Lets Encrypt in 3.1b2

Discussion in 'General' started by Tomas Benda, Jun 26, 2016.

  1. Tomas Benda

    Tomas Benda New Member

    Hi guys,
    I want to test Lets encrypt in ISP COnfig v 3.1b2 but it seem, that doesn work. Maybe I do something wrong, but maybe it is caused by missing manual. I have new fresh install Debian 8 with new fresh installation ISP Conf 3.1b2 and try to use https on test website. I create test webpage (FQDN, create DNS record, which working fine) and in setting of this webpage I check "Lets encrypt SSL". But nothing happend. HTTPS doesnt work, no error in log. If I check again setting fot this test webpage there is not check "SSL" and "Lets Encrypt SSL". Do you have any idea what I do wrong or what can I check?
    Thank you

    Edit: Installation was done step by step under this manual https://www.howtoforge.com/tutorial...-8-4-jessie-apache-bind-dovecot-ispconfig-3-1
    Last edited: Jun 26, 2016
    orfi likes this.
  2. Nemis

    Nemis Member

    "test website". letsencrypt's use public DNS to check if u own the site.
    every one in the world can see your http://"test website"/.well-known/acme-challenge/ ?
    Tomas Benda likes this.
  3. Thaddeus

    Thaddeus New Member HowtoForge Supporter

    Have you installed letsencrypt?
    cd ~
    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto
    Tomas Benda likes this.
  4. Tomas Benda

    Tomas Benda New Member

    After installation by Thaddeus manual it work well.
    It is strange, because I dont expect, that I must do something else than is in manual. So I think, that will be good add this step to installation manual. Thank you guys a lot.
  5. Nemis

    Nemis Member

    @till please add this to isp install :-D
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    @Nemis: This (or the old letsencrypt client which still works as well) is already part of all ISPConfig 3.1 installation tutorials.
  7. Tomas Benda

    Tomas Benda New Member

    Thank you guys.
  8. orfi

    orfi New Member

    (Debian Jessie) ISPConfig 3.1dev
    ( in esxi 6)

    so i did it the manual way , the interface is creating only self signed so i stopped apache2 , did standalone CLI , renamed key and cert in www.domain.tld.key and crt copied in /var/www/domain.tld/ssl/
    the script is not working ...don`t know why can`t contact the site ..maybe it needed a directive or rights to inject the challenge in the webroot. i`ll search more but i can confirm : it`s not working from the interface .

    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 247, in obtain_certificate
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 74, in get_authorizations
    self._respond(resp, best_effort)
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 131, in _respond
    self._poll_challenges(chall_update, best_effort)
    File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 195, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
    FailedChallenges: Failed authorization procedure. domain.tld (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested c1589b9b42bafdaa368da591026a288a.2fdee0525ffb49cc35e49d6b5933c613.acme.invalid from xxx.xxx.xxx.xxx:443. Received certificate containing ''

    which dns certbot is using ? external or the dns from resolv.conf ?

  9. Jesse Norell

    Jesse Norell Active Member

    certbot sends a request to the letsencrypt api/service, and that service uses external DNS to connect back to your server to validate that the request is made by someone controlling the domain's live website. Your resolv.conf file won't affect that external validation.

Share This Page