Hi All, Has anyone encountered an issue where the vhost file is not actually updated after selecting "SSL" for a web domain? The file timestamp is updated but the file remains the same. I have not found any errors in the log. Thanks!
Enabling the SSL checkbox is not enough, as you need an SSL cert for a website as well. If ISPConfig would write a SSL section into the host file when you do not have a SSL cert for the site, then the web server would fail to start. So you must either enable the "Let's Encrypt" checkbox too to get a free Let's Encrypt SSL certificate. Or you must create a SSL cert on the SSL tab of the site.
Thanks for your super quick reply Till! I have tried ticking the Let's Encrypt box. I have also used: certbot --apache certonly To create certificates for the domains but it still won't update the vhost file for the domain. Other domains are working with SSL they were created a long time ago without issue. Edit: I also created appropriate symbolic links links to the Let's Encrypt files but that didn't fix it. I then copied the SSL section of one of the other domains, pasted it into the vhost file, and corrected the domain name, client and web entries. That works without issue... So it should be exactly the same as what ISPconfig produces. I assume that this section will be removed the next time ISPconfig updates the vhost file though. Again there are no error reports on why the vhost file fails to be generated with an SSL section although ISPconfig is aware that it has not done anything as the boxes do not remain ticked.
That's a really bad Idea. Never do that on an ISPConfig server, it breaks the websites and make them unmanageable. You can't use ISPConfig for these sites anymore after using this command unless you manually cleaned up the server from the mess certbot did. Then the site was likely already broken by manual use of certbot. Certbot really creates a mess in config files when used manually on a system. are there any files with '-le' in the name in the apache sites-enabled folder? To find out why LE refuses to issue a certificate, all you have to do is to follow this checklist step-by-step: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/
Thank you very much Till. I will work through that step-by-step and report back. The only files in /etc/apache2/sites-enabled/ are the expected vhost files. None of them contain '-le' in their names.
