Hi After I have upgraded my multi server enviorement, I can't access ISPConfig on the address: https://subdom.domain.tld:8080, but I can access it, using https://local-ip:8080 and of course it makes an SSL error due to the certifikate does not contain IP, but subdom.domain.tld. How can I fix it, so it will work again with: https://subdom.domain.tld:8080 ? A other this is, i need to disable SSL stapeling or all my SSL enabled websites is loading very slow. A odd ting is, that my browser just keeps spinning, but newer loads the site then using FDQN:8080 This is from the logs: subdom.domain.tld:8080 x.x.x.x - - [07/Jun/2021:15:07:16 +0200] "GET /datalogstatus.php HTTP/1.1" 200 973 "https://x.x.x.x:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.864.37" I have used this guide: ========================= To create LE for your server: 1. Create a site for your server in ISPConfig panel via Sites > Website > Add new website. 2. Check if your site is accessible online (you might or might not have to create dns for it). 3. If it is already accessible via internet, click ssl and LE button and save. 4. If you haven't enabled ssl during ISPConfig setup, enable it by typing ispconfig_update.sh in the terminal and select yes for ssl. 5. If ssl is already enabled, then use this command to backup and replace the created ssl with LE ssl. mv /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/ispconfig/interface/ssl/ispserver.crt.bak mv /usr/local/ispconfig/interface/ssl/ispserver.key /usr/local/ispconfig/interface/ssl/ispserver.key.bak mv /usr/local/ispconfig/interface/ssl/ispserver.pem /usr/local/ispconfig/interface/ssl/ispserver.pem.bak ln -s /etc/letsencrypt/live/subdom.domain.tld/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt ln -s /etc/letsencrypt/live/subdom.domain.tld/privkey.pem /usr/local/ispconfig/interface/ssl/ispserver.key cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem 6. Then run "service nginx reload" or "service apache2 reload" accordingly. 7. Check your server ssl info in the browser. It should now show LE ssl. I think that is it on how to use LE ssl for your server. ========================= Best regards //Mr. Madsen
You do not reveal what version of ISPConfig and OS you have now. That guide is three years old, for current version of ISPConfig it is outdated. Now ISPConfig creates LE certificate for panel automatically and allows using that same sertificates for services running on that host. https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Hi Taleman, Thanks for your replay. Sorry about that, I did miss the OS version part, its Debian 10 / Buster edition. Sorry, but I cant make the subject text any larger that it already is. Im using ISPConfig 3.2.4 on all servers. My server setup was 3.1.5p2 i think, and is now updated to 3.2.4. Previus is used self signed, but they have been changed to LE certificate. And yes, It has configured all other services as wel. What logs can I provide to get the admin panel working with certificate again ? Best regards //Mr. Madsen
Remove the self signed certificate. If that is not enough, examine LE parts of the read before posting. You may need to run Code: ispconfig_update.sh --force to get ISPConfig generate new certificate.
Hi Taleman, Thanks for your answer. I found out it was a split DNS issue / NAT reflection issue instead. It´s all good and working just fine now. Best regards //Mr. Madsen