Get SSL certificate for ISPConfig admin from LetsEncrypt?

Hello,
Today I successfully obtained and installed two certificates from Let's Encrypt for two of the domains that I manage by means of ISPCcnfig 3 on by Ubuntu 14.04 machine.
Now I would like to do the same for ISPConfig's web interface. It's accessible at

Code:

https://server.mysite.com:8080

, the mysite.com domain itself is also managed by ISPConfig and has web content there.
So, I tried

Code:

certbot certonly --webroot -w /var/www/mysite.com -d server.mysite.com

and

Code:

certbot certonly --webroot -w /usr/local/ispconfig/interface/web -d server.mysite.com

but both returned the following error:

I have double-checked and there is an A DNS record for the 'server' subdomain.
Could you advise me how to proceed?
Thank you!

 

Same problem here and I can't get it to work. :/

 

Actually, I managed to get it working. Check the thread I opened at Letsencrypt and let me know if you need any further help:

https://community.letsencrypt.org/t/get-ssl-certificate-for-ispconfig-admin-from-letsencrypt/16088

 

Basically I did what you did, Jesse, albeit without the fancy script to rename ISPConfig's old crt/key files.
I didn't know that there was a beta version, but frankly speaking I'm a tad hesitant to try it now because I don't want to risk corrupting my current setup.

 

Thank you so much, this method worked like a charm!

 

Just wrestled a bit with my first LE cert for ISPConfig admin interface.
At the end, I've had to use certbot-auto (from https://github.com/certbot/certbot ) since the letsencrypt script in /root/.local/ said it was too old and didn't work.
Just a possible hint for others.

 

Hi Jesse/guys,
I have used your instruction and now the SSL is working fine on my ISPConfig control panel. Thanks you...

I also have a question with regard to SSL for normal websites and hope you can help.
I tried to create a SSL for my own website inside ISPControl panel and enabled the SSL for the site.
However, it seems that the <mywebsite>.vhost does not get update with "SSLEngine on" and other required settings and cannot use HTTPS for my website!

Do you know how I can use HTTP on a website?
your help will be appreciated.
(I am using ISPConfig 3.1.b1)

Thanks

 

Many thanks for your reply.
I actually have tried that.
The problem is that there is no .err file as it recreates the .vhost file but with content exactly as what it was before, with no SSL setting on it.
I tried it again. Enabled the SSL checkbox, saved and waited for a minute. Backed and enabled Letsencrypt checkbox and save.
When I back, the SSL checkbox still is enabled but the Letsencrypt checkbox gets disabled!

I actually tried that for another website. The case is same. However, I could get the https working but asking to add the exception as the certificate seems is not trusted.
But same with Letsencrypt. The check box gets disabled.
I also tried to create the Letsencrypt SSL for the second website manually. The Letsencrypt created the files in /etc/letsencrypt/live/<www.domain.ltd> folder. Still checkbox gets disabled.
There are four/4 files in there:
cert.pem
chain.pem
fullchain.pem
privkey.pem
ISPConfig looking for "SSL Key", "SSL Request" and "SSL Certificate" files inside /var/www/domain.tld/ssl folder when only SSL checkbox is enabled.
To be honest I don't know which one is which that I can at least manually copy the text inside the ISPConfig SSL fileds!
and see if that works! (I assume "cert.pem" is "SSL Certificate", "privkey.pem" is "SSL Key" but what about "SSL Request" one?! Am I correct at all?)

Any help will be appreciated?!

 

Bang!!!!!!!!!!!
It's working.

Ok, I did this and it's working for second website now!
- Did generate the Let'sencrypt certificate manually as per your instruction above:

Code:

/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains www.domainname.ltd --webroot-path /var/www/domainname.ltd/web

- It creates those 4 files explained above in "/etc/letsencrypt/live/www.domainname.ltd/

• • cert.pem
  • privkey.pem
  • chain.pem
  • fullchain.pem

- copied the content of "cert.pem" into "SSL Certificate" filed in ISPConfig control panle, SSL tab of the domainname.tld website
- copied the content of "privkey.pem" into "SSL Key" filed in ISPConfig control panle, SSL tab of the domainname.tld website
- Cleared the "SSL Request" filed
- "SSL Bundle" filed was already empty
Saved the Certificate.

Even though the Letsencrypt checkbox still is disabled, but the HTTPS of website works fine and does not asks for "Add Exception". Green lock on Firefox shows up and the site is loading.
I also enabled the Rewrite HTTP to HTTP for having HTTPS all the times and that worked too!!!

I don't know if this workaround is good enough but hope the stable version fixes all of this issues!

 

I see !
Does it really required to have the Bundle one copied as well or I can use either of them?
I mean, certificate+key or just bundle!

Because for now the certificate+key is just working!!!

 

Thanks a lot mate for sharing your knowledge.
I learned a lot from your post and help.
Really appreciate that

And yes, I did check with and without "chain.pem" and with chain there are no issue for SSL checking on the link you did have provided. (Big thanks )

Sorry mate, I only have just another question!
I see that the certificate only is valid around 2 months!!!
Does it means I have to regenerate the certificate every two months?
Is there any option on your instructed command to extend this period>

 

Ok, I will dig into it and hope I can find the issue.
Once more many thanks for your time. You did help a lot...

 

I also have got the problem of the Let's Encrypt checkbox being disabled after running the cron job. I'm on Ubuntu 16.04 with Apache and ISPConfig 3.1dev (git-stable). I updated to this version from the 3.1 stable release to try to solve the problem, but it still exists. I checked the logs /var/log/ispconfig/cron.log and /var/log/letsencrypt/letsencrypt.log. The cron log shows no noticable entries after enabling the checkbox - the output of the letsencrypt job is the same as before. No vhost.err exists in /etc/apache2/sites-available and in /etc/letsencrypt/live I can't find a folder belonging to the domain I want to enable SSL for.

I don't know if this is of importance, but I managed to enable the Let's Encrypt setting at several domains when the DNS records still pointed to another server (I moved from one server to another). I started to continuosly copy the directory /usr/local/ispconfig/interface/acme/.well-known to the webroot of the domain I wanted to enable SSL at on the old server, where the DNS records of that domain pointed at. Then I enabled the Let's Encrypt checkbox at the new server and could observe some files being generated in the .well-known directory that then were immediately copied to the old server by my running job. The letsencrypt job finished successfully, ISPConfig installed the certificates and updated the apache settings. Everything fine. But now, as the DNS records point to the correct server, the files in .well-known are not any longer generated by the cron job. I don't know that I would have changed anything that could have caused the problem.

Has anyone got an idea how to do further debugging?