There's a topic in the feature request about making ISPConfig and Let's Encrypt work together. I posted there a script that I developped - until Till and the other devs include that functionality -. The script is rather simple to use and to be uncluttered from the other thread, I did no make a git repo with it. Improvements are welcomed The repo can be found here: https://github.com/sjau/le2ispc
added another check whether the domain entry is set to "www". If so, it'll make a san cert for domain.tld and www.domain.tld. Unfortunately wildcard domains aren't supported (yet) by LE.
i not see Code: --server https://acme-v01.api.letsencrypt.org/directory in your script, are you not on beta test whitelist?
i'm on beta an have real LE ssl, manual mode 'cause on ngix letsencrypt-auto.sh not work well , need to stop webserver+ generate ssl+restart webserver... when beta will finish maybe they cange script to include acme server, or maybe not. other 2cent, "'added_date' => $domainInfo['added_date']," will be better to add real date, not the old one picked up from db ... BUT i think is better waiting some more days before to final relase before try to think how to add to ispconfig.
you really have to stop the webserver with nginx? Well, I have no clue what they actually do. I thought they will just add a special vhost file for the domains you've given.
in manual mode letsencrypt-auto start a webserver, expose to server some data to check identity, save ssl, shutdown webserver. done. but if someone (like me) have only installed nginx as webserver, can't have 2 nginx session so script fail. but...it's in beta. is written on LE site that nginx plugin is not working. edit use git version dated 28 october edit2, other people on LE community have stop apache/run LE-auto/start apache, so have to use webroot plugin-
Hi, Very nice. How to use it for multiple domaine ? I would like to a san certificate with all domains hosted in my isp server Best regards
you'd have to chain: Code: --domains domain.tld --domains www.domain.tld --domains otherdomain.tld --domains www.otherdomain.tld etc...
OK webroot metod work without stopping nginx on ISPconfig -WebDomanio-Option under nginx snipped, added Code: location /.well-known/acme-challenge { location ~ /.well-known/acme-challenge/(.*) { allow all; add_header Content-Type "text/plain"; } } than i do a script to call LE client as : (i git clone under /opt/letsencrypt and my domanin.tld is whitelisted so acme-v01.api , and edit domain.tld ) Code: /opt/letsencrypt/letsencrypt-auto \ --agree-dev-preview \ --server https://acme-v01.api.letsencrypt.org/directory \ --renew-by-default \ -a webroot \ --webroot-path /var/www/domain.tld/web \ --email [email protected] \ --verbose \ --text \ -d domain.tld \ -d www.domain.tld \ certonly then overwrite (this point need to be automatized by ISP) /var/www/clients/clientN/webN/ssl/domain.tld .crt with /etc/letsencrypt/live/domain.tld/fullchain.pem and domain.tld .key with privkey.pem just 2 cent, added LE's ssl to dovecot also with Code: local_name imap.domain.tld { ssl_cert = </etc/letsencrypt/live/domain.tld/fullchain.pem ssl_key = </etc/letsencrypt/live/domain.tld/privkey.pem } but i don't know how to check if it use this or selfsigned ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key
nemis: In nginx if you enable ssl vhost, what do the non-ssl and ssl one look like and where can they be found?
Ok, I changed the authentication to webroot now and I think I made them working for apache and nginx. Apache is simpler, as I can write just a global config file and enable it (and load header and rewrite modules). In nginx I have to add the directives to every server stanza. Sicne I don't rung nginx if someone cloud please check if that's right. Current script here: https://github.com/sjau/le2ispc
vhost here: /etc/nginx/sites-available/[domain.tld].vhost i use Code: server { listen *:80; listen *:443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /var/www/clients/clientN/webN/ssl/domain.tld.crt; ssl_certificate_key /var/www/clients/clientN/webN/ssl/domain.tld.key; server_name domain.tld www.domain.tld; root /var/www/domain.tld/web; and it auto switch to https
if not in beta, so line 22: #$beta will get error inline 104: PHP Notice: Undefined variable: beta in /home/marco/le2ispc/le2ispc on line 104 after fast fix, revoving variable, i fall in my (i think i m the only one have this) bug https://community.letsencrypt.org/t...sencrpt-letsencrpt-auto-py26reqs-txt-bug/3196 edit: also change line13 : $server["soap_uri"] = "https://ispc.domain.tld:8080/remote/"; to $server["soap_uri"] = "https://localhost:8080/remote/"; edit2 : ok WORK i launch your script from /op/letsencrypt Code: root@___:/opt/letsencrypt# /home/nemis/le2ispc/le2ispc __________.com 1. Get the domain name. 2. Query MySQL whether it's a vhost. 4. Run Let's Encrypt Tool 5. Read SSL info into vars. 6. Insert SSL info via API. Added SSL Certs to _________.com' edit3 i had a snippet for well-know acme-callenge, your script added a new one. so now not sure if work because my snippet or work with your without restart nginx, other test follow edit4: http://bugtracker.ispconfig.org/ind...asks=&due=64&status[0]=&order=votes&sort=desc --> https://github.com/alexalouit/ISPConfig-letsencrypt <<-- look here
The patch looks great and I just installed it from git. When I ran php -q install.php everything patched except ISPConfig. I didn't receive any errors from the installer. When I checked the files that were suppose to be patched in the ISPConfig directory they didn't have the changes made in them. The ispconfig.patch file was copied to the ISPConfig directory by the installer. I ran patch -p3 < ./ispconfig.patch from the command line and the files were successfully patched. But I did get the following at the end: Code: ... patching file server/plugins-available/nginx_plugin.inc.php patch unexpectedly ends in middle of line Hunk #1 succeeded at 1102 with fuzz 1 Not sure if the unexpectedly ends message is an issue or not. I let you know if it works on my white listed beta domain. Edit: Just an update. All seems to be working well!
hello https://github.com/sjau/le2ispc/blob/master/le2ispc the information from the line 167 are they taken out of the ISConfig / Webdomain SSL part? have a nice day vinc
