Hi today I added a site to my server but I can't certicate it my ispconfig is version 3.2.2 below the log: Code: [Mon 25 Jan 2021 12:52:01 AM CET] Running cmd: cron [Mon 25 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh [Mon 25 Jan 2021 12:52:01 AM CET] default_acme_server [Mon 25 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:01 AM CET] ===Starting cron=== [Mon 25 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh [Mon 25 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:01 AM CET] _stopRenewOnError [Mon 25 Jan 2021 12:52:01 AM CET] _set_level='2' [Mon 25 Jan 2021 12:52:01 AM CET] di='/root/.acme.sh/server.tradingforum.it/' [Mon 25 Jan 2021 12:52:02 AM CET] d='server.tradingforum.it' [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:02 AM CET] DOMAIN_PATH='/root/.acme.sh/server.tradingforum.it' [Mon 25 Jan 2021 12:52:02 AM CET] Renew: 'server.tradingforum.it' [Mon 25 Jan 2021 12:52:02 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:02 AM CET] Skip, Next renewal time is: Wed 24 Feb 2021 05:20:58 PM UTC [Mon 25 Jan 2021 12:52:02 AM CET] Add '--force' to force to renew. [Mon 25 Jan 2021 12:52:02 AM CET] Return code: 2 [Mon 25 Jan 2021 12:52:02 AM CET] Skipped server.tradingforum.it [Mon 25 Jan 2021 12:52:02 AM CET] di='/root/.acme.sh/tradingforum.it/' [Mon 25 Jan 2021 12:52:02 AM CET] d='tradingforum.it' [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:02 AM CET] DOMAIN_PATH='/root/.acme.sh/tradingforum.it' [Mon 25 Jan 2021 12:52:02 AM CET] Renew: 'tradingforum.it' [Mon 25 Jan 2021 12:52:02 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh [Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon 25 Jan 2021 12:52:02 AM CET] Skip, Next renewal time is: Sat 27 Feb 2021 10:15:40 PM UTC [Mon 25 Jan 2021 12:52:02 AM CET] Add '--force' to force to renew. [Mon 25 Jan 2021 12:52:02 AM CET] Return code: 2 [Mon 25 Jan 2021 12:52:02 AM CET] Skipped tradingforum.it [Mon 25 Jan 2021 12:52:02 AM CET] _error_level='3' [Mon 25 Jan 2021 12:52:02 AM CET] _set_level='2' [Mon 25 Jan 2021 12:52:02 AM CET] ===End cron=== Thanks in advance for your help
tradingforum.it (xxx.tradingforum.it) is the domain of the server and the certificate is ok for him, the domain affected by the problem is another one that I was trying to add, but the strange thing is that the new domain is not reported in the log ..
Please see Let's encrypt FAQ then to find out why this happens: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
I followed what is indicated in your guide but it didn't help me in the end I resorted to the debug mode I don't know if I did well in every place what came out: Code: crontab: installing new crontab [email protected]:~# /usr/local/ispconfig/server/server.sh 25.01.2021-19:29 - DEBUG - Calling function 'check_phpini_changes' from plugin ' webserver_plugin' raised by action 'server_plugins_loaded'. 25.01.2021-19:29 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispcon fig_lock finished server.php. [email protected]:~# less /usr/local/ispconfig/server/server.sh #!/bin/bash PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin . /etc/profile umask 022 if [ -f /usr/local/ispconfig/server/lib/php.ini ]; then PHPINIOWNER=`stat -c %U /usr/local/ispconfig/server/lib/php.ini` if [ $PHPINIOWNER == 'root' ] || [ $PHPINIOWNER == 'ispconfig' ]; then export PHPRC=/usr/local/ispconfig/server/lib fi fi cd /usr/local/ispconfig/server /usr/bin/php -q \ -d disable_classes= \ -d disable_functions= \ -d open_basedir= \ /usr/local/ispconfig/server/server.php cd /usr/local/ispconfig/security /usr/bin/php -q \ -d disable_classes= \ -d disable_functions= \ -d open_basedir= \ /usr/local/ispconfig/security/check.php
To debug this: 1) Disable the server.sh cronjob (which you probably did already). 2) Enable let's encrypt for the domain that you have the issue with. 3) Run server.sh as root user on the shell and post the result.
