Hi I have a multi server environment running with ISPC3.1 and I want to upgrade the installation to 3.2 soon. The following servers are in use: Web & ISPC Mail DB NS I would like to use Let's encrypt on the mail server. Is this possible with version 3.2. Do I only need to install the certbot packages on the mail server or do I need to do some more stuff. I am running ubuntu 18.04 at the moment but will upgrade to 20.04 before updating ispconfig. Regards Bernd
If cerbot is not installed yet, acme.sh will be installed automatically and you will be asked by the updater if you want to configure a certificate for the hostname. Personally, I prefer installing Apache, creating your email server hostname(s) as a site on your mailserver, and then going through https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
Hi Thanks for this reply. The advantage of the Apache version is probably that I can assign multiple domain names to the mail server, right? However, when I do this, the certificate that the mail server delivers shows all the aliases. Is that correct? Should I choose the variant with the new ispconfig version (acme.sh) probably only one hostname can be defined? Is it possible to change/customize this in ispconfig? Greetings Bernd
That is one difference/advantage, yes. Yes, any names that are contained in a certificate can be seen by anyone reading the certificate. It's entirely up to you. No. The ability to manage multiple certificates for email has been an increasingly popular request, there's no system in place for it currently, but if someone wanted to organize it, it might be possible to join together and sponsor developing that feature.
Hello I have now set up an email server with ispconfig3. When setting up the system, a certificate was created. In /etc/postfix I can see that there are symbolic links from smtp.cert and smtp.key to the corresponding files in /usr/local/interfaces/ssl/. If I now use the howto (https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/) to set up customized certificates, it should be sufficient to replace the links with the new ones. Will ISPConfig reset the links after some time or some actions? Or do I have to expect no problems there? Is there a list collecting ideas for extending ispconfig? Maybe it would be a good idea to have such a list. If there would be some feedback from developers, e.g. how expensive The development of a feature should be approximately, that could help to find people for sponsoring. Regards Bernd
No, that should work fine. See https://git.ispconfig.org/ispconfig/ispconfig3/-/issues Anyone can open a MR to implement a feature. I can't tell you how much it would cost to implement something as a dev can cost almost nothing to the jackpot... and some features are done in 30 minutes, some in 30 hours
