ISPConfig 3.2.4 -> Admin panel SSL not working correctly

Discussion in 'ISPConfig 3 Priority Support' started by Mr.Madsen, Jun 7, 2021.

  1. Mr.Madsen

    Mr.Madsen New Member HowtoForge Supporter

    Hi :)

    After I have upgraded my multi server enviorement, I can't access ISPConfig on the address: https://subdom.domain.tld:8080, but I can access it, using https://local-ip:8080 and of course it makes an SSL error due to the certifikate does not contain IP, but subdom.domain.tld.

    How can I fix it, so it will work again with: https://subdom.domain.tld:8080 ?

    A other this is, i need to disable SSL stapeling or all my SSL enabled websites is loading very slow.

    A odd ting is, that my browser just keeps spinning, but newer loads the site then using FDQN:8080

    This is from the logs:
    subdom.domain.tld:8080 x.x.x.x - - [07/Jun/2021:15:07:16 +0200] "GET /datalogstatus.php HTTP/1.1" 200 973 "https://x.x.x.x:8080/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.864.37"

    I have used this guide:
    To create LE for your server:
    1. Create a site for your server in ISPConfig panel via Sites > Website > Add new website.
    2. Check if your site is accessible online (you might or might not have to create dns for it).
    3. If it is already accessible via internet, click ssl and LE button and save.
    4. If you haven't enabled ssl during ISPConfig setup, enable it by typing in the terminal and select yes for ssl.
    5. If ssl is already enabled, then use this command to backup and replace the created ssl with LE ssl.

    mv /usr/local/ispconfig/interface/ssl/ispserver.crt /usr/local/ispconfig/interface/ssl/ispserver.crt.bak
    mv /usr/local/ispconfig/interface/ssl/ispserver.key /usr/local/ispconfig/interface/ssl/ispserver.key.bak
    mv /usr/local/ispconfig/interface/ssl/ispserver.pem /usr/local/ispconfig/interface/ssl/ispserver.pem.bak
    ln -s /etc/letsencrypt/live/subdom.domain.tld/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt
    ln -s /etc/letsencrypt/live/subdom.domain.tld/privkey.pem /usr/local/ispconfig/interface/ssl/ispserver.key
    cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem
    6. Then run "service nginx reload" or "service apache2 reload" accordingly.
    7. Check your server ssl info in the browser. It should now show LE ssl.

    I think that is it on how to use LE ssl for your server.


    Best regards
    //Mr. Madsen
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    ahrasis likes this.
  3. Mr.Madsen

    Mr.Madsen New Member HowtoForge Supporter

    Hi Taleman,
    Thanks for your replay.
    Sorry about that, I did miss the OS version part, its Debian 10 / Buster edition.
    Sorry, but I cant make the subject text any larger that it already is. Im using ISPConfig 3.2.4 on all servers.
    My server setup was 3.1.5p2 i think, and is now updated to 3.2.4.

    Previus is used self signed, but they have been changed to LE certificate. And yes, It has configured all other services as wel.

    What logs can I provide to get the admin panel working with certificate again ?

    Best regards
    //Mr. Madsen
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Remove the self signed certificate. If that is not enough, examine LE parts of the read before posting.
    You may need to run
    Code: --force
    to get ISPConfig generate new certificate.
  5. Mr.Madsen

    Mr.Madsen New Member HowtoForge Supporter

    Hi Taleman,

    Thanks for your answer.

    I found out it was a split DNS issue / NAT reflection issue instead. It´s all good and working just fine now.

    Best regards
    //Mr. Madsen
    ahrasis likes this.

Share This Page