Code: [email protected]:~# less /usr/local/ispconfig/server/server.sh #!/bin/bash PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin . /etc/profile umask 022 if [ -f /usr/local/ispconfig/server/lib/php.ini ]; then PHPINIOWNER=`stat -c %U /usr/local/ispconfig/server/lib/php.ini` if [ $PHPINIOWNER == 'root' ] || [ $PHPINIOWNER == 'ispconfig' ]; then export PHPRC=/usr/local/ispconfig/server/lib fi fi cd /usr/local/ispconfig/server /usr/bin/php -q \ -d disable_classes= \ -d disable_functions= \ -d open_basedir= \ /usr/local/ispconfig/server/server.php cd /usr/local/ispconfig/security /usr/bin/php -q \ -d disable_classes= \ -d disable_functions= \ -d open_basedir= \ /usr/local/ispconfig/security/check.php /usr/local/ispconfig/server/server.sh (END)
Code: [email protected]:~# /usr/local/ispconfig/server/server.sh 25.01.2021-20:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 25.01.2021-20:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. [email protected]:~#
i went into the system log in the log there are these 3 results look interesting: "Let's Encrypt SSL Cert for: inps-bonus.it could not be issued." "Could not verify domain www.inps-bonus.it, so excluding it from letsencrypt request." "Could not verify domain inps-bonus.it, so excluding it from letsencrypt request."
Hmm, seems as if you either did not activate the let#s encrypt checkbox or missde to comment out the server.sh cronjob in root crontab as described in the faq. Please post the result of this command run as root: crontab -l
Code: [email protected]:~# crontab -l 52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null #* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done [email protected]:~#
No, the line is commented out correctly, so that's not the issue. Please login to ispconfig, go to the affected website. the let's encrypt and ssl checkboxes are unticked, right? Now tick both checkboxes and click save, then run: /usr/local/ispconfig/server/server.sh the debug output must be a lot longer now.
done: Code: [email protected]:~# /usr/local/ispconfig/server/server.sh 25.01.2021-20:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 25.01.2021-20:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. [email protected]:~# crontab -l 52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null #* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done [email protected]:~# /usr/local/ispconfig/server/server.sh 25.01.2021-20:33 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 25.01.2021-20:33 - DEBUG - Found 1 changes, starting update process. 25.01.2021-20:33 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 25.01.2021-20:33 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web4' - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web4' - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web4'|awk 'END{print $2,$NF}' - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: setquota -u 'web4' '0' '0' 0 0 -a &> /dev/null - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: setquota -T -u 'web4' 604800 604800 -a &> /dev/null - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web4' - return code: 0 25.01.2021-20:33 - WARNING - Could not verify domain inps-bonus.it, so excluding it from letsencrypt request. 25.01.2021-20:33 - WARNING - Could not verify domain www.inps-bonus.it, so excluding it from letsencrypt request. 25.01.2021-20:33 - WARNING - Let's Encrypt SSL Cert for: inps-bonus.it could not be issued. 25.01.2021-20:33 - WARNING - 25.01.2021-20:33 - DEBUG - NON-String given in escape function! (boolean) 25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0 25.01.2021-20:33 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web4/.php-fcgi-starter 25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0 25.01.2021-20:33 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/inps-bonus.it.vhost 25.01.2021-20:33 - DEBUG - Apache status is: running 25.01.2021-20:33 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 25.01.2021-20:33 - DEBUG - Restarting httpd: systemctl restart apache2.service 25.01.2021-20:33 - DEBUG - Apache restart return value is: 0 25.01.2021-20:33 - DEBUG - Apache online status after restart is: running 25.01.2021-20:33 - DEBUG - Processed datalog_id 101 25.01.2021-20:33 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. [email protected]:~#
I ran this after it made the certification attempt Code: [email protected]:~# /usr/local/ispconfig/server/server.sh 25.01.2021-20:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 25.01.2021-20:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. [email protected]:~#