I'm assuming the following: - ISPConfig Multiserver (in my case 1 main with WEB/FTP/DB/DNS/MAIL and a 2nd DNS server) - You have a valid (letsencrypt) cert for the server where ISPConfig webinterface is not running. (If not try this tutorial) - Munin is already installed and working withouht HTTPS All the information is scraped from various tutorials already on the website/forum, so not much credit for me What i think worked for me in the end, but i might need you guys to help me out here a bit with testing, is the following: Since this server wont be using other certs, i replaced the originals selfsigned certs in /usr/local/ispconfig/interface/ssl/. I placed my LetsEncrypt certs in here with: Code: acme.sh --installcert -d ns2.tsictdiensten.nl \ --certpath /usr/local/ispconfig/interface/ssl/ispserver.crt \ --keypath /usr/local/ispconfig/interface/ssl/ispserver.key \ --fullchainpath /usr/local/ispconfig/interface/ssl/ispserver.bundle Then i turned on default apache SSL so that when someone browses to the default apache page, they get a nice ssl default apache page Code: /etc/apache2/sites-available/default-ssl.conf find and edit SSLCertificateFile and SSLCertificateKeyFile and make it look like: SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.pem SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key Turn on the config Code: a2ensite default-ssl And test it by visiting: https://2nd.domain.tld If all goes well, continue. If not, debug or post below. Next we need another site-available for munin. Since we already have a conf-available and enabled (munin.conf linking to the apache24.conf) but we cant put our ssl stuff in there. Code: cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/100-munin.conf nano /etc/apache2/sites-available/100-munin.conf I would change and edit: ServerAdmin You need to change and edit: DocumentRoot and set it to /var/cache/munin/ww Enable the site Code: a2ensite 100-munin && service apache restart That should do it!
If https://2nd.domain.tld is a publicly accessible website, we can also use certbot to issue and automatically renew its LE SSL, without a need to acme.sh. This applies to multiple (sub)domains within that https://2nd.domain.tld. The only thing I'd personally prefer using acme.sh is when I do not have a publicly accessible website for that server. Just my 2 cents.
On the other hand, normally, you wouldnt setup apache on a 2nd dns server. But since i also run Monit and Munin..
