SSL unable in VHOST while enable in client, web and is also generated correctly

Discussion in 'General' started by okdev93, Jan 5, 2022.

  1. okdev93

    okdev93 New Member

    Hi

    SSL is correctly enable in client LIMIT

    Correctly enable in SITES settings

    Correctly generate in SSL TAB (in SITES SETTINGS)

    But there is no 446 virtualhost on the apache site vhost...

    Any one can help me ?

    letsencrypt logs

    Code:
    [Wed 05 Jan 2022 12:55:13 PM CET] _end_n='35'
    [Wed 05 Jan 2022 12:55:13 PM CET] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03c05a90b757b4d7447f4440c769887bd6eb'
    [Wed 05 Jan 2022 12:55:13 PM CET] Cert success.
    [Wed 05 Jan 2022 12:55:13 PM CET] Your cert is in: /root/.acme.sh/www.mydomain.com/www.mydomain.com.cer
    [Wed 05 Jan 2022 12:55:13 PM CET] Your cert key is in: /root/.acme.sh/www.mydomain.com/www.mydomain.com.key
    [Wed 05 Jan 2022 12:55:13 PM CET] The intermediate CA cert is in: /root/.acme.sh/www.mydomain.com/ca.cer
    [Wed 05 Jan 2022 12:55:13 PM CET] And the full chain certs is there: /root/.acme.sh/www.mydomain.com/fullchain.cer
    [Wed 05 Jan 2022 12:55:14 PM CET] _on_issue_success
    [Wed 05 Jan 2022 01:53:01 PM CET] Running cmd: issue
    [Wed 05 Jan 2022 01:53:01 PM CET] _main_domain='mydomain.com'
    [Wed 05 Jan 2022 01:53:01 PM CET] _alt_domains='no'
    [Wed 05 Jan 2022 01:53:01 PM CET] Using config home:/root/.acme.sh
    [Wed 05 Jan 2022 01:53:01 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
    [Wed 05 Jan 2022 01:53:01 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Wed 05 Jan 2022 01:53:01 PM CET] DOMAIN_PATH='/root/.acme.sh/mydomain.com'
    [Wed 05 Jan 2022 01:53:01 PM CET] Le_NextRenewTime='1646480545'
    [Wed 05 Jan 2022 01:53:01 PM CET] _saved_domain='mydomain.com'
    [Wed 05 Jan 2022 01:53:01 PM CET] _saved_alt='no'
    [Wed 05 Jan 2022 01:53:01 PM CET] Domains not changed.
    [Wed 05 Jan 2022 01:53:01 PM CET] Skip, Next renewal time is: Sun 06 Mar 2022 11:42:25 AM UTC
    [Wed 05 Jan 2022 01:53:01 PM CET] Add '--force' to force to renew.
    [Wed 05 Jan 2022 02:15:01 PM CET] Running cmd: issue
    [Wed 05 Jan 2022 02:15:01 PM CET] _main_domain='mydomain.com'
    [Wed 05 Jan 2022 02:15:01 PM CET] _alt_domains='no'
    [Wed 05 Jan 2022 02:15:01 PM CET] Using config home:/root/.acme.sh
    [Wed 05 Jan 2022 02:15:01 PM CET] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
    [Wed 05 Jan 2022 02:15:01 PM CET] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Wed 05 Jan 2022 02:15:01 PM CET] DOMAIN_PATH='/root/.acme.sh/mydomain.com'
    [Wed 05 Jan 2022 02:15:01 PM CET] Le_NextRenewTime='1646480545'
    [Wed 05 Jan 2022 02:15:01 PM CET] _saved_domain='mydomain.com'
    [Wed 05 Jan 2022 02:15:01 PM CET] _saved_alt='no'
    [Wed 05 Jan 2022 02:15:01 PM CET] Domains not changed.
    [Wed 05 Jan 2022 02:15:01 PM CET] Skip, Next renewal time is: Sun 06 Mar 2022 11:42:25 AM UTC
    [Wed 05 Jan 2022 02:15:01 PM CET] Add '--force' to force to renew.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. okdev93

    okdev93 New Member

    I already checked all thoses steps
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the debug output from the last step that you get when activating Let's encrypt again and running server.sh afterwards in debug mode.
     
