Letsencrypt error after migration

Discussion in 'Installation/Configuration' started by pierresusu, May 11, 2019.

  1. pierresusu

    pierresusu New Member

    Hi,

    After migrating my ISP config with the ISP migration toolkit bought on the official website, i face some problems, in particular with let's encrypt.

    After trying to solve this problem with the multiple thread found on this forum without success here is my actual situation :

    I have uninstalled all let's encrypt binaries.

    I have installed let's encrypt following this doc : https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt.

    I have restarted my server but nothing to do it's not working :

    /etc/letsencrypt and sub directory doesn't exist ssl & let's encrypt checkbox still unchecked.
    SSL unsigned works but let's encrypt don't.

    Anyone have an idea how to fix this let's encrypt issues?

    My report, OS is Debian 9
    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.1.13p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.0.33-0+deb9u3
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 798)
    [INFO] I found the following mail server(s):
            Postfix (PID 1026)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 657)
    [INFO] I found the following imap server(s):
            Dovecot (PID 657)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 1106)
    
    ##### LISTENING PORTS #####
    (seulement              ()
    Adresse         (distante)
    [anywhere]:995          (657/dovecot)
    [localhost]:10023               (726/postgrey)
    [localhost]:10024               (1066/amavisd-new)
    [localhost]:10025               (1026/master)
    [localhost]:10026               (1066/amavisd-new)
    [localhost]:10027               (1026/master)
    [anywhere]:587          (1026/master)
    [localhost]:11211               (577/memcached)
    [anywhere]:110          (657/dovecot)
    [anywhere]:143          (657/dovecot)
    [anywhere]:465          (1026/master)
    [anywhere]:21           (1106/pure-ftpd)
    ***.***.***.***:53              (582/named)
    [localhost]:53          (582/named)
    [anywhere]:22           (643/sshd)
    [anywhere]:25           (1026/master)
    [localhost]:953         (582/named)
    [anywhere]:993          (657/dovecot)
    *:*:*:*::*:995          (657/dovecot)
    *:*:*:*::*:10023                (726/postgrey)
    *:*:*:*::*:10024                (1066/amavisd-new)
    *:*:*:*::*:3306         (962/mysqld)
    *:*:*:*::*:10026                (1066/amavisd-new)
    *:*:*:*::*:587          (1026/master)
    [localhost]10           (657/dovecot)
    [localhost]43           (657/dovecot)
    *:*:*:*::*:80           (798/apache2)
    *:*:*:*::*:8080         (798/apache2)
    *:*:*:*::*:465          (1026/master)
    *:*:*:*::*:8081         (798/apache2)
    *:*:*:*::*:21           (1106/pure-ftpd)
    *:*:*:*::*:53           (582/named)
    *:*:*:*::*:22           (643/sshd)
    *:*:*:*::*:25           (1026/master)
    *:*:*:*::*:953          (582/named)
    *:*:*:*::*:443          (798/apache2)
    *:*:*:*::*:993          (657/dovecot)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-postfix-sasl (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-pureftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    
    
    Regards
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The /etc/letsencrypt directory must exist after you had run:

    cd /usr/local/bin
    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto
    ./certbot-auto --install-only

    to install letsencrypt. Please rerun the commands to ensure certbot is really installed.
     
  3. pierresusu

    pierresusu New Member

    Hi,

    Thank you for your reply

    I proceeded to the reinstallation:
    Code:
    21:43:39 [[email protected]:/usr/local/bin]# wget ****certbot-auto
    2019-05-12 21:43:46 (31,5 MB/s) — « certbot-auto  » sauvegardé [68023/68023]
    21:43:46 [[email protected]:/usr/local/bin]# chmod a+x certbot-auto
    21:43:51 [[email protected]:/usr/local/bin]# ./certbot-auto --install-only
    Certbot is installed.
    /etc/letsencrypt is not created :

    So, I make the following command :

    Code:
    21:43:57 [[email protected]:/usr/local/bin]# rm -rf /opt/eff.org/
    21:44:25 [[email protected]:/usr/local/bin]# ./certbot-auto --install-only
    Lecture des listes de paquets... Fait
    Lecture des listes de paquets... Fait
    Construction de l'arbre des dépendances
    Lecture des informations d'état... Fait
    augeas-lenses is already the newest version (1.8.0-1+deb9u1).
    libaugeas0 is already the newest version (1.8.0-1+deb9u1).
    ca-certificates is already the newest version (20161130+nmu1+deb9u1).
    gcc is already the newest version (4:6.3.0-4).
    libffi-dev is already the newest version (3.2.1-6).
    libssl-dev is already the newest version (1.1.0j-1~deb9u1).
    openssl is already the newest version (1.1.0j-1~deb9u1).
    python is already the newest version (2.7.13-2).
    python-dev is already the newest version (2.7.13-2).
    python-virtualenv is already the newest version (15.1.0+ds-1).
    virtualenv is already the newest version (15.1.0+ds-1).
    0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour.
    Creating virtual environment...
    Installing Python packages...
    Installation succeeded.
    Certbot is installed.
    21:44:51 [[email protected]:/usr/local/bin]#
    /etc/letsencrypt still not exist :
    Really strange
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. pierresusu

    pierresusu New Member

    Hi,

    My Log :
    What could be the consequences if I disable the migration mode?

    The fact that this mode of migration is activated, come from the error of execution of the migration toolkit at the end of the script.
    The cleaning tasks could not run because apache (new server) refused to restart.
    An argument in the conf file was no longer compatible.

    Regard,
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to disable the migration mode when the migration is finished and the tool was not able to do it automatically. The mode is required to avoid that new LE certs are requested during migration before the actual domains point to the new server.
     
  7. pierresusu

    pierresusu New Member

    After uncheck migration mode, letencrypt work correctly.

    Thank for help
     
    till likes this.

Share This Page