Let'sEncrypt SSL For Websites

Discussion in 'ISPConfig 3 Priority Support' started by Sanchit Jain, Mar 16, 2021.

  1. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    Hello!
    I am facing issues with SSL for websites for ISPConfig.
    I followed below:
    • Added a new website and made sure not to check SSL & Let's Encrypt checkboxes in first attempt
    • After saving, I then edited the website & checked SSL & Let's Encrypt
    • Waited sometime but the HTTPS was not implemented
    • I verified the domain's vhost file and found that there was no virtualhost 443 entry
    • Token file in .well-known/acme-challenge was also not generated
    • No error was reported when executed /usr/local/ispconfig/server/server.sh
    Version details:
    • ISPConfig v3.2dev20210313
    • PHP 7.0.33
    • Apache 2.4.18
    • Ubuntu 16.04.7 LTS
    Kindly note, the HTTPS for the ISPConfig panel is working absolutely well.
    Please guide about fixing this.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You can check it immediately, no need to first save and then enable it.

    Please go through https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ to find the problem.

    Also, note that Ubuntu 16.04 is officialy not supported in ISPConfig 3.2 and above. Also, you are running a nightly build of ISPConfig - I would advice you to use the stable release for production systems.
     
  3. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    Thanks @Th0m
    There are few places online where users have mentioned to do so.
    I have followed the link, upgraded ISPConfig to v3.2.3 and tried to create the same website again, but SSL is still not showing up. There is no error shown.
    How can I check if Let’s Encrypt is disabled in ISPConfig?
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I have never seen this, maybe it was needed in the past, but it is not now.

    What do you mean with this?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Last edited: Mar 16, 2021
  6. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    The link has below FAQ:
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The Let's Encrypt checkbox for this web will be disabled. Follow the steps from the guide to find out what is going wrong.
     
  8. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    Alright.

    I have followed the link line by line but no luck. What are your thoughts about the token file not being generated and absent virtualhost 443 record in vhost file?
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Then take a look at the log, as described, and eventually run the script in debug mode. It is described in the guide how to enable this. After doing so, enable the LE checkbox for the web and run the server.sh script manually.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Post the debug output as mentioned in #5.

    That's ok, the token is there for less than a second, so you can't know if it existed or not.

    This must be the case if no SSL cert could be obtained from LE.
     
  11. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    Here it is:
    Code:
    16.03.2021-12:06 - DEBUG - Unable to register function 'process' from plugin 'software_update_plugin' for event 'software_update_inst_insert'
    16.03.2021-12:06 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    16.03.2021-12:06 - DEBUG - Found 2 changes, starting update process.
    16.03.2021-12:06 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    16.03.2021-12:06 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web8' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web8'|awk 'END{print $2,$NF}' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -u 'web8' '10240' '11264' 0 0 -a &> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -T -u 'web8' 604800 604800 -a &> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0
    16.03.2021-12:06 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web8/.php-fcgi-starter
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0
    16.03.2021-12:06 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/dmf.gstest.com.vhost
    16.03.2021-12:06 - DEBUG - Apache status is: running
    16.03.2021-12:06 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    16.03.2021-12:06 - DEBUG - Restarting httpd: systemctl restart apache2.service
    16.03.2021-12:06 - DEBUG - Apache restart return value is: 0
    16.03.2021-12:06 - DEBUG - Apache online status after restart is: running
    16.03.2021-12:06 - DEBUG - Processed datalog_id 107
    16.03.2021-12:06 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    16.03.2021-12:06 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web8' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web8'|awk 'END{print $2,$NF}' - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -u 'web8' '10240' '11264' 0 0 -a &> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: setquota -T -u 'web8' 604800 604800 -a &> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web8' - return code: 0
    16.03.2021-12:06 - DEBUG - Verified domain dmf.gstest.com should be reachable for letsencrypt.
    16.03.2021-12:06 - WARNING - Could not verify domain www.dmf.gstest.com, so excluding it from letsencrypt request.
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - Create Let's Encrypt SSL Cert for: dmf.gstest.com
    16.03.2021-12:06 - DEBUG - Let's Encrypt SSL Cert domains:
    16.03.2021-12:06 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue  -d dmf.gstest.com -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert  -d dmf.gstest.com --key-file '/var/www/clients/client1/web8/ssl/dmf.gstest.com-le.key' --fullchain-file '/var/www/clients/client1/web8/ssl/dmf.gstest.com-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi
    sh: 1: [[: not found
    sh: 1: 2: not found
    sh: 1: [[: not found
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0
    16.03.2021-12:06 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web8/.php-fcgi-starter
    16.03.2021-12:06 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web8/.php-fcgi-starter' - return code: 0
    16.03.2021-12:06 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/dmf.gstest.com.vhost
    16.03.2021-12:06 - DEBUG - Apache status is: running
    16.03.2021-12:06 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    16.03.2021-12:07 - DEBUG - Restarting httpd: systemctl restart apache2.service
    16.03.2021-12:07 - DEBUG - Apache restart return value is: 0
    16.03.2021-12:07 - DEBUG - Apache online status after restart is: running
    16.03.2021-12:07 - DEBUG - Processed datalog_id 108
    16.03.2021-12:07 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:/etc/apache2/sites-available# vi /etc/apache2/sites-available/dmf.gstest.com.vhost
     
    Last edited: Mar 16, 2021
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  13. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    No, I did not. Now after doing so and re-enabling the SSL, it worked like a charm.
    I have the certificate working now.
    Thank you so much! :)
     
  14. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Glad to hear it is resolved.

    Please note once more, Ubuntu 16.04 is officialy not supported anymore. I would recommend you to use Ubuntu 20.04 or Debian 10 for a production system.
     
  15. Sanchit Jain

    Sanchit Jain New Member HowtoForge Supporter

    Okay. We will plan this shortly.
     

Share This Page