Having problems with getting Let’s Encrypt SSL Certificates in your ISPConfigDomain?
Well, then you are not a lone and I will show you how you can fix that issue.
ISPConfig recently implemented a feature which checks if the Site you are requesting a domain for really exists. In my case, I was adding some alias domains to a existing site and was wondering why LE is not creating the SSL Certificate for it. Whatever I tried to do, I could not get it running.
Well, in this situation, one is checking the logfiles. But there was not a single hint in /var/log/letsencrypt/letsencrypt.log neither I found a hint in the syslog and also not in the apache logs. So I enabled debugging in ISPConfig and checked the log in: /var/log/ispconfig/ispconfig.log and every time I set the check mark for Let’s Encrypt SSL in the UI and saved it, this error message appeared in the logs:
WARNING - Could not verify domain so excluding it from letsencrypt request. WARNING - Could not verify domain subB.domain.tld, so excluding it from letsencrypt request. WARNING - Could not verify domain subC.domain.tld, so excluding it from letsencrypt request. WARNING - Let's Encrypt SSL Cert for: sub.domain.tld could not be issued.
This doesn’t tell you where the issue is coming from, neither how you can fix it. I almost bursted and was half way shouting at my laptop.
So, the next thing you do, is to google the error message and see if you can find something. Well, I first bumped into this thread, LetsEncrypt on Debian Jessie + ISP3.12 – automatic fails, manually succeed and found the Post from Fabian, saying:
ISPConfig tries to connect to each site before getting a cert for the domain. If your could not connect to the domain, this domain will be excluded. It seems, that this not working very well on all systems (we already discussed this).
and provided a fix for the nginx_plugin.inc.php and apache2_plugin.inc.php
On my way to find the lines in the config files, I yelled the hell out of my laptop, because I couldn’t find them. Well, the post is from March 2017. Since then they have pushed some updates, and things might have changed.
The next solution I found was on LE: Could not verify domain and there I found the hint to fix the issue.
To fix that problem, you have to enable “Skip Lets Encrypt Check”
In your ISPConfig Settings, click Save, wait for it to apply, and then go ahead and get your certificates!