  5. okdev93

    okdev93 New Member

    Code:
    05.01.2022-15:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    05.01.2022-15:37 - DEBUG - Found 1 changes, starting update process.
    05.01.2022-15:37 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    05.01.2022-15:37 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    05.01.2022-15:37 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web2'|awk 'END{print $2,$NF}' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0
    setquota: Not setting block grace time on /dev/sda1 because softlimit is not exceeded.
    setquota: Not setting inode grace time on /dev/sda1 because softlimit is not exceeded.
    05.01.2022-15:37 - DEBUG - safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/gberge.fr.vhost
    05.01.2022-15:37 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web2.conf
    05.01.2022-15:37 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
    05.01.2022-15:37 - DEBUG - Trying to use Systemd to restart service
    05.01.2022-15:37 - DEBUG - safe_exec cmd: systemctl is-enabled 'php7.4-fpm' 2>&1 - return code: 0
    05.01.2022-15:37 - DEBUG - Restarting php-fpm: systemctl reload php7.4-fpm.service
    05.01.2022-15:37 - DEBUG - Apache status is: running
    05.01.2022-15:37 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    05.01.2022-15:37 - DEBUG - Trying to use Systemd to restart service
    05.01.2022-15:37 - DEBUG - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0
    05.01.2022-15:37 - DEBUG - Restarting httpd: systemctl restart apache2.service
    05.01.2022-15:37 - DEBUG - Apache restart return value is: 0
    05.01.2022-15:37 - DEBUG - Apache online status after restart is: running
    05.01.2022-15:37 - DEBUG - Processed datalog_id 42
    05.01.2022-15:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Are you wanting to use the letsencrypt certificate? If so, do not generate a certificate under the SSL tab, you will need to delete that.
     
  7. okdev93

    okdev93 New Member

    Deleted and server.sh debug output:

    Code:
    05.01.2022-15:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    05.01.2022-15:37 - DEBUG - Found 1 changes, starting update process.
    05.01.2022-15:37 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    05.01.2022-15:37 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    05.01.2022-15:37 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web2'|awk 'END{print $2,$NF}' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0
    setquota: Not setting block grace time on /dev/sda1 because softlimit is not exceeded.
    setquota: Not setting inode grace time on /dev/sda1 because softlimit is not exceeded.
    05.01.2022-15:37 - DEBUG - safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-15:37 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/mydomain.com.vhost
    05.01.2022-15:37 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    05.01.2022-15:37 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web2.conf
    05.01.2022-15:37 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
    05.01.2022-15:37 - DEBUG - Trying to use Systemd to restart service
    05.01.2022-15:37 - DEBUG - safe_exec cmd: systemctl is-enabled 'php7.4-fpm' 2>&1 - return code: 0
    05.01.2022-15:37 - DEBUG - Restarting php-fpm: systemctl reload php7.4-fpm.service
    05.01.2022-15:37 - DEBUG - Apache status is: running
    05.01.2022-15:37 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    05.01.2022-15:37 - DEBUG - Trying to use Systemd to restart service
    05.01.2022-15:37 - DEBUG - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0
    05.01.2022-15:37 - DEBUG - Restarting httpd: systemctl restart apache2.service
    05.01.2022-15:37 - DEBUG - Apache restart return value is: 0
    05.01.2022-15:37 - DEBUG - Apache online status after restart is: running
    05.01.2022-15:37 - DEBUG - Processed datalog_id 42
    05.01.2022-15:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    [email protected]:/etc/apache2/sites-enabled# /usr/local/ispconfig/server/server.sh
    05.01.2022-16:36 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    05.01.2022-16:36 - DEBUG - safe_exec cmd: grep ^opcache.validate_root '/etc/php/7.4/apache2/php.ini' - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: grep ^opcache.validate_root '/etc/php/7.4/fpm/php.ini' - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: grep ^opcache.validate_root '/etc/php/7.4/cgi/php.ini' - return code: 0
    05.01.2022-16:36 - DEBUG - Found 1 changes, starting update process.
    05.01.2022-16:36 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    05.01.2022-16:36 - DEBUG - Deleting SSL Cert for: mydomain.com
    05.01.2022-16:36 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
    05.01.2022-16:36 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web2'|awk 'END{print $2,$NF}' - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0
    setquota: Not setting block grace time on /dev/sda1 because softlimit is not exceeded.
    setquota: Not setting inode grace time on /dev/sda1 because softlimit is not exceeded.
    05.01.2022-16:36 - DEBUG - safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
    05.01.2022-16:36 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    05.01.2022-16:36 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/mydomain.com.vhost
    05.01.2022-16:36 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
    05.01.2022-16:36 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.4/fpm/pool.d/web2.conf
    05.01.2022-16:36 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
    05.01.2022-16:36 - DEBUG - Trying to use Systemd to restart service
    05.01.2022-16:36 - DEBUG - safe_exec cmd: systemctl is-enabled 'php7.4-fpm' 2>&1 - return code: 0
    05.01.2022-16:36 - DEBUG - Restarting php-fpm: systemctl reload php7.4-fpm.service
    05.01.2022-16:36 - DEBUG - Apache status is: running
    05.01.2022-16:36 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
    05.01.2022-16:36 - DEBUG - Trying to use Systemd to restart service
    05.01.2022-16:36 - DEBUG - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0
    05.01.2022-16:36 - DEBUG - Restarting httpd: systemctl restart apache2.service
    05.01.2022-16:36 - DEBUG - Apache restart return value is: 0
    05.01.2022-16:37 - DEBUG - Apache online status after restart is: running
    05.01.2022-16:37 - DEBUG - Processed datalog_id 43
    05.01.2022-16:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I can see, you removed the SSL cert, which is fine. But you did not seem to have selected SSL and let's encrypt checkbox in website settings.
     
