ISPConfig | Beta 3.2 | Fresh Install | Cloudflare/SSL Assistance

So I bought an SSL certificate and attempted to install it on ISPConfig; I was never able to get it to install system wide to encrypt all levels of the site (mail, ftp, ISPConfig :8080, etc.) I've literally done a clean install of the entire operating system 25+ times and attempted to use all resources I could find to figure it out; until about 40 minutes ago I didn't know that snapshot was an option, so I've just done a clean install and I'm reinstalling ISPConfig using the guide:
The Perfect Server - Ubuntu 20.04 with Apache, PHP, MariaDB, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.2 (Beta)
I'm going to stop at "In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:" and wait for further guidance to ensure I do this right.

I've tried using Let's Encrypt but it does not provide the HTTPS without the "Unsafe Site, Self-Signed Certificate" warning whenever the site is loaded. So I'm wanting to use either an SSL from SSLs.com or preferably CloudFlare as I've seen it on many sites and I've already changed my name servers to use it. Could someone please work with me to get this working and maybe this thread can be used as an overall guide for people like me who don't have as much experience doing this?

 

is this just for single server? or a multi-server install?
is the mailname the same as the hostname? if not, you'll need to add the mailname as a SAN on the certificate. or you'll need a wildcard certificate.
just install ispconfig as normal, let it create it's own self-signed certificate, or request a letsencrypt certificate. doesn't really make much difference at this point.

replace the /usr/local/ispconfig/interface/ssl/ispserver.* files will the correct ones for the cert you're using. you may need to concatenate some of the files to create eg ispserver-full.pem.
once the new certs working ok on the interface. go to /etc/ssl/private, remove/rename the pure-ftpd.pem file and create a symlink for it to /usr/local/ispconfig/interface/ssl/ispserver-full.pem

do the same for postfix and dovecot:

Code:

smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt
smtpd.key -> /usr/local/ispconfig/interface/ssl/ispserver.key

/etc/dovecot/private:

Code:

dovecot.key -> /usr/local/ispconfig/interface/ssl/ispserver.key
dovecot.pem -> /usr/local/ispconfig/interface/ssl/ispserver.crt

restart the services. they'll need a restart/reload each time you update the certificate.

 

Do check ISPConfig 3.2 install logs for error in getting LE SSL certs for your server since this version is capable of issuing LE SSL certs during install or upgrade. Once you fix the error, you should be able to secure your server service by running update.php.