site certification problem with the l'etsencrypt

Discussion in 'Installation/Configuration' started by mymmo73, Jan 25, 2021.

  1. mymmo73

    mymmo73 Member

    Hi today I added a site to my server but I can't certicate it my ispconfig is version 3.2.2 below the log:
    Code:
    [Mon 25 Jan 2021 12:52:01 AM CET] Running cmd: cron
    [Mon 25 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Mon 25 Jan 2021 12:52:01 AM CET] default_acme_server
    [Mon 25 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:01 AM CET] ===Starting cron===
    [Mon 25 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
    [Mon 25 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:01 AM CET] _stopRenewOnError
    [Mon 25 Jan 2021 12:52:01 AM CET] _set_level='2'
    [Mon 25 Jan 2021 12:52:01 AM CET] di='/root/.acme.sh/server.tradingforum.it/'
    [Mon 25 Jan 2021 12:52:02 AM CET] d='server.tradingforum.it'
    [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
    [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:02 AM CET] DOMAIN_PATH='/root/.acme.sh/server.tradingforum.it'
    [Mon 25 Jan 2021 12:52:02 AM CET] Renew: 'server.tradingforum.it'
    [Mon 25 Jan 2021 12:52:02 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
    [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:02 AM CET] Skip, Next renewal time is: Wed 24 Feb 2021 05:20:58 PM UTC
    [Mon 25 Jan 2021 12:52:02 AM CET] Add '--force' to force to renew.
    [Mon 25 Jan 2021 12:52:02 AM CET] Return code: 2
    [Mon 25 Jan 2021 12:52:02 AM CET] Skipped server.tradingforum.it
    [Mon 25 Jan 2021 12:52:02 AM CET] di='/root/.acme.sh/tradingforum.it/'
    [Mon 25 Jan 2021 12:52:02 AM CET] d='tradingforum.it'
    [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
    [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:02 AM CET] DOMAIN_PATH='/root/.acme.sh/tradingforum.it'
    [Mon 25 Jan 2021 12:52:02 AM CET] Renew: 'tradingforum.it'
    [Mon 25 Jan 2021 12:52:02 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
    [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Mon 25 Jan 2021 12:52:02 AM CET] Skip, Next renewal time is: Sat 27 Feb 2021 10:15:40 PM UTC
    [Mon 25 Jan 2021 12:52:02 AM CET] Add '--force' to force to renew.
    [Mon 25 Jan 2021 12:52:02 AM CET] Return code: 2
    [Mon 25 Jan 2021 12:52:02 AM CET] Skipped tradingforum.it
    [Mon 25 Jan 2021 12:52:02 AM CET] _error_level='3'
    [Mon 25 Jan 2021 12:52:02 AM CET] _set_level='2'
    [Mon 25 Jan 2021 12:52:02 AM CET] ===End cron===
    Thanks in advance for your help
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The affected site is the tradingforum?
     
  3. mymmo73

    mymmo73 Member

    tradingforum.it (xxx.tradingforum.it) is the domain of the server and the certificate is ok for him, the domain affected by the problem is another one that I was trying to add, but the strange thing is that the new domain is not reported in the log ..
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. mymmo73

    mymmo73 Member

    I followed what is indicated in your guide but it didn't help me in the end I resorted to the debug mode I don't know if I did well in every place what came out:
    Code:
    crontab: installing new crontab
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    25.01.2021-19:29 - DEBUG - Calling function 'check_phpini_changes' from plugin '                                                                                                             webserver_plugin' raised by action 'server_plugins_loaded'.
    25.01.2021-19:29 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispcon                                                                                                             fig_lock
    finished server.php.
    [email protected]:~# less /usr/local/ispconfig/server/server.sh
    #!/bin/bash
    
    
    PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
    
    . /etc/profile
    
    umask 022
    
    if [ -f /usr/local/ispconfig/server/lib/php.ini ]; then
            PHPINIOWNER=`stat -c %U /usr/local/ispconfig/server/lib/php.ini`
            if [ $PHPINIOWNER == 'root' ] || [ $PHPINIOWNER == 'ispconfig'  ]; then
                    export PHPRC=/usr/local/ispconfig/server/lib
            fi
    fi
    
    cd /usr/local/ispconfig/server
    /usr/bin/php -q \
        -d disable_classes= \
        -d disable_functions= \
        -d open_basedir= \
        /usr/local/ispconfig/server/server.php
    
    cd /usr/local/ispconfig/security
    /usr/bin/php -q \
        -d disable_classes= \
        -d disable_functions= \
        -d open_basedir= \
        /usr/local/ispconfig/security/check.php
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Is this an nginx or apache server?
     
