I have an existing SSL wildcard certificate for my domain (*.domain.net) I installed the ISPConfig 3.1dev (don't know why dev - I selected stable) on Ubuntu 18.04 with the help of the perfect server manual. While Installation I generated a self signed certificate. The server belongs to the domain of the wildcard certificate (server.domain.net) Is there any manual, how to use this certificate for the interface, webmail and the access to imap via ssl and pop3 via ssl and smtp via ssl. I found a lot of things about lets encrypt or certificates with the csr of the ispconfig server, but nothing about a change to a existing wildcard certificate. The special thing is: my certificate needs an intermediate certificate and maybe a additionally ca. How I can implement the intermediate certificate, if the wildcard certificate generated with an csr not of the ispconfig server is possible. If I implement manually, do I have to look for database entries or other related things. I would be happy, if someone can show me where I can find a maunal for this envorinment
Replace ssl cert, key and bundle in the files in /usr/local/ispconfig/interface /ssl/ (us the same file names) and then restart all services.
I allready replaced the crt and the key file, there were no bundle file (pem) there (o I changed only them), but then I got the browser message of self signed again. (other date) But the certificate is used in a website on an other server and runs. About the postfix dovecot certificates, I saw some files for certificates there - willthey be change automaticlly
The ispconfig.pem file need to be created from your ispconfig.crt and .key files; while other services can also benefit from all the SSL certs placed and created in /usr/local/ispconfig/interface /ssl/ by creating symlinks to them. You may want to read, learn and adapt from this LE SSL tutorial: https://www.howtoforge.com/tutorial...with-a-free-lets-encrypt-ssl-certificate/amp/
Is there any need to create a file which ends with .bundle? I found such file in an older ispconfig server on website ssl folder.
If your SSL cert requires the installation of chain certificates, then yes. This file must contain the chain certificates.
I tried it with a site www.domain.net and then put in the csr, crt key and bundleinformation and use save certificate and save, but there were no bundle file created. Only csr crt and key files. (because of wildcard certificate I wanted to copy the files to the interface place (then rename it to the isperver interface names). Why I got no bundle file on the site?
That's absolutely fine for a site as this is handled differently for sites in current apache and Nginx versions. But this thread here is about the SSL cert for other services like postfix etc. and the mail interface, so if your SSL cert requires chain certs, then create the bundle file as mentioned earlier.
Thank you for your help, after creating the new crt, key, bundle and pem file in interfaces/ssl and made the links from postfix and dovecot and a complete restart, all things seems to be ok. Thank you very much, stay healthy
