Posts

Ispconfig3: Let’s Encrypt not working

There can be several reasons for Let’s Encrypt certificates not being issued for sites. These are some things to check:

  • When creating a new website, save it first, then open it again and check Let’s encrypt and then save it (i.e. don’t check the Let’s Encrypt unless the website has been saved at least once in Ispconfig3)
  • Delete any existing certificates under the SSL tab for the website, including self signed
  • Check that all host names for the website and webaliases are pointing to the correct server
  • Use A records, not CNAME
  • Make sure there are no redirects on the website
  • Check for error messages in the log file; /var/log/letsencrypt/letsencrypt.log
  • If you get messages in the letsencrypt.log file like;
    “Please choose an account
    Choises: “
    Then check /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory and if there are more than one account (subdirectory) move all but one to another location.
  • Check the web logs for the site, both access and error logs, for accesses to .well-known/acme-challenge/* and verify that they are served properly (status code 200)