Hello, I have several vhosts on my Ispconfig instance, with domains in the form colleges-etab.ac-amiens.fr with a management of Let's Encrypt certificates directly in the Web Domain. I would no longer wish to use Let's Encrypt but to use a single certificate in the form * .etab.ac-amiens.fr (PNCN) for all the sites. Is this possible with Ispconfig version 3.2.5? Thank you in advance for your feedback.
That's called a wildcard SSL certificate. You can buy wildcard SSL certs from several SSL vendors. After you bought the cert, insert it on the SSL tab of the website.
Thanks for your feedback. I want to secure all the subdomains of my website with the same certificate. For example, if the domain name is https://monsite.fr I want to place the following URL addresses in a Wildcard certificate: https://intranet.monsite.fr https://secure.monsite.fr https://webmail.monsite.fr Cremos
Yes that's it. There would be one wildcard certificate for all the websites hosted by the Ispconfig server. My RSSI will provide me with one certificate for all the *.monsite.fr websites. Example certificate attached.
As mentioned by @till above, I am sure you can use wildcard certificates on ISPConfig whether it is self-signed, from LE or other providers. The only thing is wildcard certificates from LE is not yet integrated with ISPConfig and as such must be done manually and properly if one wishes to use the same.
Hello ! Thanks for your feedback. Can you modify the master file: /usr/local/ispconfig/server/conf/vhost.conf.master and harden the SSLCertificateFile with unSSLCertificateKeyFile? For all vhosts (sites). Code: Remplacer : SSLCertificateFile <tmpl_var name='ssl_crt_file'> SSLCertificateKeyFile <tmpl_var name='ssl_key_file'> par SSLCertificateFile "/etc/ssl/certs/multi-crt-etab-le.crt" SSLCertificateKeyFile "/etc/ssl/private/multi-key-etab-le.key" Crémos
Sure, you can modify templates in any way you want, that#s why these templates exist. But I guess SSL won't get enabled for the site when the site has no ssln certs in its SSL folder. So you will have to create at least a self-signed SSL cert for each site in addition to the template change. Just take care to store your altered vhost template file in /usr/local/ispconfig/server/conf-custom/ folder. Btw. In your first post, you write that you no longer want to use Let's encrypt, but /etc/ssl/certs/multi-crt-etab-le.crt seems to be a let's encrypt SSL cert as it has le in its name, so you changed your mind to use let's encrypt? If it's a LE cert, then it would have been easier to just stick with the implementation in ISPConfig and let ISPconfig automatically create normal LE certs for the sites.
Let's Encrypt is fine, but all of our certificates must be managed via the ISR request for PNCN certificates and via RSSI for "general public" certificates. Then the residual questions if the needs are only internal: Do we have the right to use let's encrypt in an institutional framework (national education) ? We have a service on the National Digital Trust platform of the Department of National Education which provides the certificates For the management of certificates with Let's Encrypt suits me very well with an automation of the renewal
