Hi, We're planning to update our SSL certificate using Let's Encrypt for all our services: Mail, FTP, ISPConfig panel on port 8080, and also the website using the principal domain name. We're afraid that if we generate an SSL certificate for the domain using the ISPConfig control panel (under the website settings) AND if we generate certificates manually for the other services, we might have problems or conflicts. What is your opinion on that? What do you recommand to avoid any issue? Thanks in advance
Please see here on how to setup let's encrypt certs for all services. https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
Hey Till, My sysadmin is asking me: does ISPConfig create all subdomains by itself when we activate SSL with LE for a specific site? For instance, if we activate LE for mydomain.com, is it automatically creating certificates for smtp.mydomain.com, mail.mydomain.com and ftp.mydomain.com also? Sorry if this seems obvious to you ;-) We just don't want to make any mistake when switching from our current SSL certificate to Let's Encrypt. Thanks!
ISPConfig adds all sub- and alias domains to an SSL cert which belong to that site. So if you added a subdomain smtp to that site, then this subdomain is included in the ssl cert. If you did not add that subdomain, then it will not be inside the ssl cert.
Thank you Till! This is clearer now. We didn't create any subdomain in ISPConfig for smtp, mail or ftp as we've just configured our services following initial installation instructions. Anyway, this confirms we'll have to create these SSL certs separately, as explained in the guide your referred me to. Thanks again for your help!
Hey Till, I have one last question before proceeding. If we activate LE for the domain through ISPConfig, is it going to impact certificates for other services than Web? We want to make sure we're not trapped in a "race against the clock" to activate the certificate for the other services after we activated it for Web ;-) Thanks!