Non SSL/HTTPS Sites end of January will show Not Secure by Google Chrome (v56).

Discussion in 'ISPConfig 3 Priority Support' started by DDArt, Jan 18, 2017.

  1. DDArt

    DDArt Member

    I have been holding off upgrading my panel and cannot test or play with Let's Encrypt (letsencrypt) until most or bugs/issues are worked out.
    But because as of Google Chrome 56 (end of this month/January) looks like their browser will display "Not Secured" to all non SSL sites/domains.

    Like many of us having many domains on single or few IPs can we get or is there a how-to guide to get this working if some us do not upgrade to latest ISPCONFIG 3.1 panel? or if so, any issues converting or making all domains "secured/ssl" once upgraded to 3.1

    Thanks,
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    If you want to use let's encrypt for websites on an iSPConfig server, then you have to update to ISPConfig 3.1. Before you do the upgrade, install lets encrypt on the server (see perfect server tutorials or the ispconfig manual) so the ISPConfig updater can configure it. You can then activate lets encrypt in the website settings.
     
  3. DDArt

    DDArt Member

    Is this a normal message once installed?

    Code:
    Creating virtual environment...
    Installing Python packages...
    Installation succeeded.
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
    
    The /var/log/letsencrypt/letsencrypt.log
    Code:
    Traceback (most recent call last):
      File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 114, in prepare
        self._initialized.prepare()
      File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 191, in prepare
        self.check_parsing_errors("httpd.aug")
      File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot_apache/augeas_configurator.py", line 77, in check_parsing_errors
        raise errors.PluginError(msg)
    PluginError: There has been an error in parsing the file /etc/apache2/sites-available/support.iamnico.com.vhost.err on line 89: Syntax error
    2017-01-21 06:35:42,123:DEBUG:certbot.plugins.selection:No candidate plugin
    2017-01-21 06:35:42,123:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
    
    Running the cert-only I do get:
    Code:
    /opt/certbot# sudo ./certbot-auto certonly
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    
    How would you like to authenticate with the ACME CA?
    -------------------------------------------------------------------------------
    1: Place files in webroot directory (webroot)
    2: Spin up a temporary webserver (standalone)
    -------------------------------------------------------------------------------
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
    
    Selecting "C" to cancel,
    Code:
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): c
    Could not choose appropriate plugin: authenticator could not be determined or is not installed
    authenticator could not be determined or is not installed
    
    Wanted to find out if I should continue to install ISPC3.1 or troubleshoot this first.

    Thanks,
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    yes, that's fine. certbot shall not alter any configuration on it's own.
     
  5. SpeedyB

    SpeedyB Member HowtoForge Supporter

    What if you already upgraded to 3.1 and want to install LetsEncrypt? And must it be installed on both the master and the slave servers?
     
  6. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Install LE on every web-server.
     
  7. SpeedyB

    SpeedyB Member HowtoForge Supporter

    @florian030 do I need to run the updater to reconfigure services?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    A reconfigure of services is not necessary as far as I can see in the code of the updater.
     
    DDArt likes this.
  9. DDArt

    DDArt Member

    Worked beautifully! Not only the update but Let's Encrypt. It saves a lot of us at least $10.00/year for a cheap SSL or similar per domain. We should definitely support the "LE" program as well as the ISCONFIG project :) ..
     
    NeonTigerUK and till like this.

Share This Page