Error integrate ISPCONFIG

Chris_br · July 18, 2020, 3:51pm

Hi.

We have a web server separate from our DNS. Where we have many subdomains. We are using a DNS integration with ISPconfig to generate the certificates. We changed the server and I am no longer able to make it work.

I’m using this article.

Any idea why the ssl max retrie error occurred?

#certbot --version
certbot 1.5.0

certbot certonly --authenticator certbot-dns-ispconfig:dns-ispconfig --certbot-dns-ispconfig:dns-ispconfig-credentials /root/.acme.sh/account_dns_ispconfig.conf --certbot-dns-ispconfig:dns-ispconfig-propagation-seconds 50 --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --rsa-key-size 4096 -d ‘*.domain.com.br’
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator certbot-dns-ispconfig:dns-ispconfig, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for domain.com.br
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/local/lib/python2.7/dist-packages/certbot/_internal/error_handler.py”, line 125, in _call_registered
self.funcs-1
File “/usr/local/lib/python2.7/dist-packages/certbot/_internal/auth_handler.py”, line 243, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/local/lib/python2.7/dist-packages/certbot/plugins/dns_common.py”, line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File “/usr/local/lib/python2.7/dist-packages/certbot_dns_ispconfig/dns_ispconfig.py”, line 61, in _cleanup
domain, validation_name, validation, self.ttl
File “/usr/local/lib/python2.7/dist-packages/certbot_dns_ispconfig/dns_ispconfig.py”, line 169, in del_txt_record
self._login()
File “/usr/local/lib/python2.7/dist-packages/certbot_dns_ispconfig/dns_ispconfig.py”, line 90, in _login
self.session_id = self._api_request(“login”, logindata)
File “/usr/local/lib/python2.7/dist-packages/certbot_dns_ispconfig/dns_ispconfig.py”, line 97, in _api_request
resp = self.session.get(url, json=data)
File “/usr/local/lib/python2.7/dist-packages/requests/sessions.py”, line 543, in get
return self.request(‘GET’, url, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/requests/sessions.py”, line 530, in request
resp = self.send(prep, **send_kwargs)
File “/usr/local/lib/python2.7/dist-packages/requests/sessions.py”, line 643, in send
r = adapter.send(request, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/requests/adapters.py”, line 514, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host=‘ns1.domain.com.br’, port=50061): Max retries exceeded with url: /?login (Caused by SSLError(SSLError(1, u’[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)’),))
An unexpected error occurred:
SSLError: HTTPSConnectionPool(host=‘ns1.domain.com.br’, port=50061): Max retries exceeded with url: /?login (Caused by SSLError(SSLError(1, u’[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)’),))

schoen · July 19, 2020, 12:21am

Bom dia @Chris_br,

When you followed the instructions in the article, what did you specify for certbot_dns_ispconfig:dns_ispconfig_endpoint in your credentials file? If I’m understanding properly how this plugin works, I think that URL has to be a valid HTTPS URL that supports the ISPConfig interface (and has a working certificate in its own name). If you specified https://ns1.domain.com.br:50061/, perhaps that service doesn’t actually have a valid HTTPS interface set up? If that’s the case and it’s run by the hosting provider (not by you), you would probably have to talk to the hosting provider about making the HTTPS interface to ISPConfig work correctly.

system · August 18, 2020, 12:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.