Ispconfig3: Let’s Encrypt not working

There can be several reasons for Let’s Encrypt certificates not being issued for sites. These are some things to check:

  • When creating a new website, save it first, then open it again and check Let’s encrypt and then save it (i.e. don’t check the Let’s Encrypt unless the website has been saved at least once in Ispconfig3)
  • Delete any existing certificates under the SSL tab for the website, including self signed
  • Check that all host names for the website and webaliases are pointing to the correct server
  • Use A records, not CNAME
  • Make sure there are no redirects on the website
  • Check for error messages in the log file; /var/log/letsencrypt/letsencrypt.log
  • If you get messages in the letsencrypt.log file like;
    “Please choose an account
    Choises: “
    Then check /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory and if there are more than one account (subdirectory) move all but one to another location.
  • Check the web logs for the site, both access and error logs, for accesses to .well-known/acme-challenge/* and verify that they are served properly (status code 200)

Roundcube – add client’s IP-address and host name to outgoing email headers

By default, the logged in client’s IP-address and hostname are not present in the outgoing email headers which makes it hard to trace the origin in case of abuse.

To make roundcube add this to the email headers of outgoing email, put this in the roundcube configuration file:

// put user's ip and host name in mail headers to enable trace
$config['http_received_header'] = true;

Ispconfig3: awstats/webalizer not working, client web logs empty

If awstats or webalizer is not containing any data and the client web logs are empty, the cause might be missing mounts of the log directories in /etc/fstab.

Search /etc/fstab for the client domain name. If no log mount is found, add a line for the client web site manually in this form:

/var/log/ispconfig/httpd/DOMAIN.COM /var/www/clients/clientNNN/webNNN/log    none    bind,nobootwait    0 0

After that do:

mount -a
mount

to verify it is mounted. After nightly cron, check that awstats or webalizer contains data.

Asterisk / FreePBX sip trunk registration problem, Serious Network Trouble

The asterisk log file (/var/log/asterisk/full) shows entries like this:

[Sep  3 04:02:08] ERROR[3984] chan_sip.c: Serious Network Trouble; __sip_xmit returns error for pkt data

Solution: The server had been moved from one public IP-address to another. In Asterisk PBX settings, the fields for both External IP and Bind Address (under Advanced) needed adjustment to the new IP-address. After server reload everything worked normally.