ISPConfig 3.1.15p Debian 9 (stretch) php7.0 Apache, postfix+dovecot, LetsEncrypt After following the perfect server guide in August of 2019, I got to a fully functional system. It is not currently updated and I have been tasked with cleanup. The customer decided to have a 3rd party take over website development but wants to keep email. There is only a single domain with email and a raw website configured in ISPC, but the website can be trashed or changed if helpful - it never had content. The issue is DNS and LetsEncrypt renewal. This system was using "domain.com" and now needs to use "mail.domain.com" because "domain.com" now points to the 3rd party website host. Of course, LetsEncrypt can't verify anymore and the certificates for email and webmail have expired. What would be the best method of telling LetsEncrypt to ignore the domain.com and begin working with the mail.domain.com ? Any help would be extremely appreciated! Being a live environment, I am hesitant to experiment.
Quite old, you really should consider upgrading. Creating a website mail.domain.com and ISPConfig creating the LE certificate gets you the needed certificate, then you need to configure mail to use that. Other method is to install a new ISPConfig system, put hostname to mail.domain.com and use Migration Tool to copy over data from old server to new. You also get to current version of ISPConfig and Debian. https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ https://www.ispconfig.org/add-ons/ispconfig-migration-tool/ You should set up a test ISPConfig host, where you can experiment.
Thank you for the QUICK reply! That's awesome! Really impressive. That's what I suspected. Considering all the updates available and the need for a test environment, I may setup a new temporary system and keep it alive after the migration back to the server is complete. Thanks!
Simple solution: create a site with "mail.example.com" and enable LE, and then use those certs for the mailserver. See https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
Would this still work with LE not being able to verify "domain.com" as it now points to 3rd party? Would it just skip that one and create a cert for the ones it CAN verify?
