Can't get Let's Encrypt working on the hosting panel

Discussion in 'Installation/Configuration' started by johannes1985, Aug 29, 2019.

  1. johannes1985

    johannes1985 Member


    I have followed both of these without success:

    With the first one, I create the site for example my fqdn is, then I create a site with the fqdn
    I create a new DNS zone, also, I also added and A record to the original DNS zone, web1 point to the server ip.

    And the steps up to "Changing ISPConfig 3 Control Panel (Port 8080)".

    The ssl certificates does get generated and when I visit the panel the error I receive is that it does not correspond with the current address (I can't remember the error message exactly, but it summarize to that), when I check the certificate in the browser it does state it is a let's encrypt certificate with the domain as

    So I started over fresh with the second guide from ahrasis, the scripts completes and then nothing works, ftp, imap and smtp down. I had to start over again.

    I am on the latest version of ISP Config and using Apache.

    Please help as I am starting to pull my hair out.
    Last edited: Aug 29, 2019
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    According to that you create website twice. In addition to that, if you already have FQDN, you can not create domain
    Have you verified you DNS is correctly set up? If DNS does not work properly, that is one reason why Let's Encrypt fails.
  3. johannes1985

    johannes1985 Member

    Let's encrypt is working perfectly, I did it exactly as on the tutorial.

    Here is the error it gives me:

    Note: I have not tried it again, this is only the A record pointing to the hosting. Should I remove the A record from the one zone and only add it to the other?
  4. johannes1985

    johannes1985 Member

    It gives exactly the same error when I remove the web1 A record from zone and create a new zone with
  5. johannes1985

    johannes1985 Member

    In summary my setup are as follows:

    DNS Zones: (with an A record for web1)


    The certificate for is created on the panel.
    the certificate for is created via ssh exactly as on the tutorial.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The tutorial creates the LE cert in the panel too. I'll cite the chapter:

    So if you did not create the cert in the panel as described in the tutorial, then the whole setup can not work.
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Do you now remember the exact error message?
  8. johannes1985

    johannes1985 Member

    That was also done, I am referring to these commands at the ssh terminal:

    cd /usr/local/ispconfig/interface/ssl/
    mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
    ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
    cat ispserver.{key,crt} > ispserver.pem
    chmod 600 ispserver.pem
    Every step works fine, even after the above command. Yet going to I am greeted with NET::ERR_CERT_COMMON_NAME_INVALID.

    Checked the certificate is does show and that the issuer is let's encrypt.
  9. johannes1985

    johannes1985 Member

    NET::ERR_CERT_COMMON_NAME_INVALID. <-- On chrome (Checked the certificate is does show and that the issuer is let's encrypt.)
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no problem with your setup at all. You just made a typo while accessing ISPConfig. The control panel has to be accessed through the server hostname and there you entered a wrong URL. You entered:

    which is wrong as it's not the hostname of the server. Your browser noticed the mistake and warned you with the message "NET::ERR_CERT_COMMON_NAME_INVALID".

    The correct URL to access ISPConfig is:
  11. johannes1985

    johannes1985 Member

    Thank you Till, I will quickly test it again later tonight and provide feedback.

Share This Page