Installing SSL certificate fails for one website

Discussion in 'General' started by Paul Gammelsaeter, Jul 14, 2021.

  1. Paul Gammelsaeter

    Paul Gammelsaeter New Member

    I am trying to install SSL certificate on a website by checking "SSL" and "Let's Encryupt SSL" under the Domain tab. Please note I have more than 100 websites on the same server.
    After a short periode of time, the cheboxes are unchecked, and SSL is not installed. I have read Let's "Encrypt Error FAQ" at https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ to no help.
    All other websites gets their certificates updated without any error message in /var/log/letsencrypt/letsencrypt.log, but this specific websites does get an error. I have attached the end of the error log to this post.

    I have verified that the HTTP-01 challenges are added to /usr/local/ispconfig/interface/acme/.well-known-acme-challenge:
    challenge-file-list.png

    I have verified from the Apache access log on the website that the challenges are read (provided an example that shows HTTP 200 status below)
    access-log.png

    One thing I react to is that the challanges have owner root:root. Can this be thereason the Let's Encrypt server only sees a "404 Not found" message?

    I have attached the end of the letsencrypt.log file (IP and domain name is replaced with something else) showing the error messages.

    Versions:
    ISPConfig 3.2.5 (upgraded from 3.1.x that had the same problem, was hoping an upgrade would fix it)
     

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    That's fine, the files are world-readable, so the web server can access them.

    Ok, so you have a 200 code in the log, but a 404 code and page is returned when the challenge file is accessed? In this case, you might want to check the .htaccess file of the website, maybe it overrides the challenge and redirects it to a cms that's installed in that website.
     
  3. Paul Gammelsaeter

    Paul Gammelsaeter New Member

    Thanks for your answer! There is no .htaccess file installed, I made sure of that when debugging this error.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe any settings in the apache directives field of the website or a custom config selected in the website settings?
     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Do all of the websites have LE certificate?
    Did any error message indicate hitting limits on number of certificates or domain names?
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  7. Paul Gammelsaeter

    Paul Gammelsaeter New Member

    Thank you all for responses to my problem. The problem has just been solved! The customer had added an AAAA record (IP6) in DNS for the domain, and Let's Encrypt seems to select IP6 before IP4. So most likely the firewall answered with a HTML 404 Not Found error.
    We deleted the AAAA record, and everything worked well.

    Actually, I should have noticed the error in the /var/log/letsencrypt/letsencrypt.log file where I failed to notice the IP6 in bold:
    certbot.errors.FailedChallenges: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http ://example.com/.well-known/acme-challenge/z_63OIcAPB6ZwxOsWzrZylwE1u_AGbrL445CgCnKK8Y [2001:4da8:c:1b::]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

    I hope this helps others sorting out the same mistake as we had.
     

Share This Page