Hello,
Today I successfully obtained and installed two certificates from Let’s Encrypt for two of the domains that I manage by means of ISPCcnfig 3 on by Ubuntu 14.04 machine.
Now I would like to do the same for ISPConfig’s web interface. It’s accessible at https://server.mysite.com:8080 the mysite.com domain itself is also managed by ISPConfig and has web content there.
So, I tried certbot certonly --webroot -w /var/www/mysite.com -d server.mysite.com and certbot certonly --webroot -w /usr/local/ispconfig/interface/web -d server.mysite.com but both returned the following error:
[QUOTE]
Failed authorization procedure. server.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from …server.mysite.com/.well-known/acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs: "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
[/QUOTE]
I have double-checked and there is an A DNS record for the ‘server’ subdomain.
Could you advise me how to proceed?
Thank you!
I thing the default webroot on ispconfig servers for the server name itself is /var/www/html/ YOu can check it by adding a file, and checking you can reach it in your browser
The web files of ISPConfig’s admin interface are located at /usr/local/ispconfig/interface/web, that I am sure. Besides, there is no such folder /var/www/html.
Correct - but that is on port 8080, and the test for obtaining the certificate is using port 80 (http) or 443 (https)
I've just checked 4 different servers I have with ispconfig, and in each of them it's /var/www/html
If you check in /etc/apache2/sites-available is there a file 000-default.conf ? (this should be the default for your server )
If you look in that file - what does it say for DocumentRoot ?
It’s tricky without knowing your domains or anything. (are you happy to PM them to me ? ) I’d suggest checking in both /var/www/.htacess in /etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/yourdomain
So, if anyone else is interested, thanks to serverco’s invaluable help, I managed to get a certificate for my ISPConfig web interface and install it successfully.
The problem (or so it would seem) was that 000-default was not enabled in apache2/sites-enabled. After enabling it, I could get the certificate by running