Get SSL certificate for ISPConfig admin from LetsEncrypt?

Today I successfully obtained and installed two certificates from Let’s Encrypt for two of the domains that I manage by means of ISPCcnfig 3 on by Ubuntu 14.04 machine.
Now I would like to do the same for ISPConfig’s web interface. It’s accessible at the domain itself is also managed by ISPConfig and has web content there.
So, I tried certbot certonly --webroot -w /var/www/ -d and certbot certonly --webroot -w /usr/local/ispconfig/interface/web -d but both returned the following error:

Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from … "



  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from …


    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

I have double-checked and there is an A DNS record for the ‘server’ subdomain.
Could you advise me how to proceed?
Thank you!

I thing the default webroot on ispconfig servers for the server name itself is /var/www/html/ YOu can check it by adding a file, and checking you can reach it in your browser

The web files of ISPConfig’s admin interface are located at /usr/local/ispconfig/interface/web, that I am sure. Besides, there is no such folder /var/www/html.

Correct - but that is on port 8080, and the test for obtaining the certificate is using port 80 (http) or 443 (https)
I've just checked 4 different servers I have with ispconfig, and in each of them it's /var/www/html

If you check in /etc/apache2/sites-available is there a file 000-default.conf ? (this should be the default for your server )

If you look in that file - what does it say for DocumentRoot ?

The DocumentRoot is /var/www. Is this what I should use with Certbot?

yes, that's correct.

Thanks! Just tried that, but got the same error message, I’m afraid:

/certbot-auto certonly --webroot -w /var/www -d

Detail: Invalid response from

If you create a file /var/www/.well-known/acme-challenge/test with some pure text content. Can you reach it in your browser ?

Apparently not. The address returns the home page of one of my websites. The newest one, if that could be of any help…

That sounds as if you have a redirect ( htaccess ? ) somewhere. You’d need to check your config and redirects.

I don’t want to abuse your kindness, but I’m a bit lost. Could you give me any ideas where to look for this redirect?

It’s tricky without knowing your domains or anything. (are you happy to PM them to me ? ) I’d suggest checking in both /var/www/.htacess in /etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/yourdomain

That would be most kind of you Unfortunately I don’t have the permission to send PMs, apparently.

So, if anyone else is interested, thanks to serverco’s invaluable help, I managed to get a certificate for my ISPConfig web interface and install it successfully.

The problem (or so it would seem) was that 000-default was not enabled in apache2/sites-enabled. After enabling it, I could get the certificate by running

letsencrypt certonly --webroot -w /var/www -d

Hope this helps you!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.