Lets Encrypt keeps unchecking

Discussion in 'General' started by Eric Bryant, Apr 29, 2019.

  1. Eric Bryant

    Eric Bryant New Member

    So this is the scenario im faced with. I have previously installed a certificate the old way by creating one with certbot, then copying the keys manually into the sections in ispconfig 3 website settings. This has become a chore as i have to renew every 3 months. So i have now removed the certificates in the sites ssl section and want to move to the lets encrypt method that is provided with the install of the perfect server for ubuntu xenial 16.04. The problem is that when i check it, it becomes unchecked. I have followed the instructions on this forum to update the cerbot install, and then enable debug mode. here is the snippet from the debug console when a server.sh run after trying to enable letsencrypt:

    29.04.2019-12:06 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    29.04.2019-12:06 - DEBUG - Found 1 changes, starting update process.
    29.04.2019-12:06 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    29.04.2019-12:06 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    29.04.2019-12:06 - WARNING - Could not verify domain hl.limo, so excluding it from letsencrypt request.
    29.04.2019-12:06 - WARNING - Let's Encrypt SSL Cert for: hl.limo could not be issued.
    29.04.2019-12:06 - WARNING -
    29.04.2019-12:06 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web2/.php-fcgi-starter
    29.04.2019-12:06 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/hl.limo.vhost
    29.04.2019-12:06 - DEBUG - Apache status is: running
    29.04.2019-12:06 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    29.04.2019-12:06 - DEBUG - Restarting httpd: systemctl restart apache2.service
    29.04.2019-12:06 - DEBUG - Apache restart return value is: 0
    29.04.2019-12:06 - DEBUG - Apache online status after restart is: running
    29.04.2019-12:06 - DEBUG - Processed datalog_id 322
    29.04.2019-12:06 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

    Now that i have disabled the previous certificate, i keep getting directed to another https page that i host (fortknoxsec.ca)
    I feel i may be missiing that magic "gotcha" setting so thought i would ask as i continue to do research
    I do have redirects in place to force http to https (i cant remember how i achieved this when i setup the server, and may need to be pointed in all ways this can be done to disable it if needed)

    I forgot to mention that i can still create a certificate manually using certbot still and it can verify my website using the cli
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    There is a recent bug in certbot that would fall into this category, update ispconfig to git-stable to work around it. Other than that it's probably the standard stuff, so start with the letsencrypt faq post here in the forum.
  3. Eric Bryant

    Eric Bryant New Member

    OK, now i am having even more issues... I have deleted the old keys and certificates. Now the issue is that my page is being redirected to another page that i am hosting automatically. It will continue to work if i create a new self signed certificate, but short of that, it keeps redirecting me to another clients page. the page ins questing is https://HL.Limo if anyone feels so inclined to assist me in my predicament
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Probably letsencrypt is failing to issue a certificate, so the site does not get configured with a https vhost, and when you access port 443 it serves another vhost (the first one loaded). Check the letsencrypt error log and see what turns up there. There are a little more complete troubleshooting steps in the aforementioned faq post if you need those.
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    1. All websites must use https, otherwise those without https will redirected to the first one with https in the list of your websites.

    2. Your hl.limo site is using self-signed certs and not Let's Encrypt.

    3. If it is meant for your server hostname, then it is wrongly done as it should use subdomain e.g. server1.hl.limo.

Share This Page