Today I successfully obtained and installed two certificates from Let’s Encrypt for two of the domains that I manage by means of ISPCcnfig 3 on by Ubuntu 14.04 machine.
Now I would like to do the same for ISPConfig’s web interface. It’s accessible at
https://server.mysite.com:8080 the mysite.com domain itself is also managed by ISPConfig and has web content there.
So, I tried
certbot certonly --webroot -w /var/www/mysite.com -d server.mysite.com and
certbot certonly --webroot -w /usr/local/ispconfig/interface/web -d server.mysite.com but both returned the following error:
Failed authorization procedure. server.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from …server.mysite.com/.well-known/acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs: "
The following errors were reported by the server:
Detail: Invalid response from …server.mysite.com/.well-known
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I have double-checked and there is an A DNS record for the ‘server’ subdomain.
Could you advise me how to proceed?
I thing the default webroot on ispconfig servers for the server name itself is /var/www/html/ YOu can check it by adding a file, and checking you can reach it in your browser
The web files of ISPConfig’s admin interface are located at /usr/local/ispconfig/interface/web, that I am sure. Besides, there is no such folder /var/www/html.
Correct - but that is on port 8080, and the test for obtaining the certificate is using port 80 (http) or 443 (https)
I've just checked 4 different servers I have with ispconfig, and in each of them it's /var/www/html
If you check in /etc/apache2/sites-available is there a file 000-default.conf ? (this should be the default for your server )
If you look in that file - what does it say for DocumentRoot ?
The DocumentRoot is /var/www. Is this what I should use with Certbot?
Thanks! Just tried that, but got the same error message, I’m afraid:
/certbot-auto certonly --webroot -w /var/www -d server.mysite.com
Detail: Invalid response from http://server.mysite.com/.well-known/acme-challenge/rlxCJlfMHa-4nYNMs3r_WFEeUWvU2OSsiu-SaFcKUcc:
If you create a file /var/www/.well-known/acme-challenge/test with some pure text content. Can you reach it in your browser http://server.mysite.com/.well-known/acme-challenge/test ?
Apparently not. The address returns the home page of one of my websites. The newest one, if that could be of any help…
That sounds as if you have a redirect ( htaccess ? ) somewhere. You’d need to check your config and redirects.
I don’t want to abuse your kindness, but I’m a bit lost. Could you give me any ideas where to look for this redirect?
It’s tricky without knowing your domains or anything. (are you happy to PM them to me ? ) I’d suggest checking in both /var/www/.htacess in /etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/yourdomain
That would be most kind of you Unfortunately I don’t have the permission to send PMs, apparently.
So, if anyone else is interested, thanks to serverco’s invaluable help, I managed to get a certificate for my ISPConfig web interface and install it successfully.
The problem (or so it would seem) was that 000-default was not enabled in apache2/sites-enabled. After enabling it, I could get the certificate by running
letsencrypt certonly --webroot -w /var/www -d server.mysite.com
Hope this helps you!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.