  9. okdev93

    okdev93 New Member

    Yes it is Sir
    [​IMG]
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Is there a file with .err file ending for this vhost in the folder /etc/apache2/sites-available/ ?
     
  11. okdev93

    okdev93 New Member

    No Sir

    000-default.conf apps.vhost mydomain.com.vhost ispconfig.vhost
    acme.conf default-ssl.conf ispconfig.conf www.mydomain.com.vhost
     
  12. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    So you're saying https://mydomain.com:443/ does not work? The www subdomain appears to have a certificate per your initial post, does it work? The above screenshot showing ssl/letsencrypt checked is from the correct website? What does 'apachectl -S' show?
     
  13. okdev93

    okdev93 New Member

    None of the ssl cert are working (www included)
    The above screenshot is obviously from the correct website :)
    About apachectl -S:

    Code:
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7
    VirtualHost configuration:
    *:8081                 gberge.mydomain.com (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:8080                 gberge.mydomain.com (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
    *:80                   is a NameVirtualHost
             default server gberge.mydomain.com (/etc/apache2/sites-enabled/000-default.conf:1)
             port 80 namevhost gberge.mydomain.com (/etc/apache2/sites-enabled/000-default.conf:1)
             port 80 namevhost mydomain.com (/etc/apache2/sites-enabled/100-mydomain.com.vhost:7)
             port 80 namevhost www.mydomain.com (/etc/apache2/sites-enabled/100-www.mydomain.com.vhost:7)
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex authdigest-client: using_defaults
    Mutex fcgid-proctbl: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex proxy: using_defaults
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    Define: MODPERL2
    Define: ENABLE_USR_LIB_CGI_BIN
    User: name="www-data" id=33
    Group: name="www-data" id=33
    
     
  14. okdev93

    okdev93 New Member

    Its seem like its not even enabled in Apache
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Uncheck the ssl and let#s encrypt cehckbox of that website, press save, then enable both checkboxes again and press save. Then run server.sh script again as root user and post the output that you get now.
     
  16. okdev93

    okdev93 New Member

    Re
    Results


    Code:
    07.01.2022-08:56 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    07.01.2022-08:56 - DEBUG - safe_exec cmd: grep ^opcache.validate_root '/etc/php/7.4/apache2/php.ini' - return code: 0
    07.01.2022-08:56 - DEBUG - safe_exec cmd: grep ^opcache.validate_root '/etc/php/7.4/fpm/php.ini' - return code: 0
    07.01.2022-08:56 - DEBUG - safe_exec cmd: grep ^opcache.validate_root '/etc/php/7.4/cgi/php.ini' - return code: 0
    07.01.2022-08:56 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    finished server.php.
    
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    The output means that there were no changes to be processed. Are you really sure that you disabled the server.sh cronjob in root crontab, when it's enabled, debugging will fail. Post the result of:

    crontab -l

    command run as root.
     
  18. okdev93

    okdev93 New Member

    Yes Sir

    Code:
    59 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    #* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
    * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you really uncheck the checkboxes, then click save (important!) then open the settings again, enable them and then click on save again?
     
  20. okdev93

    okdev93 New Member

    Yes Sir and I just did it one more time and they are pending, its do not move atm
     

Share This Page