Freshly installed ISPconfig, no SSL via letsencrypt ; cryptic error

Discussion in 'Installation/Configuration' started by sjak_congnac, Jan 23, 2022.

  1. sjak_congnac

    sjak_congnac New Member

    • Installed a server according to perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1
    • When i create a site via the panel then i get working default place holder over http
    • When i enable ssl/letencrpt via admin the place holder via https is not working
    • I can see the certs are succesfully created
    I do not see any updates being done to the file in /etc/apache2 in regards to creating a 443 virtualhost.

    Any help is appreciated


    I enabled debug mode via *debugging-ispconfig-3-server-actions-in-case-of-a-failure/
    whenever i enable ssl/letsencrypt the log show me this:
    Code:
     Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web2' - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web2'|awk 'END{print $2,$NF}' - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Verified domain * should be reachable for letsencrypt.
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Verified domain * should be reachable for letsencrypt.
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Trying to use Systemd to restart service
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Create Let's Encrypt SSL Cert for: *
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Let's Encrypt SSL Cert domains:
    Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue  -d * -d * -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert  -d * -d * --key-file '/var/www/clients/client1/web2/ssl/xxx.tv-le.key' --fullchain-file '/var/www/clients/client1/web2/ssl/xxx.tv-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi
    Sun 23 Jan 2022 03:50:09 AM CET sh: 1: [[: not found
    Sun 23 Jan 2022 03:50:09 AM CET sh: 1: 2: not found
    Sun 23 Jan 2022 03:50:09 AM CET sh: 1: [[: not found
    Sun 23 Jan 2022 03:50:09 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    
    
    
    [CODE]
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)
    
    [INFO] uptime:  03:51:24 up  3:47,  3 users,  load average: 0.03, 0.09, 0.03
    
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:          7.8Gi       1.7Gi       5.9Gi        15Mi       233Mi       5.9Gi
    Swap:            0B          0B          0B
    
    [INFO] systemd failed services status:
      UNIT               LOAD   ACTIVE SUB    DESCRIPTION             
    ● networking.service loaded failed failed Raise network interfaces
    
    LOAD   = Reflects whether the unit definition was properly loaded.
    ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
    SUB    = The low-level unit activation state, values depend on unit type.
    
    1 loaded units listed. Pass --all to see loaded but inactive units, too.
    To show all installed unit files use 'systemctl list-unit-files'.
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.7p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.3.31-1~deb10u1
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.31
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
        Apache 2 (PID 9983)
    [INFO] I found the following mail server(s):
        Postfix (PID 8647)
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 8692)
    [INFO] I found the following imap server(s):
        Dovecot (PID 8692)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 8802)
    
    ##### LISTENING PORTS #####
    (only        ()
    Local        (Address)
    [localhost]:10024        (8677/amavisd-new)
    [localhost]:10025        (8647/master)
    [localhost]:10026        (8677/amavisd-new)
    [localhost]:10027        (8647/master)
    [anywhere]:587        (8647/master)
    [localhost]:11211        (10887/memcached)
    [anywhere]:110        (8692/dovecot)
    [anywhere]:143        (8692/dovecot)
    [anywhere]:8080        (9983/apache2)
    [anywhere]:80        (9983/apache2)
    [anywhere]:8081        (9983/apache2)
    [anywhere]:465        (8647/master)
    ***.***.***.***:53        (8814/named)
    ***.***.***.***:53        (8814/named)
    [localhost]:53        (8814/named)
    [anywhere]:21        (8802/pure-ftpd)
    [anywhere]:22        (497/sshd)
    [localhost]:953        (8814/named)
    [anywhere]:25        (8647/master)
    [anywhere]:443        (9983/apache2)
    [anywhere]:993        (8692/dovecot)
    [anywhere]:995        (8692/dovecot)
    *:*:*:*::*:3306        (8375/mysqld)
    *:*:*:*::*:587        (8647/master)
    [localhost]10        (8692/dovecot)
    [localhost]43        (8692/dovecot)
    *:*:*:*::*:465        (8647/master)
    *:*:*:*::*:53        (8814/named)
    *:*:*:*::*:21        (8802/pure-ftpd)
    *:*:*:*::*:22        (497/sshd)
    *:*:*:*::*:25        (8647/master)
    *:*:*:*::*:993        (8692/dovecot)
    *:*:*:*::*:995        (8692/dovecot)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination         
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:63005
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:63005
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1194
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22 /* 'dapp_OpenSSH' */
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:8080
    ACCEPT     tcp  --  ***.***.***.***/24         ***.***.***.***       tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:80
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    
    
    
    ##### LET'S ENCRYPT #####
    acme.sh is installed in /root/.acme.sh/acme.sh
    
    
    
    Sun 23 Jan 2022 03:50:09 AM CET 23.01.2022-03:50 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/xxx.tv.vhost[/CODE]
     
  2. sjak_congnac

    sjak_congnac New Member

    i have installed certbot besides acme.sh and it is now working, i rechecked if certbot install was part of the manual and it seems it is not.
    Hope this helps someone
     
  3. sjak_congnac

    sjak_congnac New Member

    now i add a new client and a new site and the problem is back
     
    Last edited: Jan 23, 2022
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You failed to set bash as/bin/sh.

    You should only install one letsencrypt client to avoid confusion/errors.
     
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    That is considered quite an old manual since the latest one suggest the use of ISPConfig Auto Installer on a minimal install instead and that would avoid all the troubles for most users especially new ones.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    As others mentioned, you did not follow the install guide closely, you skipped chapter 6, which now causes Let#s encrypt to fail. Redo chapter 6 if the installation guide to fix your setup.
     
  7. sjak_congnac

    sjak_congnac New Member

    Thank you, i can confirm this works, and thank you for pointing me to the auto installer.
    Can i suggest that the availability of the auto installer is mentioned with those perfect server tutorials. It would have saved me some time, perhaps others can be prevented to make the same mistake like i did
     
    Th0m likes this.
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Autoinstaller is mentioned in ISPConfig Documentation page: https://www.ispconfig.org/documentation/
    It is the first choice in the Installation instructions for ISPConfig 3 -chapter, and says
     
  9. sjak_congnac

    sjak_congnac New Member

    @Taleman Thank you, i think it can be a idea to add the availability of the auto installer to all the perfect server guides. If i search for perfect server guides via search engine i miss the page you referring too thus not seeing the availability of the auto installer. Like in the below site(i cannot post links yet because of freshness to the forum)

    upload_2022-1-24_11-16-23.png
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    If you go to the central source for ISPConfig installation guides, the website ispconfig.org, then you find the auto-installer guide there listed as the recommended installation guide on the documentation page. The perfect server guides are the traditional manual ISPConfig setups, you searched for the name of the manual install guides and the search engines returned you the correct manual install guide.
     
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    It maybe doable but if one would think that all ISPConfig perfect server tutorials need to be updated just for that, I kinda think it becomes somehow ridiculous since there are lot of them and one should be better upgrading his searching skills rather than hoping for whatever he thinks best is the best. :rolleyes:
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    I'll add a link to the new automated guides step by step when updating the normal perfect server guides. But it's generally recommended to go to the ispconfig.org website as a starting point when searching for the latest recommended install method.
     
  13. sjak_congnac

    sjak_congnac New Member

    thank you all for the responses to my suggestion, at least i understand now you are understanding my suggestion.
     

Share This Page