Hello, I recently had ISP config reinstalled with the new version, which has the lets encrypt option available. But, I have not yet figured out how and where to the the certificates. I looked on lets encrypt site, I looked over ISPConfog for clues. I missed something, and hopefully someone can point me the way. Joseph
Check the "Let's Encrypt SSL" box in the websites settings in Domain tab. If that box is not there, maybe you have not installed letsencrypt? Check with Code: apt-cache policy certbot if on Debian or Ubuntu. I don't know how to check on other OS.
Hello, I indeed have it installed. The box that I can check off is there. What should happen when I check th ebox? I ask, because when I check off the option, nothing else seems to happen. Should there be something that will create the certificate? Thanks Joseph
You tick the LE box on, then save. Wait until the red dot with number on top of ISPConfig window disappears. Then there should be valid certificate. If not, follow the LE debugging information, it is in the forum.
Well, when I look at th cron job, it seems to say that there are nio sites up for renewal: 2018-08-28 16:34:55,848EBUG:certbot.main:Root logging level set at 30 2018-08-28 16:34:55,850:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-08-28 16:34:55,851EBUG:certbot.main:certbot version: 0.10.2 2018-08-28 16:34:55,851EBUG:certbot.main:Arguments: ['-q'] 2018-08-28 16:34:55,852EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntr$ 2018-08-28 16:34:55,879:INFO:certbot.renewal:Cert not yet due for renewal 2018-08-28 16:34:55,885:INFO:certbot.renewal:Cert not yet due for renewal 2018-08-28 16:34:55,891:INFO:certbot.renewal:Cert not yet due for renewal 2018-08-28 16:34:55,891EBUG:certbot.renewal:no renewal failures I have none fo renewal, but I have not figured otu how to get the first one Should I run the debug mode as mentioned here: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ Thanks for feedback. Joseph
It seems like you already have certs for that domain. You can check the le folder for that domain "ls -lat /etc/le*/*/*domain.tld*" or do debug for more info.
OK, I tried things again, an the ssl is working, I have a new question, but related: If I try the website using http, the site remains insecure. How can I force the site to be seen only in https? Meaning, is someone visits teh site using http, my server will only connect in https mode. Thanks Joseph
You need to change it in your vhost; and to ensure it won't be changed on resync or update copy the relevant vhost from /usr/local/ispconfig/server/conf folder to /usr/local/ispconfig/server/conf-custom folder and customize the relevant vhost in the latter folder.
Using custom vhost is ISPConfig way too, and it can actually do more, except it is not using the GUI.
Thanks both Taleman and ahrasis. Yes, I do use ispconfig, and slowly learning my way around it, and linux too. The redirect in ispconfig made it super simple to do. I am 100% sure that doing it the command line way is much more powerful, allows more options. But, I have a long winding road to get a better under standing of linux and servers. I did look at the folders that were mentioned, but when you say to copy the relevant information I looked at the files and did not know where to start. For now, I will still with the box I can tick off in ISPCOnfig. Thanks for the help! My need to activate lets encrypt and redirect http to https have been accomplished thanks your help. Joseph