Let's Encrypt dns-01 already working externally, just need ISPConfig to recognize it.

Discussion in 'Installation/Configuration' started by tester321, Jan 8, 2017.

  1. tester321

    tester321 Member

    Hello, I already have Let's Encrypt cert generation/renewal process working perfectly using dns-01 challenge from a remote central server to the ISPConfig server(s).

    As a final step, I distribute the certs to all remote servers/hosts globally via scp and then reload whichever process needs to recognize the certs.

    1) I simply want to confirm if I can scp the resulting cert files so that ISPConfig will recognize/not overwrite them, and then reload apache?

    2) It appears that the live cert files (for websites) are in (?):

    3) And, for ISPConfig itself it is in (?):

    4) Can I simply overwrite these files?

    5) What other commands would I need to execute to ensure ISPConfig is properly updated/aware of the new SSL files?

    I have already reviewed various threads here regarding Let's Encrypt but they all seem to be focused on Acme client and generating the certs from within ISPConfig. I do not want to do this as I am already using Dehydrated, formerly called letsencrypt.sh, and custom scripting for hundreds of domains across hundreds of servers in high availability setups.

    Threads I have already reviewed include:
    - https://www.howtoforge.com/communit...encrypt-ssl-certificates-into-ispconfig.71055
    - https://www.howtoforge.com/community/threads/lets-encrypt-2-ispconfig.71348
    - https://www.howtoforge.com/communit...te-for-ispconfig-admin-from-letsencrypt.73097
    - https://www.howtoforge.com/community/threads/ssl-certificates-how-many-under-ispconfig.75062

    Thank you in advance for your feedback.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can do that and apache will load the certs, but ispconfig will not show them in its interface as they do not exist in the database. So either you add them in the ispconfig database as well for the websites or you use the remote api from ispconfig to set the ssl certs, that way the certs will get added to the database and on the shell and you can do that easily from within the script on your SSL cert server.
  3. tester321

    tester321 Member

    Hello Till, thank you for the reply and confirmation.

    I will look into the ISPConfig API to see how to do this.

    Thank you

Share This Page