Hi, I've just upgraded as the title says. Using Ubuntu 14.04 + Apache. Installed CertBot: apt-get install software-properties-common add-apt-repository ppa:certbot/certbot apt-get update apt-get install python-certbot-apache certbot --apache certonly Applied HTTPS for 1 website only, the rest I'll manage with the webinterface. Should be possible? However, the "Lets Encrypt SSL" get's unselected after a short time. The log: 2017-06-26 11:XXEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/SITE.TLD/fullchain.pem. Your cert will expire on 2017-09-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" What am I missing?
Do not run: certbot --apache certonly as this will disable the ability to use letsencrypt with this web site in ispconfig for this domain. When you want to have an LE cert for a website, just login to ISPConfig and enable the letsencrypt checkbox in the website settings of the site where you want to get an LE cert for.
So what can I do now? Remove Certbot, or the created SSL, then reinstall as shown? Except from the "--apache certonly" part
Yes. It's strange the guides for installations here, ain't updated for LetsEncrypt yet. It claims for apt-get install letsencrypt, which seems to be outdated. Any other suggestions for getting LE to work with ISPConfig 3.1.4?
The guides are up to date and show you how to install a supported LE client. Installing it from another untested source like you try to do it might work, but it is untested. If you want to find out why LE fails on your server, see LE FAQ: https://www.howtoforge.com/community/forums/general.25/
I've checked the FAQ yesterday, same results. How would you install LE? No guide here for LE @ Ubuntu 14.04: https://www.howtoforge.com/the-perf...d-mysql-php-postfix-dovecot-and-ispconfig3-p6 And for 16.04, I believe it's outdated: https://www.howtoforge.com/tutorial...ginx-and-ispconfig-3/2/#-install-lets-encrypt - people has posted comments for the same issue?
I'm not using Ubuntu 14.04 anymore and we did not test that version with LE. But I see no reason why it should not work as long as either letsencrypt or certbot client is installed. The FAQ shows you what to check and you can also use the general ISPConfig debug mode to get more debug output when you enable lE. Regarding Ubuntu 16.04, the steps in the tutorial should work fine. There is always someone who did not get something to work when a tutorial is used by many thousand users., even when the tutorial is correct. And almost all problems with LE occur because domains or subdomains are not reachable from the server or from outside or the cert has been created outside of ISPConfig like in your case which then blocks the domain and will cause renewals to fail. You updated to ISPConfig 3.1.x with "reconfigure services = yes"? And you don't use a custom vhost template for the websites? In case you have a ustom template, then you need to adjust it for ISPConfig 3.1. Ubuntu 14.04 has probable a very old apache version, so it might even be that you have to run Tools > resync to update all website vhosts to make them LE compatible.
I updated ISPConfig from 3.0.x to 3.1.x yes, and with "yes" for reconfigure services. No custom templates. I've also done the resync, but do still have the LE issue. Please, again, how would you install LE on Ubuntu 14.04? I must be missing something, or maybe an ISPConfig bug for Ubuntu 14.04?
Use the debug mode to find out why LE fails on your system: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
Done. The most interesting part is: Could not verify domain domain.tld Could not verify domain www.domain.tld DNS records for domain.tld and www.domain.tld are created, and works very well with HTTP requests. Looking forward to your reply
Is your server behind a router? If yes, then it might be impossible to reach the domains from the server (which ispconfig tries). In that case, disable the LE check under System > server config. You have to take care yourself then that no website contains a domain or subdomain where a dns record is missing as LE will fail for all domains in that case.
Yes, always ISPConfig / any other webserver, behind a router / firewall. Now it seems to be working on 1 website. When I try to enable it for another website too, it says the site is insecure. Example: Enabling SSL for www.domain1.tld, works. Enabling SSL for another website, www.domain2.tld, gives a warning in a browser afterwards, and shows content from www.domain1.tld. Should LE not work for any website you create? Unique SSL certificates for each site? Where DNS are fine of course.
1) see Letsencrypt log. 2) https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
Any advice, when I can't do the following command: apt-get install python-certbot-apache The package could not be located, even when add-apt-repository ppa:certbot/certbot has been set.
Code: $ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache is the official way, python-certbot-apache seems to be in the ppa https://launchpad.net/~certbot/ archive/ubuntu/certbot aswell WELL I don't know wether ppa: stuff needs to have archive aswell, since 14.04 is "old". But a more familiar debian way would be modifying your /etc/apt/sources.list and put Code: deb http://ppa.launchpad.net/certbot/certbot/ubuntu trusty main deb-src http://ppa.launchpad.net/certbot/certbot/ubuntu trusty main in for 14.04 and then just run Code: $ sudo apt-get update $ sudo apt-get install python-certbot-apache