SSL at "the control page"

Discussion in 'Installation/Configuration' started by Hamano, Apr 17, 2018.

Tags:
  1. Hamano

    Hamano New Member

    Hello
    I'm a beginner for ISPConfig.
    Searching "SSL" results were too many, so I could not find the same thread.
    Can I use SSL at "the control page" of ISPConfig 3.1?

    1. SSL at "ISPConfig CTL web"? ( as A-0. )
    I setted SSL at the install.
    Howeve the warning as follow will appear on the browser.
    "This site is not secure,"
    2. SSL at user's CTL web ( as B-2. )
    3. I don' know how to SSL at vhost ( C-1. and C-2. )

    I am testting SSL as follows.
    A-0. https machineA.com 8080 -- ISPConfig CTL web
    B-1. https siteB.com -- siteB web
    B-2. https siteB.com 8080 -- siteB CTL web
    C-1. https siteC.com -- vhost siteC web
    C-2. https siteC.com 8080 -- vhost siteC CTL web

    I succeeded only SSL at user's web pages. ( B-1. )
    Maybe it is from let'sencrypt, I think.
    My environments CentOS 7.4 64bit.
    P.S.
    I changed the 8080 to 443 by update.php one time.
    Then, I could never get into the control page.

    Hamano
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. Hamano

    Hamano New Member

    I saw the page, thank you.
    It seems to use crt and key of letsencrypt.
    However in my environment, running ./certbot-auto will produce the following result.

    ./certbot-auto
    -------------------------------------------------------------------------------
    1: dns1 hypersys net <==== this is my DNS, not ispconfig server.
    2: siteB com
    3: faq siteB com
    4: www siteB com
    -------------------------------------------------------------------------------

    How do I create a crt of ispconfig server with letsencrypt?
    I'm sorry, I have never used letsencrypt.

    Hamano
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Just follow the tutorial and do not run certbot-auto manually. The ssl cert is created by adding a website with your server hostname and enabling the ssl and let's encrypt checkboxes in that website.
     
  5. Hamano

    Hamano New Member

    I'm sorry. I am at a loss as to how to explain.
    I thought that it' better to ask one by one.

    1. In my case, ispserver.pem does not exist at /usr/local/ispconfig/interface/ssl/.
    # cd /usr/local/ispconfig/interface/ssl/ ; ls -la ;
    total 28
    drwxr-x--- 2 root root 4096 Apr 18 13:10 .
    drwxr-x--- 9 ispconfig ispconfig 4096 Apr 12 14:43 ..
    -rwxr-x--- 1 root root 45 Apr 17 13:20 empty.dir
    -rwxr-x--- 1 root root 2179 Apr 17 13:20 ispserver.crt
    -rwxr-x--- 1 root root 1854 Apr 17 13:20 ispserver.csr
    -rwxr-x--- 1 root root 3243 Apr 17 13:20 ispserver.key
    -rwxr-x--- 1 root root 3311 Apr 17 13:17 ispserver.key.secure

    2. In my case, the server name directry does not exist at /etc/letsencrypt/live/
    # cd /etc/letsencrypt/live/ ; ls -la
    total 16
    drwx------ 4 root root 4096 Apr 13 16:03 .
    drwxr-xr-x 9 root root 4096 Apr 18 13:07 ..
    drwxr-xr-x 2 root root 4096 Apr 14 10:29 siteB com
    drwxr-xr-x 2 root root 4096 Apr 13 16:03 www siteB com

    So I cannot follow your tutorial.
    Hamano
     
  6. Hamano

    Hamano New Member

    I took it with doubt.
    However, an error occurred when restarting the httpd.

    # systemctl restart httpd.service ;
    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

    # journalctl -xe
    .......
    Apr 18 13:53:09 r15238.hypers.net httpd[29288]: AH00526: Syntax error on line 63 of /etc/httpd/conf/sites-enabled/000-ispconfig.vhost:
    .......

    # the line 63 of /etc/httpd/conf/sites-enabled/000-ispconfig.vhost
    # is : SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt

    # ls -la /usr/local/ispconfig/interface/ssl/ispserver.crt
    lrwxrwxrwx 1 root root 53 Apr 18 13:30 /usr/local/ispconfig/interface/ssl/ispserver.crt
    -> /etc/letsencrypt/live/<my-ispconf-servername>/fullchain.pem

    # ls -la /etc/letsencrypt/live/r15238.hypers.net/fullchain.pem
    ls: cannot access /etc/letsencrypt/live/<my-ispconf-servername>/fullchain.pem: No such file or directory <====

    # cd /etc/letsencrypt/live/ ; ls -la
    total 16
    drwx------ 4 root root 4096 Apr 13 16:03 .
    drwxr-xr-x 9 root root 4096 Apr 18 13:07 ..
    drwxr-xr-x 2 root root 4096 Apr 14 10:29 siteB com
    drwxr-xr-x 2 root root 4096 Apr 13 16:03 www siteB com

    <my-ispconf-servername> is not exsited.

    Is not there something wrong in the tutorial?
    Hamano
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    No, you just seem to have missed doing the first step from the tutorial: Create a website for your server name in ISPConfig and enable lets encrypt for it.
     
  8. Hamano

    Hamano New Member

    I apologize to you.
    It's because the name of my ipconfig server was not www.
    It's "s15238 mydomai com".

    So, I filled 's15238 mydomai com' in Domain field.
    And I filled 'none' in Auto-Subdomain field.

    Then, after I setted SSL at the sercer, the ipconfig server name came up in /etc/letsencrypt/live/.
    I appreciate your patience.
     
  9. Hamano

    Hamano New Member

    How about my first questions for vhost?
    C-1. https siteC.com -- vhost siteC web
    C-2. https siteC.com 8080 -- vhost siteC CTL web
    Hamano
     
  10. Hamano

    Hamano New Member

    And also
    B-2. https siteB.com 8080 -- siteB CTL web
    makes the warning "This site is not secure".
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The control panel on port 8080 is accessed through the hostname only, you don't use any website domains to access it.
     
  12. Hamano

    Hamano New Member

    Evry users and resellers go into an ispconfig hostname 8080, OK now I undersatand.
    Thank you very much.
    Let's close the conversation.
     

Share This Page