LetsEncrypt SSL on ISPConfig 3.1


#1

I have 3 accounts setup on ISPConfig and using the LetsEncrypt SSL for all three domains, but the Auto SSL update process failed each time with following error.

Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/MKSe9cFzMXVQu3niTuds8P_0FTedATwAil_L_ggWKFw:
<ht”

IMPORTANT NOTES:

I have to do the following manual changes and re-initiate the LetsEncrypt SSL generate command to manually create new SSL.

  1. I have to create symlink of .well-known to point it to website for which I want to renew SSL inside
    /usr/local/ispconfig/interface folder.

steps: cd /usr/local/ispconfig/interface
ln -s /var/www/clients/client1/web1/web/.well-known/

  1. Create symlink of .well-known to point it to website for which I want to renew SSL inside /usr/local/ispconfig/interface/acme/ folder

steps: cd /usr/local/ispconfig/interface/acme/
ln -s /var/www/clients/client1/web1/web/.well-known/

  1. re-issue the lets encrypt command to generate the SSL again

I have to do the same think when next domain’s SSL get expire, is there any automated fix for this issue ?


#2

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

My domain is: equinetreatments.com

I ran this command: ./letsencrypt-auto --text --agree-tos --email certonly --renew-by-default --webroot --webroot-path /var/www/clients/client1/web1/web -d equinetreatments.com -d equinetreatments.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for equinetreatments.com
Using the webroot path /var/www/clients/client1/web1/web for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/equinetreatments.com/fullchain.pem. Your cert
    will expire on 2017-07-21. To obtain a new or tweaked version of
    this certificate in the future, simply run letsencrypt-auto again.
    To non-interactively renew all of your certificates, run
    "letsencrypt-auto renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My operating system is (include version): Debian GNU/Linux 7 \n \l

My web server is (include version):
Server version: Apache/2.2.22 (Debian)
Server built: Jul 20 2016 05:07:11

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, I can use both control panel and shell.

Please be informed that I do not have problem to generate the new SSL, the auto generation of SSL after 90 day is the main problem. As previously said I have to add those symlynks before I re-generate the LetsEncrypt


#4

Does the symlink somehow get deleted in between the time that you issue the certificate and the time that you want to renew it?


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.