How can I generate a valid certificate for ISPConfig3 control interface 8080 port

From the very beginning, since I install ISPConfig 3, I had a problem with the ssl certificate when I authenticated in the ispconfig 3 administration interface,
I tried the version with ispconfig_update.sh --force
I manually deleted the certificate generated locally by ispconfig before running the "ispconfig_update.sh --force" command, when I ran "ispconfig_update.sh --force" and got to the part with the certificate, it made me choose the country, region, organization and generated a local certificate, not a certificate generated with the help of Let's Encrypt Please tell me a solution how I could solve the problem or where to start, I mention that I am a beginner in linux (Debian12), my server is located at https://ns1.boxserver.ro:8080

 

can you explain to me in more detail how to activate debug mode, I read some information here but I can't do it https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a -failure/

 

Why do you activate debug mode? How far in activating it do you get? At what part are you stuck?
Start with https://forum.howtoforge.com/threads/please-read-before-posting.58408/ and check the output of

Code:

hostname -f

is the FQDN of your host.

 

I don't know if I did the right thing, but a friend helped me and I did the following things:
1) I created a site ns1.boxserver.ro,
2) I generated an ssl certificate for it from the ispconfig interface by checking SSL and Let's Encrypt
3) I made a symbolic link or a shortcut
/usr/local/ispconfig/interface/ssl/ispserver.crt link to /var/www/ns1.boxserver.ro/ssl/ns1.boxserver.ro-le.crt /usr/local/ispconfig/interface/ssl/ispserver.key link to /var/www/ns1.boxserver.ro/ssl/ns1.boxserver.ro-le.key
now when I access https://ns1.boxserver.ro:8080 in the browser it appears that the certificate is valid and everything is ok
my question is ok, what did I do? for ns1.boxserver.ro everything works now

for clients there is any possibility that clients can access the ispconfig interface according to their domain and not show the notification with the certificate.
for example with a domain hosted on the same server https://debitariplasma.ro:8080 when I access it tells me that the certificate is not valid and it is normal, I understand that the certificate is generated for ns1.boxserver.ro
is there any possibility to access ispconfig from the client's own domain without that notification appearing or to do something like cpanel for example https://debitariplasma.ro/ispconfig
excuse my writing and expression mistakes, I use google translate

 

You still have not done this:

like @till asked in #2.

Strange choise of name for website, but it should work nonetheless.

Why?

Not really. With some tricks it would work a bit, but Let's Encrypt has limit of 100 domains in one certificate, so you exceed that number with 49 clients, if client has domain and www.domain.

Are you asking the same question again with different wording?

 

I ran the script in putty but I'm not sure if I activated ispconfig debug mode

 

I ran the hostname -f command
the result was ns1.boxserver.ro

I also attached the long one below after running the script

Code:

[CODE]root@ns1:/home/divinul# cat htf_report.txt

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 12 (bookworm)

[INFO] uptime:  23:04:35 up  8:02,  3 users,  load average: 0,05, 0,01, 0,00

[INFO] memory:
               total   utilizată      liberă   partajată  buff/cache disponibilă
Mem:            62Gi       3,1Gi        59Gi        84Mi       1,2Gi        59Gi
Swap:          974Mi          0B       974Mi

[INFO] systemd failed services status:
  UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.11p1


##### VERSION CHECK #####

[INFO] php (cli) version is 8.2.15
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.15

##### PORT CHECK #####


##### MAIL SERVER CHECK #####

[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
        Apache 2 (PID 40046)
[INFO] I found the following mail server(s):
        Postfix (PID 1482)
[INFO] I found the following pop3 server(s):
        Dovecot (PID 714)
[INFO] I found the following imap server(s):
        Dovecot (PID 714)
[INFO] I found the following ftp server(s):
        PureFTP (PID 1120)

