ISP Config 3.1 Let Encrypt Control Panel Certificate

Discussion in 'General' started by rgwilliams20, Sep 30, 2016.

  1. rgwilliams20

    rgwilliams20 New Member

    Hi All,

    This is probably a really stupid question but....
    Can you use Lets Encrypt to generate a certificate for the ISP Config Control Panel? If so, how?
    ganewbie likes this.
  2. diablo666

    diablo666 Active Member HowtoForge Supporter

    I was searching the same :)
  3. adevx

    adevx New Member

    I don't believe this is possible from the web interface itself. But can be achieved by other means.
    First make sure you have a letsencrypt certificate for the domain you want to use to access the ispconfig web panel.
    If you don't have a certificate make an otherwise empty website in ispconfig with the required domain name and letsencrypt enabled.
    Now go to "/usr/local/ispconfig/interface/ssl" , here are the self signed certs for the ispconfig web interface

    First make a backup / move the current certificate:
    # mv ispserver.crt ispserver.crt.backup
    # mv ispserver.key ispserver.key.backup

    Link .cert and .key to your previously generated certificates, for instance (client en web dir wil be different):
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.crt
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.key
    This results in:
    # ls -lha
    lrwxrwxrwx 1 root root 51 apr 4 18:20 ispserver.crt -> /var/www/clients/client1/web9/ssl/
    lrwxrwxrwx 1 root root 51 apr 4 18:20 ispserver.key -> /var/www/clients/client1/web9/ssl/

    Perhaps a webserver restart and you should be good to go. I haven't checked out the just released ispconfig 3.1, it might have been integrated.
    Wilt likes this.
  4. kerrsmith

    kerrsmith Member

    Thanks for the post adevx, I just tried it and it works in ISPConfig 3.1.

    I had to do the following in /usr/local/ispconfig/interface/ssl:

    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.crt
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.key
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.bundle

    (note the extra bundle line)

    Then in the file /etc/apache2/sites-available/ispconfig.vhost I had to uncomment the following line:

    SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    I then did an Apache restart and got a Verified by Let's Encrypt padlock when on the admin login page.
  5. diablo666

    diablo666 Active Member HowtoForge Supporter

    DDArt likes this.
  6. Wilt

    Wilt Member HowtoForge Supporter

    Thanks adevx and kerrsmith. I followed kerrsmith's variant (as I am using ISPC 3.1) and it worked perfectly. Many thanks for the guidance.
  7. Mjwienold

    Mjwienold New Member

    DDArt likes this.
  8. SamTzu

    SamTzu Active Member

Share This Page