Get SSL certificate for ISPConfig admin from LetsEncrypt?


#1

Hello,
Today I successfully obtained and installed two certificates from Let’s Encrypt for two of the domains that I manage by means of ISPCcnfig 3 on by Ubuntu 14.04 machine.
Now I would like to do the same for ISPConfig’s web interface. It’s accessible at https://server.mysite.com:8080 the mysite.com domain itself is also managed by ISPConfig and has web content there.
So, I tried certbot certonly --webroot -w /var/www/mysite.com -d server.mysite.com and certbot certonly --webroot -w /usr/local/ispconfig/interface/web -d server.mysite.com but both returned the following error:

[QUOTE]
Failed authorization procedure. server.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from …server.mysite.com/.well-known/acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs: "

<m"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: server.mysite.com
    Type: unauthorized
    Detail: Invalid response from …server.mysite.com/.well-known
    /acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs:
    "

    <m"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

[/QUOTE]
I have double-checked and there is an A DNS record for the ‘server’ subdomain.
Could you advise me how to proceed?
Thank you!


#2

I thing the default webroot on ispconfig servers for the server name itself is /var/www/html/ YOu can check it by adding a file, and checking you can reach it in your browser


#3

The web files of ISPConfig’s admin interface are located at /usr/local/ispconfig/interface/web, that I am sure. Besides, there is no such folder /var/www/html.


#4

Correct - but that is on port 8080, and the test for obtaining the certificate is using port 80 (http) or 443 (https)
I’ve just checked 4 different servers I have with ispconfig, and in each of them it’s /var/www/html

If you check in /etc/apache2/sites-available is there a file 000-default.conf ? (this should be the default for your server )

If you look in that file - what does it say for DocumentRoot ?


#5

The DocumentRoot is /var/www. Is this what I should use with Certbot?


#6

yes, that’s correct.


#7

Thanks! Just tried that, but got the same error message, I’m afraid:

/certbot-auto certonly --webroot -w /var/www -d server.mysite.com

Detail: Invalid response from http://server.mysite.com/.well-known/acme-challenge/rlxCJlfMHa-4nYNMs3r_WFEeUWvU2OSsiu-SaFcKUcc:

#8

If you create a file /var/www/.well-known/acme-challenge/test with some pure text content. Can you reach it in your browser http://server.mysite.com/.well-known/acme-challenge/test ?


#9

Apparently not. The address returns the home page of one of my websites. The newest one, if that could be of any help…


#10

That sounds as if you have a redirect ( htaccess ? ) somewhere. You’d need to check your config and redirects.


#11

I don’t want to abuse your kindness, but I’m a bit lost. Could you give me any ideas where to look for this redirect?


#12

It’s tricky without knowing your domains or anything. (are you happy to PM them to me ? ) I’d suggest checking in both /var/www/.htacess in /etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/yourdomain


#13

That would be most kind of you Unfortunately I don’t have the permission to send PMs, apparently.


#14

So, if anyone else is interested, thanks to serverco’s invaluable help, I managed to get a certificate for my ISPConfig web interface and install it successfully.

The problem (or so it would seem) was that 000-default was not enabled in apache2/sites-enabled. After enabling it, I could get the certificate by running

letsencrypt certonly --webroot -w /var/www -d server.mysite.com

Hope this helps you!


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.