:certbot._internal.main:certbot version: 1.16.0
2021-07-01 23:17:02,743:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1201/bin/certbot
2021-07-01 23:17:02,743:DEBUG:certbot._internal.main:Arguments: ['-n', '--text', '--agree-tos', '--cert-name', 'companyname.com', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--webroot-map', '{"companyname.com":"\\/usr\\/local\\/ispconfig\\/interface\\/acme","www.companyname.com":"\\/usr\\/local\\/ispconfig\\/interface\\/acme"}', '--preconfigured-renewal']
2021-07-01 23:17:02,743:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-01 23:17:02,750:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-01 23:17:02,751:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2021-07-01 23:17:02,753:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f558868a940>
Prep: True
2021-07-01 23:17:02,753:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f558868a940> and installer None
2021-07-01 23:17:02,753:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-07-01 23:17:02,807:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1201/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main
    return config.func(config, plugins)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1396, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 742, in _init_le_client
    acc, acme = _determine_account(config)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 650, in _determine_account
    acc = display_ops.choose_account(accounts)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/display/ops.py", line 84, in choose_account
    code, index = z_util(interfaces.IDisplay).menu(
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/display/util.py", line 539, in menu
    self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/display/util.py", line 495, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['domain1.com@2019-10-22T16:24:06Z (25e7)', 'domain1.com@2018-04-19T18:57:11Z (b79e)', 'domain2.com@2020-11-13T06:03:05Z (5d76)']
2021-07-01 23:17:02,808:ERROR:certbot._internal.log:Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['domain1.com@2019-10-22T16:24:06Z (25e7)', 'domain1.com@2018-04-19T18:57:11Z (b79e)', 'domain2.com@2020-11-13T06:03:05Z (5d76)']
2021-07-01 23:17:03,097:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-07-01 23:17:03,316:DEBUG:certbot._internal.main:certbot version: 1.16.0
2021-07-01 23:17:03,316:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1201/bin/certbot
2021-07-01 23:17:03,316:DEBUG:certbot._internal.main:Arguments: ['--domains', 'companyname.com', '--domains', 'www.companyname.com', '--preconfigured-renewal']
2021-07-01 23:17:03,316:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-01 23:17:03,323:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-01 23:17:03,332:DEBUG:certbot.display.util:Notifying user: Found the following matching certs:
     
    fishtail, Jul 2, 2021
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You seem to have created two accounts in certbot, there can be only one account. you have to delete one Let's encrypt account in certbot, the one that has no or the least amount of issued certs.
     
    till, Jul 2, 2021
    #6
    JettB likes this.
  7. fishtail

    fishtail New Member

    after using "certbot unregister --account XXXXXX" and deleted the two extra accounts in acme-staging-v02.api.letsencrypt.org/directory (leaving the symbolic link that goes to acme-staging-v01.api.letsencrypt.org/directory), it created the cert for the new site now!

    THANK YOU to everyone that jumps in and offered assistance.

    write-up:
    - I went to "/etc/letsencrypt/renewal" and "grep -i account *.conf" to get a list of all the certbot accountID
    - "cd /etc/letsencrypt/accounts/" and examined acme-v02.api.letsencrypt.org/directory and saw one symbolic link to acme-v01.api.letsencrypt.org/directory/ and two files
    - I "more" acme-v01.api.letsencrypt.org/directory/XXXXX/regr.json and make sure the content makes sense
    - I went back to "acme-v02.api.letsencrypt.org/directory/" (probably not necessary) and "certbot unregister --account XXXXXX" the two IDs that I don't need
    - I went to the portal, selected the site, uncheck "Let's Encrypt SSL", Save, went back and check it (probably not necessary either)
    - meanwhile, I have "tail -f /var/log/letsencrypt/letsencrypt.log" and, after a few seconds, I saw the creation of the cert!
     
    fishtail, Jul 2, 2021
    #7
    JettB likes this.

Share This Page