Letsencrypt does not remain active on sites (Checkbox)

Discussion in 'ISPConfig 3 Priority Support' started by Balemon, Oct 2, 2017.

  1. Balemon

    Balemon New Member HowtoForge Supporter

    Hi I have a clean system install, and am just about to start moving sites across. Thought I would test first..

    Everything seemd fine except LetsEncrypt.. i can't seem to get it to stick..
    I have run it from the command line and upon checking I can see it appears to have completed a certificate request. (What I want to use for the ISPConfig control panel), and I have completed a certificate for the first site, but the site does not seem to be active with HTTPS and the tick box is now not ticked..
    Belwo is the debug log, and the only thing that looks weird is that it is requesting for Nginx, and we are using apache.

    Certs are definately not my strong point so I may not be looking at this correctly...
    Code:
    2017-10-02 03:57:03,633:DEBUG:letsencrypt.cli:Root logging level set at 30
    2017-10-02 03:57:03,634:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2017-10-02 03:57:03,634:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
    2017-10-02 03:57:03,634:DEBUG:letsencrypt.cli:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'proactiveitservices.com.au', '--domains', 'www.proactiveitservices.com.au', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2017-10-02 03:57:03,635:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
    2017-10-02 03:57:03,635:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
    2017-10-02 03:57:03,636:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    2017-10-02 03:57:03,636:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    2017-10-02 03:57:03,636:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot
    Description: Webroot Authenticator
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
    Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7f7871c201d0>
    Prep: True
    2017-10-02 03:57:03,636:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7f7871c201d0> and installer None
    2017-10-02 03:57:03,657:DEBUG:letsencrypt.cli:Picked account: <Account(1d3439ee58a2649a1fb7f4f6d2b1cb6f)>
    2017-10-02 03:57:03,662:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
    2017-10-02 03:57:03,667:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2017-10-02 03:57:04,060:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
    2017-10-02 03:57:04,063:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Mon, 02 Oct 2017 03:57:04 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 02 Oct 2017 03:57:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'MMXGEW8jmCNFq3SqZDX0JrjF9VN6HtwXdOFq_1QqW2c'}. Content: '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
    2017-10-02 03:57:04,063:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Mon, 02 Oct 2017 03:57:04 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Mon, 02 Oct 2017 03:57:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'MMXGEW8jmCNFq3SqZDX0JrjF9VN6HtwXdOFq_1QqW2c'}): '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
    2017-10-02 03:57:04,069:DEBUG:parsedatetime:parse (top of loop): [30 days][]
    2017-10-02 03:57:04,078:DEBUG:parsedatetime:CRE_UNITS matched
    2017-10-02 03:57:04,079:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
    2017-10-02 03:57:04,079:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
    2017-10-02 03:57:04,079:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
    2017-10-02 03:57:04,079:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=10, tm_mday=2, tm_hour=3, tm_min=57, tm_sec=4, tm_wday=0, tm_yday=275, tm_isdst=0))
    2017-10-02 03:57:04,079:DEBUG:parsedatetime:_buildTime: [30 ][][days]
    2017-10-02 03:57:04,079:DEBUG:parsedatetime:units days --> realunit days
    2017-10-02 03:57:04,080:DEBUG:parsedatetime:return
    2017-10-02 03:57:04,080:INFO:letsencrypt.cli:Cert not yet due for renewal
    

    Thanks for any feedback

    Cheers
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Certs that you create on the command line as will block SSL in ISPConfig and you won't be able to use them and you won't be able to activate SSL in an ISPConfig site when such a cert has been created manually.

    - Remove the manually created certs and their LE config completely and remove all files with '-le' that you find in the apache sites-enabled folder.
    - Create the SSL cert for ISPConfig like this: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/
    - Creating certs in ISPConfig for websites should work then as well after you removed the manually created ones.
     

Share This Page