ISPConfig - Let's Encrypt not available after upgrade

Discussion in 'Installation/Configuration' started by Jemt, Feb 12, 2017.

  1. Jemt

    Jemt New Member

    I just upgraded from ISPConfig 3.0 to 3.1.2 on Debian 7. According to the Changelog, Let's Encrypt is now supported.

    However, I don't see any Let's Encrypt specific options. I can create an SSL certificate from the SSL tab of a Website, but accessing the domain using https:// results in the following error in Chrome:

    This site can’t provide a secure connection.

    Is Let's Encrypt only available for new (clean) installations? - or will the proper options emerge if I install e.g. CertBot or some other package?

    It seems CertBot has a plugin for Apache that automates everything, but I'm worried ISPConfig and CertBot will conflict when both trying to control configuration files.

    Thanks in advance for any guidance.

    Jimmy
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) You have to install certbot and just certbot, no certbot apache plugin. and do not create ssl certs with certbot at install time, when it asks for that, choose cancel.
    2) then login to ispconfig, go to the website settings amd emable the checkbox labeled "Letsencrypt" which is on the first tab of the site settings. The SSL tab is not used for letsencrypt.
     
    ahrasis and Jemt like this.
  3. Jemt

    Jemt New Member

    Thanks a lot, Till, it worked exactly the way you described.
    I assume the certificate is automatically renewed when necessary (?)
     
  4. sjau

    sjau Local Meanie Moderator

    yes, it will be autorenewed
     
    ahrasis likes this.
  5. diavgia

    diavgia New Member

    I just upgraded from ISPConfig 3.1 to 3.1.2 on Debian 8.5
    I install full CertBot and I created certificates for all my domains (in CertBot) :(
    how can I fix it; to works via ISPconfig?
     
  6. sjau

    sjau Local Meanie Moderator

    remove all of /etc/letsencrypt, then run certbot once manually... abort when you get that blue background screen.

    If you also let certbot modify the vhost files, it'll get more complicated.
     
  7. diavgia

    diavgia New Member

  8. sjau

    sjau Local Meanie Moderator

    don't try to issue cert with certbot...
     
  9. diavgia

    diavgia New Member

    ok
    I deleted the contents of letsencryprt directory and ticked the letsencrypt box GUI ispconfig
    Now I am unable to acces to my ispconfg GUI and all my domains
     
  10. sjau

    sjau Local Meanie Moderator

    I have no idea what you did and what you didn't do... if you let certbot/letsencrypt alter the vhosts... you'll need to fix that all first.

    Your vhost files probably contain links to the /etc/letsencrypt folder because you probably let certbot alter domains... you need to clean that. Check your logs for according error messages.
     
  11. diavgia

    diavgia New Member

    The truth is I' m new at this and I am trying try to fix the problems spending hours to find out how to do what you tell me
    This means I could use any help I could get
     
  12. sjau

    sjau Local Meanie Moderator

    If apache doesn't start, have a look at the log files.

    And if it doesn't start, I think it's because you did run certbot manually and let it alter the vhost files. So you'll need to fix them to not point to the non-existing certs anymore.
     
  13. ahrasis

    ahrasis Member

    Just delete all symlink in /etc/apache2/sites-enabled and try restarting apache2. If it works, go to your ispc and reconfigure LE SSL for all your websites.
     
  14. diavgia

    diavgia New Member

    nothing happend
    all sites works under https without configure LE in ispconfig
     
  15. ahrasis

    ahrasis Member

    That is weird. Your sites shouldn't work if their symlink is removed from sites-enabled folder.
     
  16. diavgia

    diavgia New Member

    I don't know why :(
     
  17. ahrasis

    ahrasis Member

    What is your setup actually? Nginx or Apache2 or both (one as reverse proxy)? I cannot help any build with reverse proxy as I have never successfully built one.
     
  18. diavgia

    diavgia New Member

  19. ahrasis

    ahrasis Member

    Ok. Make backups and then try these.

    1. Go to your terminal list sites-enabled folder via "ls -l /etc/apache2/sites-enabled/". If you see a list symlinks to al websites, it means you haven't deleted them. Delete them all except for ispconfig.vhost symlink.

    2. Then list your LE folder via "ls -l /etc/letsencrypt/". If there is any folders inside it that means you haven't deleted them. Delete them all via "rm -rf /etc/letsencrypt/".

    3. Restart apache via "service apache2 restart". If it can restart, check your ISPC via browser. Login and reenable all websites with ssl and LE via ispc.

    4. If you cannot restart, re-update ispc. Refer to your perfect server setup guides on how to download and extract it. But instead of re-installing it, type "php -q update.php". This will update your ispc. Choose reconfigure and ssl during the update. When this finished, try the above step #3 again.

    I hope this is clearer. Do ask if you still are not so sure.
     

Share This Page