  7. mymmo73

    mymmo73 Member

    apache2
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    To debug this:

    1) Disable the server.sh cronjob (which you probably did already).
    2) Enable let's encrypt for the domain that you have the issue with.
    3) Run server.sh as root user on the shell and post the result.
     
  9. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# less /usr/local/ispconfig/server/server.sh
    
    
    #!/bin/bash
    
    
    PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin
    
    . /etc/profile
    
    umask 022
    
    if [ -f /usr/local/ispconfig/server/lib/php.ini ]; then
            PHPINIOWNER=`stat -c %U /usr/local/ispconfig/server/lib/php.ini`
            if [ $PHPINIOWNER == 'root' ] || [ $PHPINIOWNER == 'ispconfig'  ]; then
                    export PHPRC=/usr/local/ispconfig/server/lib
            fi
    fi
    
    cd /usr/local/ispconfig/server
    /usr/bin/php -q \
        -d disable_classes= \
        -d disable_functions= \
        -d open_basedir= \
        /usr/local/ispconfig/server/server.php
    
    cd /usr/local/ispconfig/security
    /usr/bin/php -q \
        -d disable_classes= \
        -d disable_functions= \
        -d open_basedir= \
        /usr/local/ispconfig/security/check.php
    /usr/local/ispconfig/server/server.sh (END)
    
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Do not run less, run the command as shown in the faq article:

    /usr/local/ispconfig/server/server.sh
     
  11. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    25.01.2021-20:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    25.01.2021-20:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:~#
    
     
  12. mymmo73

    mymmo73 Member

    i went into the system log in the log there are these 3 results look interesting:
    "Let's Encrypt SSL Cert for: inps-bonus.it could not be issued."
    "Could not verify domain www.inps-bonus.it, so excluding it from letsencrypt request."
    "Could not verify domain inps-bonus.it, so excluding it from letsencrypt request."
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Hmm, seems as if you either did not activate the let#s encrypt checkbox or missde to comment out the server.sh cronjob in root crontab as described in the faq. Please post the result of this command run as root:

    crontab -l
     
  14. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# crontab -l
    52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    #* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
    * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
    [email protected]:~#
     
  15. mymmo73

    mymmo73 Member

    maybe I commented on the wrong line
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    No, the line is commented out correctly, so that's not the issue. Please login to ispconfig, go to the affected website. the let's encrypt and ssl checkboxes are unticked, right? Now tick both checkboxes and click save, then run:

    /usr/local/ispconfig/server/server.sh

    the debug output must be a lot longer now.
     
  17. mymmo73

    mymmo73 Member

    done:
    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    25.01.2021-20:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    25.01.2021-20:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:~# crontab -l
    52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    #* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
    * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    25.01.2021-20:33 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    25.01.2021-20:33 - DEBUG - Found 1 changes, starting update process.
    25.01.2021-20:33 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    25.01.2021-20:33 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web4' - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web4' - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web4'|awk 'END{print $2,$NF}' - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: setquota -u 'web4' '0' '0' 0 0 -a &> /dev/null - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: setquota -T -u 'web4' 604800 604800 -a &> /dev/null - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web4' - return code: 0
    25.01.2021-20:33 - WARNING - Could not verify domain inps-bonus.it, so excluding it from letsencrypt request.
    25.01.2021-20:33 - WARNING - Could not verify domain www.inps-bonus.it, so excluding it from letsencrypt request.
    25.01.2021-20:33 - WARNING - Let's Encrypt SSL Cert for: inps-bonus.it could not be issued.
    25.01.2021-20:33 - WARNING -
    25.01.2021-20:33 - DEBUG - NON-String given in escape function! (boolean)
    25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0
    25.01.2021-20:33 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web4/.php-fcgi-starter
    25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0
    25.01.2021-20:33 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/inps-bonus.it.vhost
    25.01.2021-20:33 - DEBUG - Apache status is: running
    25.01.2021-20:33 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    25.01.2021-20:33 - DEBUG - Restarting httpd: systemctl restart apache2.service
    25.01.2021-20:33 - DEBUG - Apache restart return value is: 0
    25.01.2021-20:33 - DEBUG - Apache online status after restart is: running
    25.01.2021-20:33 - DEBUG - Processed datalog_id 101
    25.01.2021-20:33 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:~#
    
     
  18. mymmo73

    mymmo73 Member

    I did this during the certification phase
     
  19. mymmo73

    mymmo73 Member

    I ran this after it made the certification attempt
    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
    25.01.2021-20:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    25.01.2021-20:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:~#
    
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, the output in #17 helps a lot.

    Is the server behind a router?
    Does your server IP ends with 59?
     

Share This Page