Have several instances running great but were upgraded from older ispconfig releases. Not problems at all. With this new fresh install have a problem: host name: mail.server.com website www.server.com ispconfig gets the certificate using acme for mail.server.com and applies it to the ispconfig interface. I'd like for it to be server.com because I'll access it using :8080... how to do this? It simply assigns the mail.server.com because it is the host name of the server, however this isn't a huge problem.... but I didn't have this problem with previous releases. Then when I try to assign letsencrypt to the server.com domain it fails. This is where the company website is hosted. At this moment the website can't be viewed due the lack of security certificate. All records are correctly assigned. Email works great and with the correct certificate. Because of this we can't access the webmail. If we use an older release of ispconfig and perform the manual steps then it works fine, however I like the features and improvements on this latest release Any help would be very much appreciated! I'm for sure missing something.... Thanks
I think you can simply create a proxy so that www.server.com can create and use its own web site certificate instead either for the panel, RC webmail, PMA etc. Many users already posted on working proxy to the panel and they most probably be able to help you with accomplishing this as well, that is, if this kind of solution is sound and acceptable to you.
I'd really like to understand or know how to implement that solution. Besides that all is working fine. If I create another domain it then assigns the letsencrypt certificate correctly (of course with correct records assigned to it)... but not to the main domain... I'm puzzled. If someone could throw some help would be great. Thanks
Just found that the ssl (letsencrypt) certificate request isn't even logged into the /var/log/ispconfig/acme.log It has data but nothing related to the request for the main domain. No errors... nothing. Must say I'm really puzzled. A Records all good and tested. Pinging the domain name shows the correct ip address and replies. The ispconfig.log and log.2 and log.3 under /var/log/ispcong are all empty... is this normal?
Here is the acme.log for this issue. It is not showing the attempt at all to create the certificate for the main domain (without mail.) Thanks for any hints regarding to this.
Acme.sh can install a cert only in one location (either the website or in the ISPConfig SSL folder), so if you already have a website domain.tld with LE cert, then you can not use domain.tld as hostname for the system (and ISPConfig SSL cert) anymore. That's why the hostname should always be a subdomain and not a website that you use on the server. If you want to use the SSL cert of a website as ISPConfig main cert, then you must either symlink the ispconfig SSL cert files to the SSL cert files of that site or you must use a script to copy it over each time when the cert renews in the website plus restart necessary services. Besides that, the relevant output if a LE cert gets created or if it could not be created is shown to you during ISPConfig update on the shell, this info is not in the acme.sh log.
Found the issue. The server was applied the certificate to ispconfig using the hostname but wasn't adding to the main domain only because the server by default is checked to not "Skip Lets Encrypt Check". After checked this field it assigned the certificate. Weird how it did it for the subdomain and not the main domain as the A Records are set the same way and the firewall isn't NATted... Anyway it is working but I'm still puzzled with the changes. Great product however!
Thanks Till, I got it working after checking the "Skip Lets Encrypt Check" Now it allows to create certificates for any new domain. There is no problem by have the subdomain assigned to ispconfig as it works fine. Getting now acquainted with the new ispconfig using acme. Thanks again for your reply.
