Let's encrypt cert is created and works but not ticked in ISPconfig

Discussion in 'ISPConfig 3 Priority Support' started by Baptistev, Dec 6, 2017.

  1. Baptistev

    Baptistev New Member HowtoForge Supporter

    I asked ISPconfig to generate a Let's encrypt certificate by clicking on "Let's Encrypt SSL". The certs get created and when I visit the website it has ssl enabled with Let's encrypt.
    Problems:
    • I receive 4 warning emails from ISPconfig regarding this website: one of which says "06.12.2017-18:39 - WARNING - Let's Encrypt SSL Cert for: xxx.co.uk could not be issued."; 2 warning emails say:
      "06.12.2017-18:39 - WARNING - Could not verify domain xxx.co.uk, so excluding it from letsencrypt request."
      and one of the emails has an empty warning message: "06.12.2017-18:39 - WARNING -"
    • the Let's Encrypt SSL box remains unchecked for the website in ISPconfig (new websites without certs or old ones with certs)
    This server was upgraded from Jessie to Stretch and ISPconfig has been upgraded to 3.1.8p1.
    At the time, ISPconfig needed "./certbot-auto" (https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt).
    I have deleted the directory /opt/certbot and installed certbot using "apt-get install certbot" and updated ISPconfig again but I still get this issue.

    In the ISPconfig SSL settings, I have tried to disable "Skip Lets Encrypt Check" but this doesn't make a difference.

    Any ideas guys?
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    check, that you the dns-record for "xxx.co.uk" exists. If you use ipv6, check for AAAA-records, too and check the website-config, that there is the ipv6 selected
     
  3. Baptistev

    Baptistev New Member HowtoForge Supporter

    Hi Florian
    The DNS A record exists. I don't use ipv6.
    Here's what I get from the DNS page in ISPconfig (x's and zeros hide the real stuff)
    Yes A xxx.co.uk. 00.000.000.000 0 3600
     
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    check this for all aliases you defined for the domain (i.e. www). can you post the domain? i bet, it's not xxx.co.uk
    Could not verify domain xxx.co.uk, so excluding it from letsencrypt request. = your server could not connect to this site.
     
  5. Baptistev

    Baptistev New Member HowtoForge Supporter

    LOL @florian030 the domain is xxx.co.uk (but all the domains on that server have the same problem and I will delete this url once you've replied - url has been changed to xxx). This domain has no aliases.
     
    Last edited: Dec 7, 2017
  6. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    if this fails with the same warning for all domains on your server, check your dns-resolver (see /etc/resolv.conf). during the le-check ispconfg tries to connect using the website-name.
    if you disable the le-check and you will not receive a certificate, le can not connect to the site (missing / wrong dns-entries, firewall)
     
  7. Baptistev

    Baptistev New Member HowtoForge Supporter

    @florian030 it doesn't fail, I do get certs for the website and they work but ISPconfig doesn't acknowledge them

    Solved! For people interested, this was due to mirroring. See thread: https://www.howtoforge.com/communit...heckbox-gets-empty-after-a-while.76054/page-2
     
    Last edited: Dec 7, 2017

Share This Page