##### LISTENING PORTS #####
(only           ()
Local           (Address)
[anywhere]:4190         (714/dovecot)
[anywhere]:3306         (834/mariadbd)
[anywhere]:587          (1482/master)
[anywhere]:995          (714/dovecot)
[anywhere]:993          (714/dovecot)
[anywhere]:143          (714/dovecot)
[anywhere]:22           (768/sshd:)
[anywhere]:21           (1120/pure-ftpd)
[anywhere]:25           (1482/master)
[anywhere]:110          (714/dovecot)
[anywhere]:465          (1482/master)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
[localhost]:53          (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
***.***.***.***:53              (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:953         (721/named)
[localhost]:6379                (736/redis-server)
[localhost]:10023               (735/postgrey)
[localhost]:11211               (720/memcached)
[localhost]:11334               (839/rspamd:)
[localhost]:11332               (839/rspamd:)
[localhost]:11333               (839/rspamd:)
*:*:*:*::*:10023                (735/postgrey)
*:*:*:*::*:8081         (40046/apache2)
*:*:*:*::*:8080         (40046/apache2)
*:*:*:*::*:11334                (839/rspamd:)
*:*:*:*::*:11332                (839/rspamd:)
*:*:*:*::*:11333                (839/rspamd:)
*:*:*:*::*:4190         (714/dovecot)
*:*:*:*::*:3306         (834/mariadbd)
*:*:*:*::*:587          (1482/master)
*:*:*:*::*:995          (714/dovecot)
*:*:*:*::*:993          (714/dovecot)
[localhost]43           (714/dovecot)
*:*:*:*::*:22           (768/sshd:)
*:*:*:*::*:21           (1120/pure-ftpd)
*:*:*:*::*:25           (1482/master)
*:*:*:*::*:80           (40046/apache2)
[localhost]10           (714/dovecot)
*:*:*:*::*:443          (40046/apache2)
*:*:*:*::*:465          (1482/master)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*70ed:dbff:fe05:53             (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:53           (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:953          (721/named)
*:*:*:*::*:6379         (736/redis-server)

##### IPTABLES #####

##### LET'S ENCRYPT #####
[WARN] You have both certbot and acme.sh installed. This can lead to problems.
Certbot: /usr/bin/letsencrypt
acme.sh: /root/.acme.sh/acme.sh

[/CODE]

 

I have attached a print from putty

answer to the previous question
I installed certbot in the hope that I can generate a certificate for the ispconfig interface
I can uninstall it if it creates problems

 

Code:

--------------------------------------------------------------------------------
 _____ ___________   _____              __ _
|_   _/  ___| ___ \ /  __ \            / _(_)
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| |
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Update

Please choose the update method. For production systems select 'stable'.
WARNING: The update from GIT is only for development systems and may break your                   current setup. Do not use the GIT version on servers that host any live websites                  !
Note: On Multiserver systems, enable maintenance mode and update your master ser                  ver first. Then update all slave servers, and disable maintenance mode when all                   servers are updated.

Select update method (stable,nightly,git-develop) [stable]: stable

Downloading ISPConfig update.
Unpacking ISPConfig update.


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Update

Operating System: Debian 12.0 (Bookworm) or compatible

This application will update ISPConfig 3 on your server.

Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]:                   no

Checking MariaDB version 10.11.4 .. OK
Checking ISPConfig database .. OK
Starting incremental database update.
Loading SQL patch file: /tmp/update_runner.sh.DNO57C3plp/install/sql/incremental                  /upd_dev_collection.sql
Reconfigure Permissions in master database? (yes,no) [no]: no

Service 'firewall_server' has been detected (currently disabled) do you want to                   enable and configure it?  (yes,no) [no]: yes

Reconfigure Services? (yes,no,selected) [yes]: yes

Configuring Postfix
Configuring Dovecot
Configuring Spamassassin
Configuring Rspamd
Configuring Getmail
Configuring BIND
Configuring Pureftpd
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Jailkit
Configuring AppArmor
Configuring Ubuntu Firewall
Configuring Database
Updating ISPConfig
ISPConfig Port [8080]:

Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for ns1.boxserver.ro
Using certificate path /root/.acme.sh/ns1.boxserver.ro
sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file
Using apache for certificate validation
Job for apache2.service failed.
See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for                   details.
acme.sh is installed, overriding certificate path to use /root/.acme.sh/ns1.boxs                  erver.ro
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some ti                  me. (y,n) [y]: y

Reconfigure Crontab? (yes,no) [yes]: no

Restarting services ...
Update finished.
root@ns1:~#

 

Are the certificates now as you want them?

 

Yes now I have ssl certificate for the administration interface.
would it be useful to run the ispconfig verification script to see what long it still displays?

 

the problem appeared when I tried to update ispconfig, when I entered as root I used su without - when I used su - the update worked and I see that the certificate was generated correctly (I think)

 

is this certificate automatically renewed?