Lets Encrypt - getting the certificate

Discussion in 'HOWTO-Related Questions' started by smokinjo, Aug 27, 2018.

  1. smokinjo

    smokinjo Member

    Hello,

    I recently had ISP config reinstalled with the new version, which has the lets encrypt option available.
    But, I have not yet figured out how and where to the the certificates.
    I looked on lets encrypt site, I looked over ISPConfog for clues.
    I missed something, and hopefully someone can point me the way.

    Joseph
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Check the "Let's Encrypt SSL" box in the websites settings in Domain tab. If that box is not there, maybe you have not installed letsencrypt? Check with
    Code:
    apt-cache policy certbot
    if on Debian or Ubuntu. I don't know how to check on other OS.
     
  3. smokinjo

    smokinjo Member

    Hello,
    I indeed have it installed.
    The box that I can check off is there.
    What should happen when I check th ebox?

    I ask, because when I check off the option, nothing else seems to happen. Should there be something that will create the certificate?

    Thanks

    Joseph
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You tick the LE box on, then save. Wait until the red dot with number on top of ISPConfig window disappears.
    Then there should be valid certificate. If not, follow the LE debugging information, it is in the forum.
     
  5. smokinjo

    smokinjo Member

    Well, when I look at th cron job, it seems to say that there are nio sites up for renewal:
    2018-08-28 16:34:55,848:DEBUG:certbot.main:Root logging level set at 30
    2018-08-28 16:34:55,850:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-08-28 16:34:55,851:DEBUG:certbot.main:certbot version: 0.10.2
    2018-08-28 16:34:55,851:DEBUG:certbot.main:Arguments: ['-q']
    2018-08-28 16:34:55,852:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntr$
    2018-08-28 16:34:55,879:INFO:certbot.renewal:Cert not yet due for renewal
    2018-08-28 16:34:55,885:INFO:certbot.renewal:Cert not yet due for renewal
    2018-08-28 16:34:55,891:INFO:certbot.renewal:Cert not yet due for renewal
    2018-08-28 16:34:55,891:DEBUG:certbot.renewal:no renewal failures

    I have none fo renewal, but I have not figured otu how to get the first one:)

    Should I run the debug mode as mentioned here:
    https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/

    Thanks for feedback.

    Joseph
     
  6. ahrasis

    ahrasis Well-Known Member

    It seems like you already have certs for that domain.

    You can check the le folder for that domain "ls -lat /etc/le*/*/*domain.tld*" or do debug for more info.
     
  7. smokinjo

    smokinjo Member

    OK, I tried things again, an the ssl is working,

    I have a new question, but related:

    If I try the website using http, the site remains insecure.
    How can I force the site to be seen only in https? Meaning, is someone visits teh site using http, my server will only connect in https mode.

    Thanks

    Joseph
     
  8. ahrasis

    ahrasis Well-Known Member

    You need to change it in your vhost; and to ensure it won't be changed on resync or update copy the relevant vhost from /usr/local/ispconfig/server/conf folder to /usr/local/ispconfig/server/conf-custom folder and customize the relevant vhost in the latter folder.
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    @ahrasis , he uses ISPConfig.
    There is the redirect Http to https, in website settings.
     
  10. ahrasis

    ahrasis Well-Known Member

    Using custom vhost is ISPConfig way too, and it can actually do more, except it is not using the GUI.;)
     
  11. smokinjo

    smokinjo Member

    Thanks both Taleman and ahrasis.

    Yes, I do use ispconfig, and slowly learning my way around it, and linux too.

    The redirect in ispconfig made it super simple to do.

    I am 100% sure that doing it the command line way is much more powerful, allows more options. But, I have a long winding road to get a better under standing of linux and servers.

    I did look at the folders that were mentioned, but when you say to copy the relevant information I looked at the files and did not know where to start.
    For now, I will still with the box I can tick off in ISPCOnfig.

    Thanks for the help!
    My need to activate lets encrypt and redirect http to https have been accomplished thanks your help.

    Joseph
     
    Last edited: Sep 1, 2018

Share This Page