Get SSL certificate for ISPConfig admin from LetsEncrypt?

Help
1

Hello,
Today I successfully obtained and installed two certificates from Let’s Encrypt for two of the domains that I manage by means of ISPCcnfig 3 on by Ubuntu 14.04 machine.
Now I would like to do the same for ISPConfig’s web interface. It’s accessible at https://server.mysite.com:8080 the mysite.com domain itself is also managed by ISPConfig and has web content there.
So, I tried certbot certonly --webroot -w /var/www/mysite.com -d server.mysite.com and certbot certonly --webroot -w /usr/local/ispconfig/interface/web -d server.mysite.com but both returned the following error:

[QUOTE]
Failed authorization procedure. server.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from …server.mysite.com/.well-known/acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs: "

<m"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: server.mysite.com
    Type: unauthorized
    Detail: Invalid response from …server.mysite.com/.well-known
    /acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs:
    "

    <m"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

[/QUOTE]
I have double-checked and there is an A DNS record for the ‘server’ subdomain.
Could you advise me how to proceed?
Thank you!

2

I thing the default webroot on ispconfig servers for the server name itself is /var/www/html/ YOu can check it by adding a file, and checking you can reach it in your browser

3

The web files of ISPConfig’s admin interface are located at /usr/local/ispconfig/interface/web, that I am sure. Besides, there is no such folder /var/www/html.

4

Correct - but that is on port 8080, and the test for obtaining the certificate is using port 80 (http) or 443 (https)
I've just checked 4 different servers I have with ispconfig, and in each of them it's /var/www/html

If you check in /etc/apache2/sites-available is there a file 000-default.conf ? (this should be the default for your server )

If you look in that file - what does it say for DocumentRoot ?

5

The DocumentRoot is /var/www. Is this what I should use with Certbot?

6

yes, that's correct.

7

Thanks! Just tried that, but got the same error message, I’m afraid:

/certbot-auto certonly --webroot -w /var/www -d server.mysite.com

Detail: Invalid response from http://server.mysite.com/.well-known/acme-challenge/rlxCJlfMHa-4nYNMs3r_WFEeUWvU2OSsiu-SaFcKUcc:
8

If you create a file /var/www/.well-known/acme-challenge/test with some pure text content. Can you reach it in your browser http://server.mysite.com/.well-known/acme-challenge/test ?

9

Apparently not. The address returns the home page of one of my websites. The newest one, if that could be of any help…

10

That sounds as if you have a redirect ( htaccess ? ) somewhere. You’d need to check your config and redirects.

11

I don’t want to abuse your kindness, but I’m a bit lost. Could you give me any ideas where to look for this redirect?

12

It’s tricky without knowing your domains or anything. (are you happy to PM them to me ? ) I’d suggest checking in both /var/www/.htacess in /etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/yourdomain

13

That would be most kind of you Unfortunately I don’t have the permission to send PMs, apparently.

14

So, if anyone else is interested, thanks to serverco’s invaluable help, I managed to get a certificate for my ISPConfig web interface and install it successfully.

The problem (or so it would seem) was that 000-default was not enabled in apache2/sites-enabled. After enabling it, I could get the certificate by running

letsencrypt certonly --webroot -w /var/www -d server.mysite.com

Hope this helps you!

2 Likes
15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.