letsencrypt --apache Let's encrypt not working for me

Discussion in 'ISPConfig 3 Priority Support' started by Bradley Hamilton, Nov 21, 2016.

  1. Bradley Hamilton

    Bradley Hamilton New Member HowtoForge Supporter

    After unchecking and rechecking the let's encrypt box they all seem to be working now without the ssl insecure site message. odd. I assume that means it's working now......

    I have had ispconfig3 running on apache2 with php7 installed for about a month and I love it.
    I enabled ssl and let's encrypt for multiple sites as I added them and then just left it alone to "bake".
    I noticed that only one site has ssl enabled so I tried:
    letsencrypt --apache
    So it would pick up all the virtual domains.
    I got the error:
    Error while running apache2ctl configtest.
    Action 'configtest' failed.
    The Apache error log may have more information.

    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:69
    AH00526: Syntax error on line 2 of /etc/apache2/le_tls_sni_01_cert_challenge.conf:
    The address or port is invalid
    Ports are open in ufw any idea why let's encrypt may not be working?
    Forum software will not let me past my log errors in here........
     
    Last edited: Nov 21, 2016
  2. sjau

    sjau Local Meanie Moderator

    You just have to check the Let's Encrypt box and not the SSL one.
     
  3. EasiStudio

    EasiStudio New Member HowtoForge Supporter

    Apologies for jumping on this thread but when I check the Let's Encrypt box, the SSL box is automatically populated. I also get a an SSL tab. I did try unchecking SSL available box within the Client > Limits tab but then the Let's Encrypt box does not appear either.
     
  4. sjau

    sjau Local Meanie Moderator

    Hmmm, didn't know the SSL check was also auto-activated. Only have 3.1 since yesterday - but I thought I read that you'd only have to check the LE checkbox and checking both leads to issues.
     
  5. Bradley Hamilton

    Bradley Hamilton New Member HowtoForge Supporter

    What you speak is the truth. I have them both set as the ssl box tells apache to listen on 443
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    SSL is the checkbox to enable / disable ssl in a website, letsencrypt is the checkbox to use letsendcrypt for ssl, so both checkboxes have to be enabled. What leads to errors is if you rn letsencrypt manually on the shell for a domain that is used in ispconfig.

    This command will break letsencrypt and apache on your server, so do not try this.
     
  7. EasiStudio

    EasiStudio New Member HowtoForge Supporter

    I got someone to have a look at my server this morning and found Let's Encrypt (I presume he meant certbot) was not installed as root. He fixed this and now works perfectly.

    My problem was (still is) I have always been a Debian user but chose Ubuntu as it had PHP7 by default.
     
  8. Bradley Hamilton

    Bradley Hamilton New Member HowtoForge Supporter

    Well that's just swell.... That is just what I did. How can i get it back up? ~ Brad
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Empty the /etc/letsencrypt directory to remove all certs and settings that were created manually
     
  10. Bradley Hamilton

    Bradley Hamilton New Member HowtoForge Supporter

    OK Done. Should I run a command to renew and get new cert's and keys?
     
  11. Bradley Hamilton

    Bradley Hamilton New Member HowtoForge Supporter

    :eek:
    Update: Apache is no longer starting as a result. Seem to be having an issue with letsencrypt configurations. Is there a way to run the cron job to rebuild the cert structure? I re-ran the isp-update script from the git-stable repo and it didn't solve the issue. I chose to rebuild or update the services.
    In regards to this line:
    '/var/www/clients/client1/web1/ssl/linuxnuts.com-le.crt' does not exist or is empty
    it exists but it's empty. Deleting will not help as I am reading the log. Kinda stuck here without being able to update the certs.
    I tried ' letsencrypt -n renew ' and got the result
    No renewals were attempted.


    Ok I did that and now I can't get apache to start. It throws the error....

    Output of config test was:
    Nov 24 00:20:42 mail.linuxnuts.com apache2[24064]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:69
    Nov 24 00:20:42 mail.linuxnuts.com apache2[24064]: AH00526: Syntax error on line 185 of /etc/apache2/sites-enabled/100-linuxnuts.com.vhost:
    Nov 24 00:20:42 mail.linuxnuts.com apache2[24064]: SSLCertificateFile: file '/var/www/clients/client1/web1/ssl/linuxnuts.com-le.crt' does not exist or is empty
    Nov 24 00:20:42 mail.linuxnuts.com apache2[24064]: Action 'configtest' failed.
    Nov 24 00:20:42 mail.linuxnuts.com apache2[24064]: The Apache error log may have more information.
    Nov 24 00:20:42 mail.linuxnuts.com systemd[1]: apache2.service: Control process exited, code=exited status=1
    Nov 24 00:20:42 mail.linuxnuts.com systemd[1]: Failed to start LSB: Apache2 web server.
    Nov 24 00:20:42 mail.linuxnuts.com systemd[1]: apache2.service: Unit entered failed state.
    Nov 24 00:20:42 mail.linuxnuts.com systemd[1]: apache2.service: Failed with result 'exit-code'.
     
    Last edited: Nov 24, 2016
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Do not double post the same issue! https://www.howtoforge.com/communit...l-configs-in-etc-letsencrypt-directory.74840/

    LE certs get renewed automatically by ispconfig, do not run this manually or you risk to break your LE setup again.
     

Share This Page