Can somebody please prime me on some basic facts about how to set up LE certs for Ispconfig 3.1 + Nginx + Postfix + Dovecot? I'm on Debian 9 and I'm trying to achieve something similar to the "Perfect Server" git or deb package for LE? Will 'letsencrypt-auto' be good enough before deploying Ispconfig if I want certs to be issued for www and e-mail (one domain just for the server to start with)? OR should I specify the right options from command line by hand? Please suggest some basic ones. Sorry for asking very basic questions, but I could find a manual or howto covering my set-up.
If you follow the howto for the Jessie 8.4 installation that was published on the 29th you should get it all working.
@sjau Thanks for your reply. I just completed installation, mainly following the guide for Jessie 8.4. I am able to access the CP, but not everything has been configured correctly. The certs are not working and not many services have been activated within the CP. Could it be because I hadn't pointed the mail records to the server? I attach some files. Please advise how I can fix the installation. Or should I start the whole process anew?
Did you point DNS for the domains (eg. "www.domain.com") to your ispconfig server? You can't obtain letsencrypt certificates without changing the live DNS.
I am back to configuring my server again and still struggling to have certs and email working. Perhaps my dns settings are not correct for the perfect sever? Code: * A 37.247.53.202 eastcentral.eu. A 37.247.53.202 ftp A 37.247.53.202 localhost A 127.0.0.1 mail A 37.247.53.202 poczta A 37.247.53.202 s1 A 37.247.53.202 webmail A 37.247.53.202 www A 37.247.53.202 eastcentral.eu. NS ns1.futurehost.pl. eastcentral.eu. NS ns2.futurehost.pl. mail MX 10
if that is the complete set of records for eastcentral.eu, your email is not working because you don't have any MX records for the domain itself. You have an mx record for the 'mail' subdomain, which is incomplete (possibly mis-paste), but nothing for the domain. That won't affect getting a letsencrypt certificate though, as long as your ispconfig webserver is 37.247.53.202, dns is fine for that (both the domain and 'www' have A records).
Thanks Jesse. I should have said that I was trying to use my registrar's NS (futurehost.pl). Please have a look at my other post here. I have some further questions regarding dns.