Hello I'm a beginner for ISPConfig. Searching "SSL" results were too many, so I could not find the same thread. Can I use SSL at "the control page" of ISPConfig 3.1? 1. SSL at "ISPConfig CTL web"? ( as A-0. ) I setted SSL at the install. Howeve the warning as follow will appear on the browser. "This site is not secure," 2. SSL at user's CTL web ( as B-2. ) 3. I don' know how to SSL at vhost ( C-1. and C-2. ) I am testting SSL as follows. A-0. https machineA.com 8080 -- ISPConfig CTL web B-1. https siteB.com -- siteB web B-2. https siteB.com 8080 -- siteB CTL web C-1. https siteC.com -- vhost siteC web C-2. https siteC.com 8080 -- vhost siteC CTL web I succeeded only SSL at user's web pages. ( B-1. ) Maybe it is from let'sencrypt, I think. My environments CentOS 7.4 64bit. P.S. I changed the 8080 to 443 by update.php one time. Then, I could never get into the control page. Hamano
See here: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
I saw the page, thank you. It seems to use crt and key of letsencrypt. However in my environment, running ./certbot-auto will produce the following result. ./certbot-auto ------------------------------------------------------------------------------- 1: dns1 hypersys net <==== this is my DNS, not ispconfig server. 2: siteB com 3: faq siteB com 4: www siteB com ------------------------------------------------------------------------------- How do I create a crt of ispconfig server with letsencrypt? I'm sorry, I have never used letsencrypt. Hamano
Just follow the tutorial and do not run certbot-auto manually. The ssl cert is created by adding a website with your server hostname and enabling the ssl and let's encrypt checkboxes in that website.
I'm sorry. I am at a loss as to how to explain. I thought that it' better to ask one by one. 1. In my case, ispserver.pem does not exist at /usr/local/ispconfig/interface/ssl/. # cd /usr/local/ispconfig/interface/ssl/ ; ls -la ; total 28 drwxr-x--- 2 root root 4096 Apr 18 13:10 . drwxr-x--- 9 ispconfig ispconfig 4096 Apr 12 14:43 .. -rwxr-x--- 1 root root 45 Apr 17 13:20 empty.dir -rwxr-x--- 1 root root 2179 Apr 17 13:20 ispserver.crt -rwxr-x--- 1 root root 1854 Apr 17 13:20 ispserver.csr -rwxr-x--- 1 root root 3243 Apr 17 13:20 ispserver.key -rwxr-x--- 1 root root 3311 Apr 17 13:17 ispserver.key.secure 2. In my case, the server name directry does not exist at /etc/letsencrypt/live/ # cd /etc/letsencrypt/live/ ; ls -la total 16 drwx------ 4 root root 4096 Apr 13 16:03 . drwxr-xr-x 9 root root 4096 Apr 18 13:07 .. drwxr-xr-x 2 root root 4096 Apr 14 10:29 siteB com drwxr-xr-x 2 root root 4096 Apr 13 16:03 www siteB com So I cannot follow your tutorial. Hamano
I took it with doubt. However, an error occurred when restarting the httpd. # systemctl restart httpd.service ; Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. # journalctl -xe ....... Apr 18 13:53:09 r15238.hypers.net httpd[29288]: AH00526: Syntax error on line 63 of /etc/httpd/conf/sites-enabled/000-ispconfig.vhost: ....... # the line 63 of /etc/httpd/conf/sites-enabled/000-ispconfig.vhost # is : SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt # ls -la /usr/local/ispconfig/interface/ssl/ispserver.crt lrwxrwxrwx 1 root root 53 Apr 18 13:30 /usr/local/ispconfig/interface/ssl/ispserver.crt -> /etc/letsencrypt/live/<my-ispconf-servername>/fullchain.pem # ls -la /etc/letsencrypt/live/r15238.hypers.net/fullchain.pem ls: cannot access /etc/letsencrypt/live/<my-ispconf-servername>/fullchain.pem: No such file or directory <==== # cd /etc/letsencrypt/live/ ; ls -la total 16 drwx------ 4 root root 4096 Apr 13 16:03 . drwxr-xr-x 9 root root 4096 Apr 18 13:07 .. drwxr-xr-x 2 root root 4096 Apr 14 10:29 siteB com drwxr-xr-x 2 root root 4096 Apr 13 16:03 www siteB com <my-ispconf-servername> is not exsited. Is not there something wrong in the tutorial? Hamano
No, you just seem to have missed doing the first step from the tutorial: Create a website for your server name in ISPConfig and enable lets encrypt for it.
I apologize to you. It's because the name of my ipconfig server was not www. It's "s15238 mydomai com". So, I filled 's15238 mydomai com' in Domain field. And I filled 'none' in Auto-Subdomain field. Then, after I setted SSL at the sercer, the ipconfig server name came up in /etc/letsencrypt/live/. I appreciate your patience.
How about my first questions for vhost? C-1. https siteC.com -- vhost siteC web C-2. https siteC.com 8080 -- vhost siteC CTL web Hamano
The control panel on port 8080 is accessed through the hostname only, you don't use any website domains to access it.
Evry users and resellers go into an ispconfig hostname 8080, OK now I undersatand. Thank you very much. Let's close the conversation.
