Hello, I have some questions about installing a SSL Cert on my ISPConfig 3 (master/master) Multi-server setup. I'm running: two OpenVZ containers on Debian 7 x64 with ISPConfig 3.0.5.4p8 in a Master/Master cluster. srv1.mycompany.com 123.123.123.123 srv2.mycompany.com 123.123.123.124 To let my customers access to the ISPConfig interface, I'm doing Round-robin with two "A" records like: https://cp.mycompany.com:8080 --> 123.123.123.123 https://cp.mycompany.com:8080 --> 123.123.123.124 and also I have a reseller who's doing the same thing with his own domain name, like: https://cp.reseller.com:8080 --> 123.123.123.123 https://cp.reseller.com:8080 --> 123.123.123.124 My goal is to avoid the warnings about the self signed certificates when accessing to the ISPConfig interface. For this I want to buy a SSL Cert, but I don't know what kind of SSL Cert is the best advised for my setup: separate SSL Certs for each server or a Wildcard certificate? considering that my reseller want to profit of this feature too. Another question: there are posibility to do this with a free SSL solution like https://letsencrypt.org/ ? Thanks in advance for your reply, Regards !
ssl certs are name-based. Letsencrypt gives you free certs but no idea how to link those to ispc interface.
There is integration for Let's Encrypt in ISPC planned. But as far as I know the discussion was only about hosted domains with automatic ssl (renewal) through LE. So I wondered if an option will be added also to get certs for ISPC itself.
Hello, Thanks for your answers ! this is how I did it: You have to run the following commands in each server in the cluster, this setup works for Debian 7.0 with Apache or NGINX. Install some dependencies: Code: apt-get install build-essential python-pip git pip install virtualenv pip install pyopenssl ndg-httpsclient pyasn1 pip install cryptography Stop your webserver: Code: service apache2 stop Install LetsEncrypt client: Code: git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly When asked, add all the domain names from where your ISPConfig can be accessed, in my scenario I put: On srv1.mycompany.com: Code: srv1.mycompany.com, cp.mycompany.com, cp.reseller.com On srv2.mycompany.com: Code: srv2.mycompany.com, cp.mycompany.com, cp.reseller.com Backup the self signed certificates: Code: mkdir /usr/local/ispconfig/interface/ssl/originales mv /usr/local/ispconfig/interface/ssl/isp* /usr/local/ispconfig/interface/ssl/originales Link the new (letsencrypt) certificates : Code: ln -s /etc/letsencrypt/live/srv1.mycompany.com/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt ln -s /etc/letsencrypt/live/srv2.mycompany.com/privkey.pem /usr/local/ispconfig/interface/ssl/ispserver.key Start your webserver: Code: service apache2 start You are done !
To follow dvazart's instructions, I had to use option 2 (standalone) after executing ./letsencrypt-auto certonly. This option places the certificates' in the /etc/letsencrypt/live/your-domain-here.com/ folder so you can easily place the symbolic links' stated above.
ISPConfig 3.1 users now have the latest guide / tutorial in securing their ISPConfig control panel, other major services and other ISPConfig server in their single or multi server setup: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ Thank you.
