Lets Encrypt Problem with one Site

Discussion in 'Installation/Configuration' started by sunghost, Apr 5, 2017.

  1. sunghost

    sunghost Member

    Hello,
    i have ISP in Version 3.1.1 and installed like described in the Debian Jessie Installation HowTo. I setup some Sites with Lets Encrypt Cert and it works well. But on one "normal" Site i got SSL errors and its not possible to enable Lets Encrypt SSL. ISP say not active but if i call the Site in Firefox i got "NET::ERR_CERT_COMMON_NAME_INVALID" If i accept this i got a wrong Site in the browser. The vhost file is ok and has no configuration for SSL, but something is corrupt. Some errors from apache error log:
    - :8080:0 server certificate does NOT include an ID which matches the server name
    - AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate!
    - AH02567: Unable to configure certificate xxx:8080:0 for stapling
    - [core:notice] [pid 17491] AH00094: Command line: '/usr/sbin/apache2'
    - mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
    htaccess from CMS seems ok and is the same like on another site which works with Lets Encrypt. The vhost from the wrong shown site seems ok. I searched the net, but found no helping hints. Any idea?
    thx
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. sunghost

    sunghost Member

    Hi till,
    i found this too, but it doesnt helped me. All other Domains are working, so ok, something must be different for this domain, but i cant find it, since its setup like the other working sites. I enabled lets encrypt for this site again, but the letsencrypt.log says nothing about that, but the option disappeared again. Error in the apache errorl.log like above. I manage all via the panel, so i have no custome made in vhost and other files. Any idea where i can look too solve this?
    Message in Mail: 06.04.2017-11:55 - WARNING - Let's Encrypt SSL Cert for: xxx.de could not be issued.
    edit: I tested the same procedure with another site and it works perfect. Errors above are the same, so i think they have nothing todo with that...
     
    Last edited: Apr 6, 2017
  4. sunghost

    sunghost Member

    Hi,
    i am still searching for the problem. I checked websites settings, redirects and dns configuration. It seems correct compared to an working site. Log of lets encrypt gave no errors. vhost seems ok and i dont know where to look further. Any ideas? thx
    edit: one thing is different - the alias domain has the mutation "รค" in it, but vhost seems ok.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The most likely reason is the umlaut in the domain, Let's encrypt added support recently for it, but still most LE clients don't support it yet. ISPConfig supports it, but when the L client or certbot does not support it, then you will not get an SSL cert for thet domain from LE.
     
  6. sunghost

    sunghost Member

    Hi till,
    as you said. Between i tested it and deleted the alias domain and it works :). So search over hours was just solved in a few minutes. But now i have another problem, because the domain with mutation is needed. I have debian jessie installed and certbot from package. how to solve that?
    edit: Certbot is installed in Version 0.9.3-1
    edit2: Since Version 0.10.2 IDN Domains are supported by Certbot
     
    Last edited: Apr 12, 2017

Share This Page