Hi everyone, Configured ISPConfig 3.2.8p1, with NGINX webserver on Debian 11, one of the sites stopped working "Let's Encrypt", no matter what i do it doesn't want to turn on, can't understand why, I need your help! Thanks.
Just follow the let's Encrypt FAQ checklist from start to end to find out why LE refuses to issue a let#s encrypt cert: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/
None of the above was in the FAQ, reporting a recurring error where "Let's Encrypt" stops working when adding a subdomain. Or at the moment when you remove the use of "Let's Encrypt", and after that this function does not turn on. However, the certificate continues to work without the feature enabled.
The FAQ is for the exact issue you have, so please start following it now. Here again the link: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ Follow every single step incl. the last one, which instructs you to post the debug output which I don't see anywhere in your answer.
I did everything, tell me how to publish the debug output? Code: root@vps:~# /usr/local/ispconfig/server/server.sh finished server.php.
The output shows that you did not enable debug mode yet. Please follow all steps from the debug guide and do not leave out some steps. The debug log level must be enabled under system > server config. Then you check the let#s encrypt checkbox of the website and save, run server.sh as root user and post the result that you get on the screen.
Sorry, I saw, here is the debug code: Code: 14.08.2022-13:39 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 14.08.2022-13:39 - DEBUG [server:177] - Found 1 changes, starting update process. 14.08.2022-13:39 - DEBUG [plugins.inc:118] - Calling function 'ssl' from plugin 'nginx_plugin' raised by event 'web_domain_update'. 14.08.2022-13:39 - DEBUG [plugins.inc:118] - Calling function 'update' from plugin 'nginx_plugin' raised by event 'web_domain_update'. 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: chattr -i '/var/www/clients/client1/web1' - return code: 0 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web1' - return code: 0 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: df -T '/var/www/clients/client1/web1'|awk 'END{print $2,$NF}' - return code: 0 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -u 'web1' '0' '0' 0 0 -a &> /dev/null - return code: 0 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -T -u 'web1' 604800 604800 -a &> /dev/null - return code: 0 14.08.2022-13:39 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web1' - return code: 0 14.08.2022-13:40 - WARNING - Could not verify domain feedback.ua, so excluding it from letsencrypt request. 14.08.2022-13:40 - WARNING - Could not verify domain www.feedback.ua, so excluding it from letsencrypt request. 14.08.2022-13:40 - WARNING - Let's Encrypt SSL Cert for: feedback.ua could not be issued. 14.08.2022-13:40 - WARNING - 14.08.2022-13:40 - DEBUG [db mysql.inc:521] - NON-String given in escape function! (boolean) 14.08.2022-13:40 - DEBUG [nginx plugin.inc:1394] - Enable SSL for: feedback.ua 14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: nginx -V 2>&1 | grep 'built with OpenSSL' | sed 's/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0 14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: nginx -V 2>&1 | grep 'running with OpenSSL' | sed 's/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/' - return code: 0 14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: which 'nginx' 2> /dev/null - return code: 0 14.08.2022-13:40 - DEBUG [nginx plugin.inc:1623] - Enable TLS 1.3 for: feedback.ua 14.08.2022-13:40 - DEBUG [nginx plugin.inc:1916] - Writing the vhost file: /etc/nginx/sites-available/feedback.ua.vhost 14.08.2022-13:40 - DEBUG [nginx plugin.inc:3042] - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web1.conf 14.08.2022-13:40 - DEBUG [services.inc:56] - Calling function 'restartPHP_FPM' from module 'web_module'. 14.08.2022-13:40 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service 14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'php7.4-fpm' 2>&1 - return code: 0 14.08.2022-13:40 - DEBUG [web module.inc:316] - Restarting php-fpm: systemctl reload php7.4-fpm.service 14.08.2022-13:40 - DEBUG [nginx plugin.inc:2017] - nginx status is: running 14.08.2022-13:40 - DEBUG [services.inc:56] - Calling function 'restartHttpd' from module 'web_module'. 14.08.2022-13:40 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service 14.08.2022-13:40 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'nginx' 2>&1 - return code: 0 14.08.2022-13:40 - DEBUG [web module.inc:236] - Checking nginx configuration... 14.08.2022-13:40 - DEBUG [web module.inc:239] - nginx configuration ok! 14.08.2022-13:40 - DEBUG [web module.inc:246] - Restarting httpd: systemctl restart nginx.service 14.08.2022-13:40 - DEBUG [nginx plugin.inc:2020] - nginx restart return value is: 0 14.08.2022-13:40 - DEBUG [nginx plugin.inc:2027] - nginx online status after restart is: running 14.08.2022-13:40 - DEBUG [modules.inc:240] - Processed datalog_id 321 14.08.2022-13:40 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php.
Here you have your issue: The error means that either the domains do not point to the server in DNS (the FAQ mentions that you should check this), which means they can not be reached and therefore no LE cert can be issued, or your server is behind a NAT router that blocks access from the server to the domains, which means you must disable the let#s encrypt check. Both points are mentioned in the Let's encrypt FAQ btw. So now do the steps from LE error FAQ and verify that the domains are really pointing to the right server in DNS (check the IPv4 and IPv6 records) and also disable let#s encrypt checkbox if your system is behind a router.
Thank you very much! Dear Till, is it possible to get this wildcard certificate as *.DOMEN.COM using the service "Let's Encrypt"?
No, at least not by using domain validation as used in ISPConfig. Wildcard certs are only available using DNS auth, us forum search function if you like to know details on that. But ISPConfig automatically adds all sub and alias domains to the certificate automatically that you add in ISPConfig, which means that wildcard certs are normally not needed anyway. Just add all subdomains you want to use in ISPConfig for this website and they all get added automatically to the SSL cert. But don't forget that they must point to your server in DNS before you add them to the website!
