Break letsencrypt under ISP

Discussion in 'Tips/Tricks/Mods' started by Poliman, Aug 31, 2017.

  1. Poliman

    Poliman Member

    I have server with ISP 3.1.6 and Ubuntu 14.04.5 LTS. I have done commands below to install LE on my server:
    Code:
    mkdir /opt/certbot
    cd /opt/certbot
    wget https://dl.eff.org/certbot-auto
    chmod a+x ./certbot-auto
    then I run command:
    Code:
    ./certbot-auto
    which gives output like on first screen marked as 1.jpg. Like console suggested I leave input blank and hit Enter key. After this ssl was generated and I got question should the http requests be redirected to https - I said no. After this installing procedure was finished. Under ISP Panel I can't enable LE option. Only SSL can be checked (but it doesn't matter it's check or not - ssl probably works, you can check). Under /etc/letsencrypt directory I have directories inside which are files belonging to specified/ listed websites.
    How can I fix this? I used tutorial https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt. On another threads I have found commands:
    Code:
    apt-get -y install letsencrypt
    apt-get -y install certbot
    but neither first one nor second can't work for Ubuntu 14.04, so I used commands from link above.

    PS
    Probably SSL is created properly. I checked https://www.ssllabs.com/ssltest/analyze.html?d=learningflow.net and it gives information that cert is given but generated from ./certbot-auto not ISP panel.
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      71.8 KB
      Views:
      8
  2. Tuumke

    Tuumke Member

    According to the manuals, you shouldn't run certbot-auto.
    But it also states that you install it via apt-get install letsencrypt. If it cant find that, might need to add repo's?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You may run certbot-auto to install certbot, but do not create any certs with certbot-auto or LE will get disabled for these domains in ISPConfig plus changes in websites will fail for these sites as well in future as certbot messes up the apache config. Search for apache vhost config files with "-le" in their name and remove them.
     
  4. Poliman

    Poliman Member

    Thank You people for answers. Generally I did what tutorial said. Unfortunatelly tutorial not explain what to do when script asks about some operation. So, I have in /etc/apache2/sites-enabled symbolic link to file learningflow.net.vhost-le-ssl.conf. After remove it what should I do next - run ./certbot-auto? If yes - what to do when I will be asked about some operations?

    PS
    Till - in post https://www.howtoforge.com/communit...cates-into-ispconfig.71055/page-9#post-364571 You said that guy should delete '-le' file and also some files from related with /etc/letsencrypt directory.
     
    Last edited: Aug 31, 2017
  5. Turbanator

    Turbanator Member HowtoForge Supporter

    when you first ran certbot-auto, you should NOT have hit Enter when the domain list was shown. You should have chosen C to cancel and let ISPC handle the ssl creation via LE.
     
  6. Poliman

    Poliman Member

    Good to know. So now I have to do something with generated ssl cert, run again certbot-auto and then hit 'c'. Problem is what to do? :D

    PS
    I have done what Till said in thread mentioned earlier - I just removed each file/folder with domain name in his name from directories - archive, live, renewal. After this I ran ./certbot-auto and then - as Turbanator said - I pressed C when domains list appear.
     
    Last edited: Sep 1, 2017
  7. Turbanator

    Turbanator Member HowtoForge Supporter

    Now if you go to ISPC and click ssl and LE, does it work?
     
  8. ahrasis

    ahrasis Active Member

    Just before going ISPC > Websites and check SSL & LE, do ensure that you have dns set for the respective website(s) and its/their dns has been properly propagated.
     
  9. Poliman

    Poliman Member

    Yes, I just clicked LE and then SSL was automatically clicked, then "save" and voila. ;)
    All time I check that particular domain is visible on the Internet (without https) and then I try turn on ssl. ;)
     
    ahrasis likes this.

Share This Page