Certificates - how to use, where to find...

Discussion in 'General' started by MaKa, May 14, 2021.

  1. MaKa

    MaKa Member

    Dear all,

    I need some sort of information to clean up my point of view at certificates (with ISPConfig) under Linux.
    Lets say, we have got the Linux, Apache2, PHP, ISPConfig installed and working.

    My questions:
    - when I issue certificates for the website under ISPConfig (Site->Wesite->SSL), the certs appear inside the tree of the website, here:
    • /var/www/clients/client1/web6/ssl/domain.name-le.crt and
    • /var/www/clients/client1/web6/ssl/domain.name-le.key
    Reffering from Apache2 vhost ...sites-enabled/100-domain.name.vhost​
    - when I issue certificates manualy via letscrypt, the certs appear in /etc/letsencrypt/live
    - when I issue certs for ISPConfig interface, the certs appear in /usr/local/ispconfig/interface/ssl (but, just links to letscrypt certificates in /etc/letsencrypt/live/domain.name

    Is THAT recommended convention?
    I prefer to manage certificates manually, so the .vhost should point to LIVE certs in letscrypt /etc/letsencrypt/live/domain.name?

  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    When using ISPConfig, don't use certbot manually. Let ISPConfig create and manage the certs, otherwise you will end up with a broken config.

    You shouldn't edit the vhost files manually either, as those changes will be overwritten when you change something through the UI.
    MaKa likes this.
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Nope. Working is subjective. The right one is you need to follow PST or use the latest official installer guide.

    This, and
    this, you should not never do, when using ISPConfig.

    As said by @Th0m, always create LE certs for the ISPConfig panel during its installation / update, and using its interface, for any other website domain(s).
    Last edited: May 17, 2021
  4. MaKa

    MaKa Member

    Thank you (both) for your answer. This helped me to understand the process...

Share This Page