Get SSL certificate for ISPConfig admin from LetsEncrypt?

Discussion in 'Installation/Configuration' started by zkvvoob, May 22, 2016.

  1. GarGamel55

    GarGamel55 Member

    I found
    In the folder : /etc/letsencrypt/renewal/
    My servername.conf file has been renamed to servername.conf~backup

    I deleted the ~backup

    then i ran the command:
    certbot certonly --manual -d servername
    Restarted apache ...

    and oh ... the pretty green padlock came back :D

    Thanks
     
    till likes this.
  2. Roberto Pensa

    Roberto Pensa New Member

    Can anybody explain me the inbuild Lets encrypt support inispconfig (latest Version stable version just updated with success). I followed the lets encrypt how to and got the following error logs:
    [email protected]:~# cd /usr/local/ispconfig/interface/ssl/
    [email protected]:/usr/local/ispconfig/interface/ssl# mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
    [email protected]:/usr/local/ispconfig/interface/ssl# mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
    [email protected]:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    mv: cannot stat 'ispserver.pem': No such file or directory
    [email protected]:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
    [email protected]:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
    [email protected]:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem
    cat: ispserver.key: No such file or directory
    cat: ispserver.crt: No such file or directory
    [email protected]:/usr/local/ispconfig/interface/ssl# chmod 600 ispserver.pem
    [email protected]:/usr/local/ispconfig/interface/ssl# cd /etc/postfix/
    [email protected]:/etc/postfix# nano /etc/dovecot/dovecot.conf
    [email protected]:/etc/postfix# mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
    [email protected]:/etc/postfix# mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
    [email protected]:/etc/postfix# ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert
    [email protected]:/etc/postfix# ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key
    [email protected]:/etc/postfix# service postfix restart
    [email protected]:/etc/postfix# service dovecot restart
    Job for dovecot.service failed because the control process exited with error code. See "systemctl status dovecot.service" and "journalctl -xe" for details.
    [email protected]:/etc/postfix# systemctl status dovecot.service
    ● dovecot.service - Dovecot IMAP/POP3 email server
    Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago
    Docs: man:dovecot(1)

    Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
    Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
    Main PID: 10122 (code=exited, status=0/SUCCESS)

    Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server...
    Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89
    Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state.
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'.
    ESCOC
    guration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smtpd.cert: No such file or directory
    ited, code=exited status=89
    mail server.
    d state.
    'exit-code'.
    ~
    ~
    ESCOD
    ● dovecot.service - Dovecot IMAP/POP3 email server
    Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago
    Docs: man:dovecot(1)

    Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
    Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
    Main PID: 10122 (code=exited, status=0/SUCCESS)
    Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server...
    Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89
    Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state.
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'.
    ~
    ~
    ESCOC
    ● dovecot.service - Dovecot IMAP/POP3 email server
    Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Tue 2018-08-07 21:44:19 CEST; 1min 6s ago
    Docs: man:dovecot(1)

    Process: 12105 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
    Process: 12111 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
    Main PID: 10122 (code=exited, status=0/SUCCESS)
    Aug 07 21:44:19 myserver systemd[1]: Starting Dovecot IMAP/POP3 email server...
    Aug 07 21:44:19 myserver dovecot[12111]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 8: ssl_cert: Can't open file /etc/postfix/smt
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Control process exited, code=exited status=89
    Aug 07 21:44:19 myserver systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Unit entered failed state.
    Aug 07 21:44:19 myserver systemd[1]: dovecot.service: Failed with result 'exit-code'.

    The mistake is clear: The link to the cert file was ok but the link (ln) to the key file was not ok.
    So i tried without success to ln the postfix key file direct to th.

    What is wrong with this how to???
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    There is nothing wrong with the howto, used it several times myself with success. My guess is that you did not create a website for the hostname of the server or the ssl creation with LE for that website failed or the hostname of your server is configured wrong so that 'hostname -f' command returns a wrong hostname.
     
  4. SamTzu

    SamTzu Active Member

    So many times now I have run in to problems with these because of different DNS providers.
    When dealing with certbot/letsencrypt SSL certs problems the first thing you should do is check your DNS query from both ends.
    Do you use same settings on both workstation/browser and the server end?
    I recommend using Google DNS servers for debugging. 8.8.8.8 & 8.8.4.4.
    Is your server using a slit DNA with different WAN/LAN IP's?
    After you have checked these you can start debugging server config.
     

Share This Page