Unable to connect to 8080 after manual LetsEncrypt renewal

Discussion in 'Installation/Configuration' started by comsupany, Oct 17, 2021.

  1. comsupany

    comsupany New Member

    My LetsEncrypt cert did not autorenew so I tried to manually renew it and in the process now I cannot connect the ISPConfig to reenable the LE option in the web interface.

    ...This is what I did:
    disabled LetsEncrypt for the site in:
    sites/web domain/let's encrypt ssl

    ...delete the cert (twice) se:
    https://www.howtoforge.com/community/threads/urgent-renewed-le-cert-is-not-working-on-iphones.87477/

    certbot delete --cert-name mail.usnmit.com
    certbot delete --cert-name mail.usnmit.com

    now I can't get into the website to reenable LE option!!

    **how do I completely remove and renew the LE cert?**


    systemctl status apache2.service gives me:

    root@mail:/etc/letsencrypt/renewal# systemctl status apache2.service
    ● apache2.service - The Apache HTTP Server
    Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
    Drop-In: /lib/systemd/system/apache2.service.d
    └─apache2-systemd.conf
    Active: failed (Result: exit-code) since Sun 2021-10-17 10:54:26 CDT; 9min ago
    Process: 29010 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
    Process: 1621 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
    Process: 2568 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
    Main PID: 7200 (code=exited, status=0/SUCCESS)

    Oct 17 10:54:26 mail.usnmit.com systemd[1]: Starting The Apache HTTP Server...
    Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vh
    Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt
    Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: Action 'start' failed.
    Oct 17 10:54:26 mail.usnmit.com apachectl[2568]: The Apache error log may have more information.
    Oct 17 10:54:26 mail.usnmit.com systemd[1]: apache2.service: Control process exited, code=exited status=1
    Oct 17 10:54:26 mail.usnmit.com systemd[1]: apache2.service: Failed with result 'exit-code'.
    Oct 17 10:54:26 mail.usnmit.com systemd[1]: Failed to start The Apache HTTP Server.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    seems as if you deleted the certificate for the server hostname, which is used by all kind of services, which fail now due to the missing cert. Never delete a cert when it does not renew, instead, look why it does not renew and then fix the cause of the non-renewal instead.

    The best option to fix your system is probably to run an ISPConfig update and let the ISPConfig updater create a new ssl cert.
     
  3. comsupany

    comsupany New Member

    I ran the update but when I try to open the web interface in firefox it says:
    Secure Connection Failed
    An error occurred during a connection to mydomain.com:8080. SSL received a record that exceeded the maximum permissible length.
    Error code: SSL_ERROR_RX_RECORD_TOO_LONG
    in chrome it says:
    This site can’t provide a secure connection mydomain.com sent an invalid response.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is the error message different than before you ran update?
    Did you choose during ispconfig update to create new certificate and force reconfigure services?
     
  5. comsupany

    comsupany New Member

    The web errors are the same but I get these errors when I run ispconfig_update.sh --force
    PHP Warning: copy(/usr/local/ispconfig/interface/ssl/ispserver.crt): failed to open stream: No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3020
    PHP Warning: copy(/usr/local/ispconfig/interface/ssl/ispserver.key): failed to open stream: No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3023
    Cert not yet due for renewal
    Keeping the existing certificate
    PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3117
    PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.Ncod1Ml47R/install/lib/installer_base.lib.php on line 3118
    Issuing certificate seems to have succeeded but /etc/letsencrypt/live/mail.mydomain.com/cert.pem seems to be missing. Falling back to self-signed.
    Can't load /home/manager/.rnd into RNG
    139754959024576:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/manager/.rnd
    Generating a RSA private key
    ..........................................................++++
    .................++++
    writing new private key to '/usr/local/ispconfig/interface/ssl/ispserver.key'
    req: Can't open "/usr/local/ispconfig/interface/ssl/ispserver.key" for writing, Too many levels of symbolic links
    Reconfigure Crontab? (yes,no) [yes]:
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Moved the post to the correct forum now.
     

Share This Page