site certification problem with the l'etsencrypt

Discussion in 'Installation/Configuration' started by mymmo73, Jan 25, 2021.

Page 1 of 3
  1. mymmo73

    mymmo73 Member

    Hi today I added a site to my server but I can't certicate it my ispconfig is version 3.2.2 below the log:
    Code:
    [Mon 25 Jan 2021 12:52:01 AM CET] Running cmd: cron
[Mon 25 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
[Mon 25 Jan 2021 12:52:01 AM CET] default_acme_server
[Mon 25 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:01 AM CET] ===Starting cron===
[Mon 25 Jan 2021 12:52:01 AM CET] Using config home:/root/.acme.sh
[Mon 25 Jan 2021 12:52:01 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:01 AM CET] _stopRenewOnError
[Mon 25 Jan 2021 12:52:01 AM CET] _set_level='2'
[Mon 25 Jan 2021 12:52:01 AM CET] di='/root/.acme.sh/server.tradingforum.it/'
[Mon 25 Jan 2021 12:52:02 AM CET] d='server.tradingforum.it'
[Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
[Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:02 AM CET] DOMAIN_PATH='/root/.acme.sh/server.tradingforum.it'
[Mon 25 Jan 2021 12:52:02 AM CET] Renew: 'server.tradingforum.it'
[Mon 25 Jan 2021 12:52:02 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
[Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:02 AM CET] Skip, Next renewal time is: Wed 24 Feb 2021 05:20:58 PM UTC
[Mon 25 Jan 2021 12:52:02 AM CET] Add '--force' to force to renew.
[Mon 25 Jan 2021 12:52:02 AM CET] Return code: 2
[Mon 25 Jan 2021 12:52:02 AM CET] Skipped server.tradingforum.it
[Mon 25 Jan 2021 12:52:02 AM CET] di='/root/.acme.sh/tradingforum.it/'
[Mon 25 Jan 2021 12:52:02 AM CET] d='tradingforum.it'
[Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
[Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:02 AM CET] DOMAIN_PATH='/root/.acme.sh/tradingforum.it'
[Mon 25 Jan 2021 12:52:02 AM CET] Renew: 'tradingforum.it'
[Mon 25 Jan 2021 12:52:02 AM CET] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:02 AM CET] Using config home:/root/.acme.sh
[Mon 25 Jan 2021 12:52:02 AM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 25 Jan 2021 12:52:02 AM CET] Skip, Next renewal time is: Sat 27 Feb 2021 10:15:40 PM UTC
[Mon 25 Jan 2021 12:52:02 AM CET] Add '--force' to force to renew.
[Mon 25 Jan 2021 12:52:02 AM CET] Return code: 2
[Mon 25 Jan 2021 12:52:02 AM CET] Skipped tradingforum.it
[Mon 25 Jan 2021 12:52:02 AM CET] _error_level='3'
[Mon 25 Jan 2021 12:52:02 AM CET] _set_level='2'
[Mon 25 Jan 2021 12:52:02 AM CET] ===End cron===
    Thanks in advance for your help
     
    mymmo73, Jan 25, 2021
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The affected site is the tradingforum?
     
    till, Jan 25, 2021
    #2
  3. mymmo73

    mymmo73 Member

    tradingforum.it (xxx.tradingforum.it) is the domain of the server and the certificate is ok for him, the domain affected by the problem is another one that I was trying to add, but the strange thing is that the new domain is not reported in the log ..
     
    mymmo73, Jan 25, 2021
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Jan 25, 2021
    #4
  5. mymmo73

    mymmo73 Member

    I followed what is indicated in your guide but it didn't help me in the end I resorted to the debug mode I don't know if I did well in every place what came out:
    Code:
    crontab: installing new crontab
[email protected]:~# /usr/local/ispconfig/server/server.sh
25.01.2021-19:29 - DEBUG - Calling function 'check_phpini_changes' from plugin '                                                                                                             webserver_plugin' raised by action 'server_plugins_loaded'.
25.01.2021-19:29 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispcon                                                                                                             fig_lock
finished server.php.
[email protected]:~# less /usr/local/ispconfig/server/server.sh
#!/bin/bash


PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin

. /etc/profile

umask 022

if [ -f /usr/local/ispconfig/server/lib/php.ini ]; then
        PHPINIOWNER=`stat -c %U /usr/local/ispconfig/server/lib/php.ini`
        if [ $PHPINIOWNER == 'root' ] || [ $PHPINIOWNER == 'ispconfig'  ]; then
                export PHPRC=/usr/local/ispconfig/server/lib
        fi
fi

cd /usr/local/ispconfig/server
/usr/bin/php -q \
    -d disable_classes= \
    -d disable_functions= \
    -d open_basedir= \
    /usr/local/ispconfig/server/server.php

cd /usr/local/ispconfig/security
/usr/bin/php -q \
    -d disable_classes= \
    -d disable_functions= \
    -d open_basedir= \
    /usr/local/ispconfig/security/check.php
     
    mymmo73, Jan 25, 2021
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Is this an nginx or apache server?
     
    till, Jan 25, 2021
    #6
  7. mymmo73

    mymmo73 Member

    apache2
     
    mymmo73, Jan 25, 2021
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    To debug this:

    1) Disable the server.sh cronjob (which you probably did already).
    2) Enable let's encrypt for the domain that you have the issue with.
    3) Run server.sh as root user on the shell and post the result.
     
