I just upgraded from ISPConfig 3.0 to 3.1.2 on Debian 7. According to the Changelog, Let's Encrypt is now supported. However, I don't see any Let's Encrypt specific options. I can create an SSL certificate from the SSL tab of a Website, but accessing the domain using https:// results in the following error in Chrome: This site can’t provide a secure connection. Is Let's Encrypt only available for new (clean) installations? - or will the proper options emerge if I install e.g. CertBot or some other package? It seems CertBot has a plugin for Apache that automates everything, but I'm worried ISPConfig and CertBot will conflict when both trying to control configuration files. Thanks in advance for any guidance. Jimmy
1) You have to install certbot and just certbot, no certbot apache plugin. and do not create ssl certs with certbot at install time, when it asks for that, choose cancel. 2) then login to ispconfig, go to the website settings amd emable the checkbox labeled "Letsencrypt" which is on the first tab of the site settings. The SSL tab is not used for letsencrypt.
Thanks a lot, Till, it worked exactly the way you described. I assume the certificate is automatically renewed when necessary (?)
I just upgraded from ISPConfig 3.1 to 3.1.2 on Debian 8.5 I install full CertBot and I created certificates for all my domains (in CertBot) how can I fix it; to works via ISPconfig?
remove all of /etc/letsencrypt, then run certbot once manually... abort when you get that blue background screen. If you also let certbot modify the vhost files, it'll get more complicated.
ok I deleted the contents of letsencryprt directory and ticked the letsencrypt box GUI ispconfig Now I am unable to acces to my ispconfg GUI and all my domains
I have no idea what you did and what you didn't do... if you let certbot/letsencrypt alter the vhosts... you'll need to fix that all first. Your vhost files probably contain links to the /etc/letsencrypt folder because you probably let certbot alter domains... you need to clean that. Check your logs for according error messages.
The truth is I' m new at this and I am trying try to fix the problems spending hours to find out how to do what you tell me This means I could use any help I could get
If apache doesn't start, have a look at the log files. And if it doesn't start, I think it's because you did run certbot manually and let it alter the vhost files. So you'll need to fix them to not point to the non-existing certs anymore.
Just delete all symlink in /etc/apache2/sites-enabled and try restarting apache2. If it works, go to your ispc and reconfigure LE SSL for all your websites.
What is your setup actually? Nginx or Apache2 or both (one as reverse proxy)? I cannot help any build with reverse proxy as I have never successfully built one.
Ok. Make backups and then try these. 1. Go to your terminal list sites-enabled folder via "ls -l /etc/apache2/sites-enabled/". If you see a list symlinks to al websites, it means you haven't deleted them. Delete them all except for ispconfig.vhost symlink. 2. Then list your LE folder via "ls -l /etc/letsencrypt/". If there is any folders inside it that means you haven't deleted them. Delete them all via "rm -rf /etc/letsencrypt/". 3. Restart apache via "service apache2 restart". If it can restart, check your ISPC via browser. Login and reenable all websites with ssl and LE via ispc. 4. If you cannot restart, re-update ispc. Refer to your perfect server setup guides on how to download and extract it. But instead of re-installing it, type "php -q update.php". This will update your ispc. Choose reconfigure and ssl during the update. When this finished, try the above step #3 again. I hope this is clearer. Do ask if you still are not so sure.