ISPConfig SSL certificate

Discussion in 'General' started by calbasi, Nov 16, 2021.

  1. calbasi

    calbasi Member

    I like my server IspConfig has a https valid certificate.
    Right now I have a manual certificate, not valid, generated during the first installation:
    https://berta.calbasi.net
    To issue a new, and valid, I've executed ipsconfig_upgrade.sh --force (without reconfiguring services)
    This is the output:

    I'm able to see a new file here:

    But https://berta.calbasi.net:8080 fire an invalid certificate (autosigned).
    Maybe I should remove the self-signed certificate issued at the first setup of this server??
     
  2. calbasi

    calbasi Member

    After reading @till 's FAQ, I've done an IspConfig update reconfiguring services, but I have this:
    But I think it only means that my previous issued certificate is not out of time. But the server website is using
    the self issued certificate, and not let's encrypt one :-(
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, you have a valid LE cert. Now we have to find out why it does not get used. Please post the result of the command:

    ls -la /usr/local/ispconfig/interface/ssl/
     
    calbasi likes this.
  4. calbasi

    calbasi Member

    Here you are:

     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  6. calbasi

    calbasi Member

    Here my output:
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I imagine it's a bug in recent "improvements" in symlink handling for those certificates. Probably some cases improved, but it looks like yours did not. :)
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    @calbasi, if you are comfortable with git you can test this, just clone the ispconfig3 git repo, checkout the 6254-installer-symlink-warnings-mishandling branch, cd to install/ and run php update.php (as root).
     
    ahrasis and till like this.
  9. calbasi

    calbasi Member

    Done, I got 2 warnings:
     
  10. calbasi

    calbasi Member

  11. calbasi

    calbasi Member

    Additional info:
     
  12. calbasi

    calbasi Member

    By the way, I've answered "no" to this question:
     
  13. calbasi

    calbasi Member

    And what about this:
     
  14. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Means there is no need to renew certificate since it still has lots of time left. Let's Encrypt renews certificate when there is less than 30 days left.
     
  15. calbasi

    calbasi Member

    Sure. But the "active" cert is not the Letsencrypt cert. but the self-signed certificate. How can I discard self-signed certificate and why Ispconfig has not using letsencrypt cert?
     
  16. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    This is the crux of the matter. There is valid LE certificate, but the applications do not use it, due to some mysterious error somewhere.
    There are some clues in #6:
    It does seem ispconfig is not healthy.
    And you should reboot the server every now and then:
    Do apt update ; apt upgade before reboot.
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    Or he was not logged in as root user or not logged in as root user correctly (e.g. on Debian, you must always use 'su -' and not just 'su' for Debian versions >= 10.
     
  18. calbasi

    calbasi Member

    I use "su -" when working as root. But in general I use "sudo" from my user...

    By the way, I don't know if its important, but my /etc/hosts was:
    Now I'm changing this line
    > 127.0.1.1 debian
    for
    > 127.0.1.1 berta.calbasi.net berta
     
  19. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is that the complete file /etc/hosts?
    If it is, it is wrong. See ISPConfig Perfect Server Guide for what it should have. Then test with commands
    Code:
    hostname
    hostname -f
     
  20. calbasi

    calbasi Member

    My system was already updated, but I've rebooted it, after the little change on /etc/hosts.
    Here you are the test output:
     

Share This Page