ISPConfig is installed on a server mail.domain.org https://mail.domain.org:8080/login/ works fine to login to ISPConfig securely. However, https://domain.org/8080 returns the insecure http://domain.org:8080/login which allows login to ISPConfig Also instead of ISPConfig's Letsencrypt cert https://domain.org/8080 uses the Letsencrypt certificate of mail.domain.org Everything seems set up correctly in ISPConfig in terms of SSH and Letsencrypt. Obviously I've set up something wrong and I'd welcome any pointers.
The certificate is only valid for the hostname. For the issue of seeing other content, see the FAQs in https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
What you describe above shows that your system works exactly as it should work, all URL's except of mail.domain.org (which is the hostname of your server) shall return an error when you try to use them to login to ISPConfig as the only URL for ISPConfig is the server hostname on port 8080. So the only mistake you made is typing in https://domain.org:8080 instead of https://mail.domain.org:8080 in your browser to access ISPConfig.
Thank you Till and Th0m. The problem I have is a client who forgets the 'mail' bit. Is here a way within ISPConfig to automatically redirect domain.org:8080 to mail.domain.org:8080 while leaving domain.org without any redirect?
This would probably require a wildcard (or multidomain) ssl certificate for the ispconfig vhost which contains mail.domain.tld and domain.tld. This would also allow to use domain.tld directly for accessing ISPConfig, so no redirect is needed anymore. But you might have to manage that SSL cert manually then or it might be that adding a website domain.tld with subdomain mail.domain.tld in ispconfig and using the SSL cert of that site for ISPConfig might work too. Another approach might be to set a server name in the ispconfig vhost so it will listen to mail.domain.tld only and then add a second vhost manually for domain.tld with a valid SSL cert for domain.tld which redirects all requests to mail.domain.tld.
Thank you Till, that makes sense. An underlying concern has been avoiding a loop with the vhost references for mail.domain.org being defined both inside and outside ISPConfig and locking the server. I'll (carefully) work through the options you suggested.
Thom has made a guide which might help you with that: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ it#s about SSL cert for the mail system, but as the mail system shares it's SSL cert with the ISPConfig UI, it should work for that as well.