    till, Jan 25, 2021
    #8
  9. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# less /usr/local/ispconfig/server/server.sh


#!/bin/bash


PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin

. /etc/profile

umask 022

if [ -f /usr/local/ispconfig/server/lib/php.ini ]; then
        PHPINIOWNER=`stat -c %U /usr/local/ispconfig/server/lib/php.ini`
        if [ $PHPINIOWNER == 'root' ] || [ $PHPINIOWNER == 'ispconfig'  ]; then
                export PHPRC=/usr/local/ispconfig/server/lib
        fi
fi

cd /usr/local/ispconfig/server
/usr/bin/php -q \
    -d disable_classes= \
    -d disable_functions= \
    -d open_basedir= \
    /usr/local/ispconfig/server/server.php

cd /usr/local/ispconfig/security
/usr/bin/php -q \
    -d disable_classes= \
    -d disable_functions= \
    -d open_basedir= \
    /usr/local/ispconfig/security/check.php
/usr/local/ispconfig/server/server.sh (END)
     
    mymmo73, Jan 25, 2021
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Do not run less, run the command as shown in the faq article:

    /usr/local/ispconfig/server/server.sh
     
    till, Jan 25, 2021
    #10
  11. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
25.01.2021-20:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
25.01.2021-20:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
[email protected]:~#
     
    mymmo73, Jan 25, 2021
    #11
  12. mymmo73

    mymmo73 Member

    i went into the system log in the log there are these 3 results look interesting:
    "Let's Encrypt SSL Cert for: inps-bonus.it could not be issued."
    "Could not verify domain www.inps-bonus.it, so excluding it from letsencrypt request."
    "Could not verify domain inps-bonus.it, so excluding it from letsencrypt request."
     
    mymmo73, Jan 25, 2021
    #12
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Hmm, seems as if you either did not activate the let#s encrypt checkbox or missde to comment out the server.sh cronjob in root crontab as described in the faq. Please post the result of this command run as root:

    crontab -l
     
    till, Jan 25, 2021
    #13
  14. mymmo73

    mymmo73 Member

    Code:
    [email protected]:~# crontab -l
52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
#* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
* * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
[email protected]:~#
     
    mymmo73, Jan 25, 2021
    #14
  15. mymmo73

    mymmo73 Member

    maybe I commented on the wrong line
     
    mymmo73, Jan 25, 2021
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    No, the line is commented out correctly, so that's not the issue. Please login to ispconfig, go to the affected website. the let's encrypt and ssl checkboxes are unticked, right? Now tick both checkboxes and click save, then run:

    /usr/local/ispconfig/server/server.sh

    the debug output must be a lot longer now.
     
    till, Jan 25, 2021
    #16
  17. mymmo73

    mymmo73 Member

    done:
    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
25.01.2021-20:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
25.01.2021-20:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
[email protected]:~# crontab -l
52 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
#* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
* * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
[email protected]:~# /usr/local/ispconfig/server/server.sh
25.01.2021-20:33 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
25.01.2021-20:33 - DEBUG - Found 1 changes, starting update process.
25.01.2021-20:33 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
25.01.2021-20:33 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web4' - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web4' - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web4'|awk 'END{print $2,$NF}' - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: setquota -u 'web4' '0' '0' 0 0 -a &> /dev/null - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: setquota -T -u 'web4' 604800 604800 -a &> /dev/null - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web4' - return code: 0
25.01.2021-20:33 - WARNING - Could not verify domain inps-bonus.it, so excluding it from letsencrypt request.
25.01.2021-20:33 - WARNING - Could not verify domain www.inps-bonus.it, so excluding it from letsencrypt request.
25.01.2021-20:33 - WARNING - Let's Encrypt SSL Cert for: inps-bonus.it could not be issued.
25.01.2021-20:33 - WARNING -
25.01.2021-20:33 - DEBUG - NON-String given in escape function! (boolean)
25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0
25.01.2021-20:33 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web4/.php-fcgi-starter
25.01.2021-20:33 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web4/.php-fcgi-starter' - return code: 0
25.01.2021-20:33 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/inps-bonus.it.vhost
25.01.2021-20:33 - DEBUG - Apache status is: running
25.01.2021-20:33 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
25.01.2021-20:33 - DEBUG - Restarting httpd: systemctl restart apache2.service
25.01.2021-20:33 - DEBUG - Apache restart return value is: 0
25.01.2021-20:33 - DEBUG - Apache online status after restart is: running
25.01.2021-20:33 - DEBUG - Processed datalog_id 101
25.01.2021-20:33 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
[email protected]:~#
     
    mymmo73, Jan 25, 2021
    #17
  18. mymmo73

    mymmo73 Member

    I did this during the certification phase
     
    mymmo73, Jan 25, 2021
    #18
  19. mymmo73

    mymmo73 Member

    I ran this after it made the certification attempt
    Code:
    [email protected]:~# /usr/local/ispconfig/server/server.sh
25.01.2021-20:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
25.01.2021-20:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.
root[email protected]:~#
     
    mymmo73, Jan 25, 2021
    #19
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, the output in #17 helps a lot.

    Is the server behind a router?
    Does your server IP ends with 59?
     
    till, Jan 25, 2021
    #20
Page 1 of 3

Share This Page