It would be great if this great free tool could be integrated into ISPCONFIG for generating certificates for websites as well as other services like email. https://letsencrypt.org/howitworks/
@till http://git.ispconfig.org/ispconfig/.../plugins-available/nginx_plugin.inc.php#L1293 why remove all .well-know/ sub dir? owncloud strore here some data too.. so better check/remove only .well-known/acme-challenge/
Yes, you're right. We will change that and remove .well-known only when its empty after removing acme-challenge/.
Look forward to using that, LetsEncrypte.ORG has been getting a lot of PR all over the places, podcasts, security blogs, already gave a record certs out and that came with some negative PR that some misuse the certs for malvertising and hope that won't discourage sys admins from using it or developers like ISPCONFIG from implementing ease of use and adoption to install in their panel.
Sponsoryzed by people that lost a lot of $$$ from free cert? can run an httpS site with malware/virus etc, also with a valid SSL from symantec, globalsign, comodo , verisign ...
it's not like there aren't any other free ssl cert providers that can also be automated..... a ssl connection doesn't mean the entity can be trusted. It only means you've reached the website throught a secure channel.
You will find abusers on both sides regardless if they use free or paid certs. The percentage is so small that the benefits in using 'letsencrypt' outweigh the negative stories you or I might hear. Even now I don't mind paying $10/year for a ssl cert, I would rather support the 'let's encrypt' movement instead of giving money to a company like Comodo that rips off Chrome with their own white-labeling (Chromodo) and putting users in danger while browsing.
Let's Encrypt allow to issue certs on ports 80 and 443, and there is also an alternative mode, called DNS-01. With this method will we be able to issue certs for Postfix and other services like ISPConfig admin 8080 itself? https://github.com/Neilpang/acme.sh#8-automatic-dns-api-integration
ispconfig doesn't currently support that, though it might be something to look in to (file an rfe in the issue tracker describing it). You can use letsencrypt for the control panel and postfix with manual setup, see https://www.howtoforge.com/communit...fig-admin-from-letsencrypt.73097/#post-344008 and https://www.howtoforge.com/community/threads/letsencrypt-on-mail-server.73695/
I've been wanting to get to setting up letsencrypt certificated for mysql on all ispconfig nodes, and right now I've had to leave port 443 open so the certificates can be validated - DNS-01 would sure be a nicer solution there. https://git.ispconfig.org/ispconfig/ispconfig3/issues/4202
Hello, thanks for letsencrypt integration it works great Do you plan to add a posibility to choose certificate type? I am using ECC certs now and RSA is a bit a step back for me due to its size and impact on performance.
I don't believe I've seen it requested or any discussion of it, but go ahead and add an feature request in the issue tracker (and maybe add some details as to the types you'd like to see available).
