Let's Encrypt option not working

Discussion in 'Installation/Configuration' started by Poliman, Jan 23, 2017.

  1. Poliman

    Poliman Member

    I go to SSL tab and selected action delete certificate (I had trial cert on month which expired) and screen shows empty fields after run delete cert action, then I go to Domain tab and checked Let's Encrypt SSL checkbox (SSL checkbox was checked because I used trial cert). But after I leave Sites tab Let's Encrypt SSL checkbox is unchecked. I should uncheck Rewrite HTTP to HTTPS under Redirect tab too because - another way - website won't work. Under file /etc/apache2/sites-enabled/website.vhost I haven't <VirtualHost *:443> which enable ssl cert etc. I am affraid that something not working (Let's Encrypt SSL option in ISP?). Need help with this, because site need to have certificate. Besides should I install something to get Let's Encrypt SSL option work? I saw some topics and somewhere were informations about e.x. /etc/letsencrypt directory. I haven't it.

    PS
    I used this tutorial https://www.howtoforge.com/tutorial...4-jessie-apache-bind-dovecot-ispconfig-3-1/2/ but after run command ./certbot-auto I haven't window on blue screen but:
    (after reading repositories and install packages)
    Creating virtual environment...
    Installing Python packages...
    Installation succeeded.
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    Which names would you like to activate HTTPS for?
    -------------------------------------------------------------------------------
    1: domain.pl
    2: www.domain.pl
    -------------------------------------------------------------------------------
    Select the appropriate numbers separated by commas and/or spaces, or leave input
    blank to select all options shown (Enter 'c' to cancel):
    Enter email address (used for urgent renewal and security notices) (Enter 'c' to
    cancel):[email protected]

    [email protected]--------------
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
    in order to register with the ACME server at
    https://acme-v01.api.letsencrypt.org/directory
    -------------------------------------------------------------------------------
    (A)gree/(C)ancel: A
    Obtaining a new certificate
    Performing the following challenges:
    tls-sni-01 challenge for domain.pl
    tls-sni-01 challenge for www.domain.pl
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
    Created an SSL vhost at /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf
    Deploying Certificate to VirtualHost /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf
    Enabling available site: /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf
    Deploying Certificate to VirtualHost /etc/apache2/sites-available/domain.pl.vhost-le-ssl.conf
    Error while running apache2ctl configtest.
    Action 'configtest' failed.
    The Apache error log may have more information.

    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:69
    AH00526: Syntax error on line 73 of /etc/apache2/sites-enabled/domain.pl.vhost-le-ssl.conf:
    FastCgiExternalServer: redefinition of previously defined class "/var/www/clients/client1/web1/cgi-bin/php5-fcgi-*-80-domain.pl"

    Rolling back to previous server configuration...
    Error while running apache2ctl configtest.
    Action 'configtest' failed.
    The Apache error log may have more information.

    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:69
    AH00526: Syntax error on line 73 of /etc/apache2/sites-enabled/domain.pl.vhost-le-ssl.conf:
    FastCgiExternalServer: redefinition of previously defined class "/var/www/clients/client1/web1/cgi-bin/php5-fcgi-*-80-domain.pl"


    IMPORTANT NOTES:
    - We were unable to install your certificate, however, we
    successfully restored your server to its prior configuration.
    - Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/domain.pl/fullchain.pem. Your cert will
    expire on 2017-04-23. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot-auto again with the
    "certonly" option. To non-interactively renew *all* of your
    certificates, run "certbot-auto renew"
    - If you lose your account credentials, you can recover through
    e-mails sent to [email protected].
    - Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
     

    Attached Files:

    Last edited: Jan 23, 2017
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you did not select cancel during LE install as described in the ispconfig instructions. If you would select your domain name instead of cancel, then you will not be able to use LE anymore for this domain in ISPConfig and LE will try to create a file with the name ......-le-ssl.conf which causes apache to fail.
     
  3. Poliman

    Poliman Member

    Thanks for reply. Unfortunatelly I used old tutorial for ISP installation on Ubuntu 14.04. There wasn't information about LE installation. :/ Today my website lost certificate so I tried install cert from LE and then I found out that I need install something. So I checked how to do it in another tutorial (howtoforge, perfect server, isp 3.1 on debian 8.4). But while installation process download and install all needed dependencies and packages I got error which I paste above. I tried without putting any domain name. Then installation script will failed like I paste above. So when I start LE installation script again and put 'c' instead of domain name lets encrypt will install and checkbox under ISP will work and cert will update automatically for my website?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You will have to find where LE stored this cert and remove all domain specific LE config and the cert from there to be able to create it in ispconfig. After that you should be able to create the cert by clicking the le checkbox in the website settings.
     
  5. Poliman

    Poliman Member

    Thank you Till, I will check this fix and post message here. Btw do You know maybe how to update apache2 (2.4.7) on ubuntu 14.04 where is installed and working ISP?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you will have to upgrade to Ubuntu 16.04, but I haven't tested that so I can't tell you how flawlessly it works.
     
  7. Poliman

    Poliman Member

    Mhm. I found out that is some PPA ondrej repo with the newest apache2 files for ubuntu 14.04 but I have no idea how to update it on server where works ISP without crash. So maybe do You know how update php to newest version?
     
  8. sjau

    sjau Local Meanie Moderator

    till: Maybe it's better for the LE installation to just in the Howtos:

    Code:
    ./certbot-auto --help
    
    It would then be started, dependencies pulled etc but in the end only display the help section instead of really running where users possibly select a site accidentally.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    @sjau Thanks; Ill check that. I used the --help option at the beginning, it worked first, then it stopped working for newer le versions and the software was not installed correctly anymore with that switch. If it works again now, then I can change the instructions back to use it.
     
  10. Poliman

    Poliman Member

    In my case is some funny thing. I did steps from the tutorial and instead of choose some website domain I have done cancel. Let's Encrypt was installed, certs for website were downloaded to directory /etc/letsencrypt/live/domain_name/, I can use checkbox Let's Encrypt SSL, under SSL tab cert disappear (earlier I chose delete action but still cert's code was in fields), in vhost file for this domain in directory /etc/apache2/sites-enabled/ I have now <VirtualHost *:443> tag with some attributes and finally all looks like Let's Encrypt cert is working (checked test on ssllabs.com, there is information too). I didn't remove any cert/file from /etc/letsencrypt/live/domain_name/ and in vhost file I have three lines:
    SSLCertificateFile /var/www/clients/client1/web1/ssl/example.com-le.crt
    SSLCertificateKeyFile /var/www/clients/client1/web1/ssl/example.com-le.key
    SSLCertificateChainFile /var/www/clients/client1/web1/ssl/example.com-le.bundle
    And I don't know from where these certs are. Are they copied from /etc/letsencrypt/live/domain_name/ ?
     
  11. Poliman

    Poliman Member

    Doing upgrade to newer version of Ubuntu not break ISP installation?
     

Share This Page