Cannot get let's encrypt cert for new website

Discussion in 'ISPConfig 3 Priority Support' started by muekno, Apr 21, 2019.

  1. muekno

    muekno Member HowtoForge Supporter

    installed latest debian 9 following the latest minimal server doku
    installed then following the latest perfect server with apache for debian 9 and the ispconfig manual
    added server to latest ispconfig multiserver enviorement
    latest updates installed
    added website without ssl
    so long all went fine, default ispconfig new website shows, auto subdomain works
    checked ssl and let's encrypt
    tried to call new website with ssl, no ssl support,
    the checks for ssl an let's encrypt have disapeared
    retried check ssl and let's encrypt, no succsess
    what's wrong
    need help/hint
    thanks
    Rainer

    P.S. This worked last year with older ispconfig versions
     
    Last edited: Apr 21, 2019
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. muekno

    muekno Member HowtoForge Supporter

    Got FAQ response Debug log says WARNING - Could not verify domain
    but when I use https://certbot.eff.org/lets-encrypt/debianjessie-apache this decription I can get a cerificate. Where is the difference in checking the domain between what cerbot does an ispconfig does.
    tried this on an older server where it worked last year but no more with the latest ispconfig version.
    Thanks
    Rainer
     
  4. muekno

    muekno Member HowtoForge Supporter

    OK it works, the Skip check was the trick, I wonder why I didn't nee it before
    Happy Easter
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The difference is that ispconfig connects from your server and certbot connects from outside of your server. when your server is behind a nat router which forbids access from inside the network to a domain, then the ispconfig check must fail and for such cases, the check can be disabled. but you must be aware that you will have to take care manually now that all domains really exist as a cert will fail now if a single domain is not ok in dns.
     

Share This Page