Can't get Let's Encrypt working on the hosting panel

Discussion in 'Installation/Configuration' started by johannes1985, Aug 29, 2019.

  1. johannes1985

    johannes1985 Member HowtoForge Supporter

    Hi,

    I have followed both of these without success:
    https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
    https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/


    With the first one, I create the site for example my fqdn is web1.example.com, then I create a site with the fqdn web1.example.com.
    I create a new DNS zone, also web1.example.com, I also added and A record to the original DNS zone, web1 point to the server ip.

    And the steps up to "Changing ISPConfig 3 Control Panel (Port 8080)".

    The ssl certificates does get generated and when I visit the panel the error I receive is that it does not correspond with the current address (I can't remember the error message exactly, but it summarize to that), when I check the certificate in the browser it does state it is a let's encrypt certificate with the domain as web1.example.com.

    So I started over fresh with the second guide from ahrasis, the scripts completes and then nothing works, ftp, imap and smtp down. I had to start over again.

    I am on the latest version of ISP Config and using Apache.

    Please help as I am starting to pull my hair out.
     
    Last edited: Aug 29, 2019
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    According to that you create website web1.example.com twice. In addition to that, if you already have FQDN web1.example.com, you can not create domain web1.example.com.
    Have you verified you DNS is correctly set up? If DNS does not work properly, that is one reason why Let's Encrypt fails.
     
  3. johannes1985

    johannes1985 Member HowtoForge Supporter

    Let's encrypt is working perfectly, I did it exactly as on the tutorial.

    Here is the error it gives me:
    NET::ERR_CERT_COMMON_NAME_INVALID

    https://web1.relianx.com/

    Note: I have not tried it again, this is only the A record pointing to the hosting. Should I remove the A record from the one zone and only add it to the other?
     
  4. johannes1985

    johannes1985 Member HowtoForge Supporter

    It gives exactly the same error when I remove the web1 A record from zone relianx.com and create a new zone with web1.relianx.com
     
  5. johannes1985

    johannes1985 Member HowtoForge Supporter

    In summary my setup are as follows:

    DNS Zones:
    relianx.com (with an A record for web1)
    web1.relianx.com

    Sites:
    relianx.com
    web1.relianx.com

    SSL:
    The certificate for relianx.com is created on the panel.
    the certificate for web1.relianx.com is created via ssh exactly as on the tutorial.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The tutorial creates the LE cert in the panel too. I'll cite the chapter:

    So if you did not create the cert in the panel as described in the tutorial, then the whole setup can not work.
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Do you now remember the exact error message?
     
  8. johannes1985

    johannes1985 Member HowtoForge Supporter

    That was also done, I am referring to these commands at the ssh terminal:

    Code:
    cd /usr/local/ispconfig/interface/ssl/
    mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
    ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
    cat ispserver.{key,crt} > ispserver.pem
    chmod 600 ispserver.pem
    Every step works fine, even after the above command. Yet going to https://relianx.com:8080 I am greeted with NET::ERR_CERT_COMMON_NAME_INVALID.

    Checked the certificate is does show web1.relianx.com and that the issuer is let's encrypt.
     
  9. johannes1985

    johannes1985 Member HowtoForge Supporter

    NET::ERR_CERT_COMMON_NAME_INVALID. <-- On chrome (Checked the certificate is does show web1.relianx.com and that the issuer is let's encrypt.)
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no problem with your setup at all. You just made a typo while accessing ISPConfig. The control panel has to be accessed through the server hostname and there you entered a wrong URL. You entered:

    https://relianx.com:8080

    which is wrong as it's not the hostname of the server. Your browser noticed the mistake and warned you with the message "NET::ERR_CERT_COMMON_NAME_INVALID".

    The correct URL to access ISPConfig is:

    https://web1.relianx.com:8080
     
  11. johannes1985

    johannes1985 Member HowtoForge Supporter

    Thank you Till, I will quickly test it again later tonight and provide feedback.
     

Share This Page