Lets Encryt Problems again

Discussion in 'ISPConfig 3 Priority Support' started by Dextros, Jan 22, 2018.

  1. till

    till Super Moderator Staff Member ISPConfig Developer

    Your ISPConfig version is the current ne (3.1.11)? If not, please update to the current version.
  2. Dextros

    Dextros Member HowtoForge Supporter

    I can confirm I am on 3.1.11

    I have moved the folders, but i do not want to run ./certbot again from shell.

    I cannot access a freshly created websites well known area

    ERROR 404 - Not Found!
    The following error occurred:
    The requested URL was not found on this server.

    Please check the URL or contact the webmaster.

    I had a thought thought, and before i implement it, i wanted to run it by you

    If i add to the sites directive, under options, Apache Directives, I can access the .txt file.
    Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
    Require all granted
    <IfModule mpm_itk_module>
    AssignUserId www-data www-data

    What do you think?

  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You can add it in the apache directves field if it works then.Never use certbot manually for websites on an ispconfig server. When the directory is accessible, then enabling LE in ISPConfig should work as well.
  4. Dextros

    Dextros Member HowtoForge Supporter

    Hi Till

    This has mostly worked! After pressing LE a few times, almost all sites have a green lock :) I am happy. I have also get a new cert for control panel :)

    Unfotunatly my main clients ones are still being a problem

    I have a live cert for https://www.marsdenduncan.co.uk/ but i dont get a green lock.

    Also I think i created gklkent.com earlier, and now it wont let me create a new one. Is this stored somewhere?

    Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: gklkent.com,www.gklkent.com: see https://letsencrypt.org/docs/rate-limits/
  5. Dextros

    Dextros Member HowtoForge Supporter

    Hi Till

    I am happy to say that I have eveything back up and running. I copied the contents from the new cert host.com-0002 to what apache was looking at which was host.com-0001

    I understand that this one site will not auto renew, as I cannot tick the box in ISPC for LE as it just made one this morning for the domain, so it will not make a new one. Closer to three months, i hope that this will allow me to tick it :)

    All my ISPC panel and services are using the up to date cert also :)

    Any idea why adding that to each directive worked?

    I only appear to have one problem, and that is no green lock on https://www.marsdenduncan.co.uk

    It goes to the page, but with a grey ! mark stating that its a valid cert.

    Thank you so much for your help, and thank you for being patient!!
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You reached
    The only reason that I can think of is that your apache config outside of ISPConfig that is loaded after the 000-ispconfig.conf file contains settings that deny access to the .well-known folder. This overrides the alias and access configuration in 000-ispconfig.conf and by adding the same config again in the site, you then override that restriction again on a per site basis which makes it work again.

    Check the html source code, maybe it loads any resources (image, css) from a http:// URL instead of https:// inside.
  7. Dextros

    Dextros Member HowtoForge Supporter

    OK thanks Till.
    I will let Florian know that its sorted.

    Which log can i look at to restart apache, and see what order they are loaded, so i can investigate?

    Thanks again
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no log for that in apache, as far as I know. Files are loaded in alphabetical order from /etc/apache2/sites-enabled/ and you might want to take a look at the apache2.conf file to see if there is some code which might cause that added after the include line for the sites-enabled files.

Share This Page