Hi there everyone, System/Server Config/SSL Settings/Skip LE Check is checked I set up my rspamd panel via these instructions. https://www.howtoforge.com/replacin...make-rspamd-dashboard-accessible-from-outside During this setup, I was unable to enable LE SSL. When I was done, I was able to visit the panel and log in without issue via non SSL. I gave it a few days for DNS to settle but I continue to be unable to create an LE cert(in spite of Skip check being enabled). To be clear, I can reach the site from all browsers and PCs/phones. The issue is only that I can't create the cert. In browsers that force SSL, I end up at the 1st domain on the server, sorted alphabetically. Debug shows that in spite of me telling LE not to check, that it's unable to route the name to the server. What can I do to resolve this? Can I tell LE somehow to really and truly ignore warnings? Can I change the DNS that the server uses that seems to sometimes lag a week or more behind every other DNS that my devices use to see that these names are routing the the server correctly? Debug: Code: root@system:~# /usr/local/ispconfig/server/server.sh 08.05.2023-20:49 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 08.05.2023-20:49 - DEBUG [server:177] - Found 1 changes, starting update process. 08.05.2023-20:49 - DEBUG [plugins.inc:118] - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 08.05.2023-20:49 - DEBUG [plugins.inc:118] - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: chattr -i '/var/www/clients/client1/web16' - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web16' - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: df -T '/var/www/clients/client1/web16'|awk 'END{print $2,$NF}' - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -u 'web16' '0' '0' 0 0 -a &> /dev/null - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: setquota -T -u 'web16' 604800 604800 -a &> /dev/null - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: chattr +i '/var/www/clients/client1/web16' - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 08.05.2023-20:49 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0 08.05.2023-20:49 - DEBUG [letsencrypt.inc:431] - Create Let's Encrypt SSL Cert for: rspamd.schwimserver.com 08.05.2023-20:49 - DEBUG [letsencrypt.inc:432] - Let's Encrypt SSL Cert domains: 08.05.2023-20:49 - DEBUG [system.inc:1819] - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d rspamd.schwimserver.com -d www.rspamd.schwimserver.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then /root/.acme.sh/acme.sh --install-cert -d rspamd.schwimserver.com -d www.rspamd.schwimserver.com --key-file '/var/www/clients/client1/web16/ssl/rspamd.schwimserver.com-le.key' --fullchain-file '/var/www/clients/client1/web16/ssl/rspamd.schwimserver.com-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi [Mon 08 May 2023 08:49:46 PM CDT] www.rspamd.schwimserver.com:Verify error:DNS problem: NXDOMAIN looking up A for www.rspamd.schwimserver.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.rspamd.schwimserver.com - check that a DNS record exists for this domain [Mon 08 May 2023 08:49:46 PM CDT] Please check log file for more details: /var/log/ispconfig/acme.log 08.05.2023-20:49 - WARNING - Let's Encrypt SSL Cert for: rspamd.schwimserver.com could not be issued. 08.05.2023-20:49 - WARNING - R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d rspamd.schwimserver.com -d www.rspamd.schwimserver.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then /root/.acme.sh/acme.sh --install-cert -d rspamd.schwimserver.com -d www.rspamd.schwimserver.com --key-file '/var/www/clients/client1/web16/ssl/rspamd.schwimserver.com-le.key' --fullchain-file '/var/www/clients/client1/web16/ssl/rspamd.schwimserver.com-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 08.05.2023-20:49 - DEBUG [apache2 plugin.inc:1874] - Writing the vhost file: /etc/apache2/sites-available/rspamd.schwimserver.com.vhost 08.05.2023-20:49 - DEBUG [apache2 plugin.inc:1992] - Apache status is: running 08.05.2023-20:49 - DEBUG [services.inc:56] - Calling function 'restartHttpd' from module 'web_module'. 08.05.2023-20:49 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service 08.05.2023-20:49 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0 08.05.2023-20:49 - DEBUG [web module.inc:246] - Restarting httpd: systemctl restart apache2.service 08.05.2023-20:49 - DEBUG [apache2 plugin.inc:1995] - Apache restart return value is: 0 08.05.2023-20:49 - DEBUG [apache2 plugin.inc:2006] - Apache online status after restart is: running 08.05.2023-20:49 - DEBUG [modules.inc:240] - Processed datalog_id 238 08.05.2023-20:49 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. root@system:~# Domain records:
Are you attempting both www.rspamd and rspamd? Because I can only see rspamd there in the dns setting.
And that's one of the reasons why Let's Encrypt failed here. This check exists to exclude domains that do not exist in DNS before passing the domain list to acme.sh or certbot, as both LE clients will fail to issue the complete cert if one of the included domains does not exist in DNS. Like @ahrarsis mentioned, you are trying to create an SSL cert for rspamd.schwimserver.com and [www. rspamd.schwimserver.com (you probably enabled auto-subdomain www in that website), and there is no DNS for www. rspamd. schwimserver.com and due to disabled Let's Encrypt check, the non existing domain can not be excluded automatically. To fix your issue, set auto subdomain to none in that website.
Thank you both so much for your help. I mistakenly took " just leave everything at the defaults." in the tutorial to mean all the default settings and I shouldn't have. Reading the error log, I thought that maybe LE always tried www for the cert and didn't stop to think that I had left that enabled. Thank you again. disabling www resolved the issue and the cert was successfully created.
