ISPCONFIG 3.1.13 + UBUNTU 16.04 + CERTBOT 0.26 upgraded to 0.28 do Apache2 do not start anymore

Discussion in 'Installation/Configuration' started by Fabio IT Consultant, Jan 28, 2019.

  1. till

    till Super Moderator Staff Member ISPConfig Developer

    The problems on your server are caused by manually using certbot on the shell with the wrong command line options and not using the ISPConfig le functions, this caused duplications of files in the vhost folder and also caused apache to fail. Correct the certbot files and remove apache config files created by certbot and activate LE for the sites inside ispconfig instead to fix your system. And regarding certbot version, update to a recent one as suggested by the certbot devs and the certbot devs also provided instructions on how to modify tls-sni-01 files.
     
  2. Do i need to include this in crontab or is already in place with ISPConfig scripts?
     
  3. The server crontab is:

    systemctl list-timers
    NEXT LEFT LAST PASSED UNIT ACTIVATES
    Wed 2019-01-30 22:30:29 -02 8h left Wed 2019-01-30 06:17:18 -02 7h ago apt-daily.timer apt-daily.service
    Thu 2019-01-31 06:47:35 -02 17h left Wed 2019-01-30 06:48:18 -02 6h ago apt-daily-upgrade.timer apt-daily-upgrade.service
    Thu 2019-01-31 08:13:35 -02 18h left Wed 2019-01-30 12:13:10 -02 1h 29min ago certbot.timer certbot.service
    Thu 2019-01-31 10:30:39 -02 20h left Wed 2019-01-30 10:30:39 -02 3h 12min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service

    4 timers listed.
    Pass --all to see loaded but inactive timers, too.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    This is the command that is used by ISPConfig when you enable LE in a website, just as info. You shall not run that command or add that command into a crontab.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig has its own internal cron system which also renews the ssl certs, so none of the above are ispconfig related or used for LE cert renewal. You can see the cronjobs that are used by ispconfiig when you run

    crontab -l

    as root user.
     
  6. McLure

    McLure New Member

    I have installed Certbot by this instruction:
    https://www.howtoforge.com/tutorial...pureftpd-bind-postfix-doveot-and-ispconfig/2/
    Ubuntu 18.04
    Command
    : apt-get -y install certbot
    certbot --version = certbot 0.27.0
    python3-certbot/bionic-updates,bionic-updates,bionic-updates,bionic-updates,now 0.27.0-1~ubuntu18.04.1 all [installed,automatic]
    I need to upgrade to ACMEv2 version of Certbot.
    Is there a standard command for this?
    This is for Ubuntu 16.04 - is it something similar? I do not want to break something.
    sudo apt-get update
    sudo apt-get install software-properties-common
    sudo add-apt-repository universe <- Bionic
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install certbot python-certbot-apache
     
    Last edited: Jan 16, 2020
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    This is a year old thread. Maybe better would be to start a new thread.
    Which version is that? Ubuntu 18 updates has certbot 0.27.
     
  8. McLure

    McLure New Member

    I got this message from @letsencrypt.org
    Beginning June 1, 2020, we will stop allowing new domains to validate using
    the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
    then, or certificate issuance will fail. For most people, simply upgrading to
    the latest version of your existing client will suffice.
    I will make a new thread...
     
  9. McLure

    McLure New Member

Share This Page