Securing ISPConfig 3 Control Panel (Port 8080) With Let's Encrypt Free SSL

Discussion in 'Tips/Tricks/Mods' started by ahrasis, Feb 14, 2017.

  1. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    No, certbot-apache is not needed for an ISPConfig system, and using it is actually a common way people break their setup. I am not yet familiar with the referenced recent changes in 3.2beta which would aquire a certificate at installation time, but the setup would almost certainly use either the webroot (after apache/nginx is up on port 80) or standalone authenticators, and no installer plugins, as that is all handled by custom scripts within ISPConfig.
     
  2. gOOvER

    gOOvER Member

    See the first error i posted.

    Code:
    2020-09-14 16:43:06,131:INFO:certbot.main:Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The certbot apache plugin is indeed not part of ISPConfig setups, if the new code requires it, then we should consider to change the code so that it works without that plugin.
     
    Th0m likes this.
  4. gOOvER

    gOOvER Member

    I installed ispconfig3 a second time and i get this Error again:


    Code:
    2020-09-14 18:34:26,341:DEBUG:certbot.main:certbot version: 0.31.0
    2020-09-14 18:34:26,342:DEBUG:certbot.main:Arguments: ['--agree-tos', '--non-interactive', '--expand', '--rsa-key-size', '4096', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--apache', '--email', '[email protected]', '--renew-hook', 'letsencrypt_renew_hook.sh']
    2020-09-14 18:34:26,342:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2020-09-14 18:34:26,346:DEBUG:certbot.log:Root logging level set at 20
    2020-09-14 18:34:26,346:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2020-09-14 18:34:26,346:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
    2020-09-14 18:34:26,346:DEBUG:certbot.plugins.selection:No candidate plugin
    2020-09-14 18:34:26,346:DEBUG:certbot.plugins.selection:No candidate plugin
    2020-09-14 18:34:26,346:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
    2020-09-14 18:34:26,346:INFO:certbot.main:Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
    2020-09-14 18:34:26,346:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
      File "/usr/bin/letsencrypt", line 11, in <module>
        load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
        return config.func(config, plugins)
      File "/usr/lib/python3/dist-packages/certbot/main.py", line 1229, in certonly
        installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
      File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 237, in choose_configurator_plugins
        diagnose_configurator_problem("authenticator", req_auth, plugins)
      File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 341, in diagnose_configurator_problem
        raise errors.PluginSelectionError(msg)
    certbot.errors.PluginSelectionError: The requested apache plugin does not appear to be installed
    
    Related Ticket: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5735
     
  5. ahrasis

    ahrasis Well-Known Member

    Original codes use webroot but after several issues raised with regards to default web path of various linux variants, webroot was dropped and changed to apache or nginx to be used if web server is installed and I don't think this will automatically require another plugin.

    Do read this where I think he suggested:
    According to that the plugin is actually included (apt install python-certbot-apache) and no need extra installation.

    To restore original webroot proposal, default web path for all linux variants must be listed and determined, which is not necesarily be /var/www/html as in debian and ubuntu.

    I will research on this later on.
     
    Last edited: Sep 15, 2020 at 7:49 AM
  6. ahrasis

    ahrasis Well-Known Member

    Thank you for the log as I detected a missing "-d $hostname" on the relevant lines of the codes, so I submitted another MR to fix it:
    https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1171

    I will check on others soonest.
     

Share This Page