I have set up a Perfect Server - Ubuntu 20.04 with ISPConfig and Roundcube. Everything works fine except I must have done something wrong with the certificates. The host name of the server is server1.xxxx.xxx, but it might possibly have been an IP address at the time I ran the setup. If I log in to webmail using the IP adress of the server - xx.xxx.xxx.xx/webmail/ - I get a connection that works, but it is unsecure (http) If I try to log using the hostname, server1.xxxx.xxx/webmail/ I get ERR_CERT_AUTHORITY_INVALID Is there a way to fix that, without having to reinstall everything?
That is to be expected. The certificate certifies the domain name, not the IP address. Examine the certificate that website has, click with mouse the lock icon in browser address bar left. Maybe it is not the certificate you created? Is this a fresh install of ISPConfig 3.2, and not an upgrade from 3.1?
It is a fresh install of 3.2. The certificate is issued to what is no longer the hostname. So - it is created by me during setup, but at the time the server had a different hostname than what it has now. So, I guess I need to create a new certificate for the website, but where in the setup process is that created? - I can only see certificates being created during ftpd setup and during ISPConfig setup.
You can run a update and when asked, create a cert for the current hostname: Code: cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.2.tar.gz tar xvfz ISPConfig-3.2.tar.gz cd ispconfig3_install/install php -q update.php
Did you really not think it would be worthwhile to tell that first thing when you posted your question?
Uhm - I did not know that when I posted the question. You asked me to examine the certificate that the website had, which I did - and my examination led me to conclude that the certificate was issued to what is no longer the hostname.
When I do that, and get to: Code: Create new ISPConfig SSL certificate (yes,no) [no]: yes I get: Code: Cert not yet due for renewal Keeping the existing certificate
There must be 2 different certificates. The problem only occurs when I try to log in to /webmail/ If I go to ISPConfig at: correct.domain.here:8080/login/ - the certificate is valid and issued to the correct hostname. If I go to webmail (Roundcube) at: correct.domain.here/webmail/ - the certificate is not valid and issued to the old hostname.
You have to set up Roundcube (and other applications like postfix, FTP server etc) to use the correct certificate. It can be the same certificate for all of them, but if they previously used some other certificate and you have not corrected that you have issues. I am not yet familiar with how ISPConfig 3.2 handles certificates for applications, so do not know more.
Ok, so thank you for your answers so far, they have definitely gotten me closer to defining what the problem actually is. It seems to me that the gist of it is: How do I reinstall the certificate for the roundcube application in a Ubuntu 20.04 setup using ISPConfig 3.2?
On my ISPConfig systems, I do the following for webmail: - Create DNS record for webmail.example.com - Create site webmail.example.com, enable Let's Encrypt, disable auto subdomain - Under the tab "Options", add this to Apache directives: Code: DocumentRoot "/var/lib/roundcube" Alias "/stats" "/var/www/webmail.example.com/web/stats"