I've installed letsencypt and done the following to symlink to the files: Code: # Change into the directory of your sites SSL files. # You will need to update the site name to that of the site created in ISPconfig. cd /var/www/sites.xxx.com/ssl # Remove all existing files. # you should take a backup of these files before this command. rm -r ./* # Now create the symlink. # You will need to update the site domain for this to work for your new site. ln -s /etc/letsencrypt/live/sites.xxx.com/cert.pem sites.xxx.com.crt ln -s /etc/letsencrypt/live/sites.xxx.com/privkey.pem sites.xxx.com.key ln -s /etc/letsencrypt/live/sites.xxx.com/chain.pem sites.xxx.com.bundle But in firefox I get the following error: xxx.xxx uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Has anyone come across this before and know how to resolve it?
The symlinks look correct for the filenames/types. Can you access other sites in firefox using letsencrypt certificates without error? Also what version of ispconfig are you running? 3.1 (now in beta) has letsencrypt support built in, with no need to manually setup any certs/links.
3.0.5.4p9 The built in SSL isn't going to work for me, as the site in question is actually a wordpress multisite, so I add all domains to the one cert as in ISPconfig, it is classed as one site, whereas in reality it is lots. Yep. I think it might be something to do with not sending the fullchain/intermediate?
Make sure your webserver config for the vhost does point to the .bundle file. Maybe make sure the certificate store on your server's OS is up to date. You can use the openssl client to connect to the web server and see what certificates it's sending (or there are probably web-based sites that will connect to your server and explain what it's getting .. I don't know know any by name offhand, but I think I've seen them)
