LetsEncrypt SSL on ISPConfig 3.1

I have 3 accounts setup on ISPConfig and using the LetsEncrypt SSL for all three domains, but the Auto SSL update process failed each time with following error.

Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/MKSe9cFzMXVQu3niTuds8P_0FTedATwAil_L_ggWKFw: “
<ht”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: domain.com
  Type: unauthorized
  Detail: Invalid response from
  http://domain.com/.well-known/acme-challenge/MKSe9cFzMXVQu3niTuds8P_0FTedATwAil_L_ggWKFw:
  "

I have to do the following manual changes and re-initiate the LetsEncrypt SSL generate command to manually create new SSL.

1. I have to create symlink of .well-known to point it to website for which I want to renew SSL inside
   /usr/local/ispconfig/interface folder.

steps: cd /usr/local/ispconfig/interface
ln -s /var/www/clients/client1/web1/web/.well-known/

2. Create symlink of .well-known to point it to website for which I want to renew SSL inside /usr/local/ispconfig/interface/acme/ folder

steps: cd /usr/local/ispconfig/interface/acme/
ln -s /var/www/clients/client1/web1/web/.well-known/

3. re-issue the lets encrypt command to generate the SSL again

I have to do the same think when next domain’s SSL get expire, is there any automated fix for this issue ?

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

My domain is: equinetreatments.com

I ran this command: ./letsencrypt-auto --text --agree-tos --email certonly --renew-by-default --webroot --webroot-path /var/www/clients/client1/web1/web -d equinetreatments.com -d equinetreatments.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for equinetreatments.com
Using the webroot path /var/www/clients/client1/web1/web for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem

IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at
  /etc/letsencrypt/live/equinetreatments.com/fullchain.pem. Your cert
  will expire on 2017-07-21. To obtain a new or tweaked version of
  this certificate in the future, simply run letsencrypt-auto again.
  To non-interactively renew all of your certificates, run
  "letsencrypt-auto renew"

• If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
  Donating to EFF: https://eff.org/donate-le

My operating system is (include version): Debian GNU/Linux 7 \n \l

My web server is (include version):
Server version: Apache/2.2.22 (Debian)
Server built: Jul 20 2016 05:07:11

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, I can use both control panel and shell.

Please be informed that I do not have problem to generate the new SSL, the auto generation of SSL after 90 day is the main problem. As previously said I have to add those symlynks before I re-generate the LetsEncrypt

Does the symlink somehow get deleted in between the time that you issue the certificate and the time that you want to renew it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.