[SOLVED] ISPConfig 3.1.7p1 - Lets Encrypt - SSL_ERROR_RX_RECORD_TOO_LONG

Discussion in 'Installation/Configuration' started by rgbfreak, Oct 23, 2017.

  1. rgbfreak

    rgbfreak New Member

    Hi, I am nearly desperate.
    until yesterday, my server works fine. Since this day, I get this error, then i visit a webpage with a Lets Encrypt Certificate:
    I checked the logs. Nothing.
    I did the LE Error FAQ https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ - doesn't helped.
    I uninstall a LE certificate manually with /opt/certbot/certbot-auto delete and reinstall the LE certificate with ISPconfig with no major errors. Also the Ceckbox with LE certificate is checked.
    I uninstalled it again manually and installed it manually. This was the console output:
    [email protected] /opt/certbot # /root/.local/share/letsencrypt/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected]  --domains kursiv.rgb24.de --webroot-path /usr/local/ispconfig/interface/acme
    You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages.
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for kursiv.rgb24.de
    Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    - Congratulations! Your certificate and chain have been saved at:
       Your key file has been saved at:
       Your cert will expire on 2018-01-21. To obtain a new or tweaked
       version of this certificate in the future, simply run
       letsencrypt-auto again. To non-interactively renew *all* of your
       certificates, run "letsencrypt-auto renew"
    - If you like Certbot, please consider supporting our work by:
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    Looks good so far.
    The Server OS is Debian Jessie
  2. rgbfreak

    rgbfreak New Member

    the HTF Report is attached.

    Attached Files:

  3. rgbfreak

    rgbfreak New Member

    I found the solution.
    I replaced the file /etc/apache2/sites-available/000-default-le-ssl.conf by an empty file.
    Now it works again.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if you have run LE on the shell manually and created an SSL cert with it, this created the file /etc/apache2/sites-available/000-default-le-ssl.conf which caused this error. For that reason, we describe in the perfect server guides to not create SSL certs on the Shell with LE as this will break apache and therefore break ISPConfig.
    rgbfreak likes this.
  5. rgbfreak

    rgbfreak New Member

    I actually run the certbot-auto in the shell.
    Because I just wanted to update the script itself because I got warnings that the certbot-auto script is outdated.
    But I alway cancel the certification. I used the certbot only for deleting certificates that I don't need anymore.

Share This Page