Can't enable Let's Encrypt on server domain

Discussion in 'ISPConfig 3 Priority Support' started by Nexus Fred, Jul 30, 2020.

  1. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Hello,

    Few months ago I have secured my server following this tutorial

    Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate
    https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

    Everything was working well until few days ago when the server stop using the Let's Encrypt certificate.

    I try to re enable it with Let's Encrypt SSL checkbox on the website configuration without any success.

    When I check the Let's Encrypt log I have this indication

    2020-07-28 21:14:04,124:INFO:certbot.renewal:Cert not yet due for renewal
    2020-07-28 21:14:04,124:INFO:certbot.main:Keeping the existing certificate

    So if I well understand my certificate is valid but I can assign it to my server domain.

    Where can I find a log with a little more explanation about this issue ?


    Best Regards
    Nexus
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the Let's encrypt checkbox stay ticked?
     
  3. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    No checkbox remain unticked but the SSL one is ticked
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  5. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Thanks @Taleman

    The certbot is well installed and working.
    Yesterday I have mounted a new website on my server and I was able to generate a Let’s Encrypt SSL certificate for this domain without any problem.

    When I have secured my server with the tutorial "Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate"
    I had to create a website for my server domain "server.os.mydomain.tld" to be able to generate the Let's Encrypt SSL Cert.
    After that server.os.mydomain.tld & server.os.mydomain.tld:8080 had both a Let's Encrypt SSL Cert.
    The "Let's Encrypt SSL" checkbox was ticked.

    But now I have the cert with server.os.mydomain.tld:8080 but not on server.os.mydomain.tld and the "Let's Encrypt SSL" checkbox is not ticked.

    That really strange because
    on https
    mydomain.tld I have a Let's Encrypt SSL Cert valid until 2020-09-25.
    server.os.mydomain.tld:8080 I have a Let's Encrypt SSL Cert valid until 2020-09-27.
    server.os.mydomain.tld I have the Let's Encrypt SSL Cert from the first domain in the Website section.

    On my mailer
    server.os.mydomain.tld:143 I have an expired Let's Encrypt SSL Cert since 2020-07-28?

    I do not have any website on server.os.mydomain.tld but I use it only for emails purposes.

    This is the Let’s Encrypt log
    Code:
    2020-07-31 15:24:02,930:DEBUG:certbot.main:certbot version: 0.27.0
    2020-07-31 15:24:02,932:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'server.os.mydomain.tld', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2020-07-31 15:24:02,932:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-07-31 15:24:02,942:DEBUG:certbot.log:Root logging level set at 20
    2020-07-31 15:24:02,943:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-07-31 15:24:02,944:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2020-07-31 15:24:02,944:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f6d7fa28908>
    Prep: True
    2020-07-31 15:24:02,945:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f6d7fa28908> and installer None
    2020-07-31 15:24:02,945:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
    2020-07-31 15:24:02,952:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/84130946', new_authzr_uri=None, terms_of_service=None), 191ddb6a6d867caf9368f5ed8b76aacf, Meta(creation_dt=datetime.datetime(2020, 4, 22, 10, 1, 8, tzinfo=<UTC>), creation_host='server.os.mydomain.tld'))>
    2020-07-31 15:24:02,953:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
    2020-07-31 15:24:02,955:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    2020-07-31 15:24:03,567:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
    2020-07-31 15:24:03,569:DEBUG:acme.client:Received response:
    HTTP 200
    Server: nginx
    Date: Fri, 31 Jul 2020 13:24:03 GMT
    Content-Type: application/json
    Content-Length: 658
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    {
      "_wXDkyBWYes": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
      },
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
    }
    2020-07-31 15:24:03,631:INFO:certbot.renewal:Cert not yet due for renewal
    2020-07-31 15:24:03,631:INFO:certbot.main:Keeping the existing certificate
    
    When I enable the server debug mode I get this message when I try to generate the server Let’s Encrypt certificate
    "Let's Encrypt Cert file: does not exist."

    My Unix Admin and SSL knowledges do not let me understand what going on here :)
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the full debug output that you get on the command line.
     
  7. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Hello,
    A friend solved my problem.
    Thanks all for your help.
     

Share This Page