I followed the manual for multiserver setup on debian 8 but when I visited ispconfig url on port 8080, I was prompted that the connection is not private. Does the certbot setup in the manual only for the domains to be added on ispconfig admin and doesn't include ispconfig url?
Have you created a certificate for the control panel? https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ You can also tell your browser to accept the self signed certificate if you created it during installation of ispconfig.
I can see keys in /usr/local/ispconfig/interface/ssl. Should I proceed with "Changing ISPConfig 3 Control Panel (Port 8080)" from https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ I dont have /etc/letsencrypt/live directory
Depends on what you want. The easy way is to tell your bowser to accept the self signed cert you presumably made during installation.
By default, an ISPConfig setup uses a self signed SSL cert for the controlpanel. A self signed cert is not less secure encryption wise, it is just not issues by a known SSL authority. You can switch to LE by using the guide @Taleman posted a link to. The first step is that you create a website in ispconfig which has the hostname of the server as domain name and enable LE in that website, after this step, you should have an /etc/letsencrypt/live directory.
I added a website on ISPConfig as discuss in that link and it created /etc/letsencrypt/live. When I access the ISPConfig panel using ip, I received NET::ERR_CERT_COMMON_NAME_INVALID. Because the certificate is issue to my FQDN and not my ip. I check the certificate it shows my FQDN. But when I visit via FQDN it shows ERR_SSL_PROTOCOL_ERROR. On the Domain tab it shows the Document Root as /var/www/clients/client0/web1 which is not the root of ISPConfig When creating website in ISP config. Do I need to fill up the SSL tab?
SSL Certificates are always issued for a domain name and not for an IP, you have to use the server hostname (FQDN) to access it. Protocol errors are shown when you e.g. try to access an https website with http. Ensure that you use https:// in front of the FQDN. Example: https://server1.yourdomain.tld:8080
no. it shows this error Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
I try but fail at the cat line: root@fyde:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserve r.pem cat: ispserver.key: No such file or directory cat: ispserver.crt: No such file or directory root@fyde:/usr/local/ispconfig/interface/ssl# The folder: root@fyde:/usr/local/ispconfig/interface/ssl# ls -l total 20 -rwxr-x--- 1 root root 45 Feb 21 09:56 empty.dir lrwxrwxrwx 1 root root 51 May 22 21:32 ispserver.crt -> /etc/letsencrypt/live/www.fyde.com.mx/fullchain.pem -rwxr-x--- 1 root root 2122 Jan 14 2018 ispserver.crt-190522213034.bak -rwxr-x--- 1 root root 1748 Jan 14 2018 ispserver.csr lrwxrwxrwx 1 root root 49 May 22 21:32 ispserver.key -> /etc/letsencrypt/live/www.fyde.com.mx/privkey.pem -rwxr-x--- 1 root root 3243 Jan 14 2018 ispserver.key-190522213048.bak -rwxr-x--- 1 root root 3311 Jan 14 2018 ispserver.key.secure -rw------- 1 root root 0 May 22 22:34 ispserver.pem root@fyde:/usr/local/ispconfig/interface/ssl# Please help
Please post the output of: ls -la /etc/letsencrypt/live/www.fyde.com.mx/fullchain.pem ls -la /etc/letsencrypt/live/www.fyde.com.mx/privkey.pem
Here the info: root@fyde:~# ls -la /etc/letsencrypt/live/www.fyde.com.mx/fullchain.pem ls: cannot access '/etc/letsencrypt/live/www.fyde.com.mx/fullchain.pem': No such file or directory root@fyde:~# ls -la /etc/letsencrypt/live/www.fyde.com.mx/privkey.pem ls: cannot access '/etc/letsencrypt/live/www.fyde.com.mx/privkey.pem': No such file or directory Regards,
Ok, that explains the problem. Seems as if you did not got an SSL cert from LE. Check the letsencryp.log to find out why LE did not issue a cert to you.
There's no letsencryp.log. But it's works the https://fyde.com.mx is ok But the https://fyde.com.mx:8080 is not, I have problems with antivirus an another plataforms that do not access to my server because the self signed certificate. The SSL lets's encrypt check box in the ispconfig is activated. Please help.
Ok, you say you have a LE cert for fyde.com.mx but above you use the path www.fyde.com.mx. So probably the LE cert has a different name. Post the output of: ls -la /etc/letsencrypt/live/fyde.com.mx/
root@fyde:~# ls -la /etc/letsencrypt/live/fyde.com.mx/ total 12 drwxr-xr-x 2 root root 4096 May 23 03:00 . drwx------ 7 root root 4096 Jan 19 01:04 .. lrwxrwxrwx 1 root root 35 May 23 03:00 cert.pem -> ../../archive/fyde.com.mx/cert6.pem lrwxrwxrwx 1 root root 36 May 23 03:00 chain.pem -> ../../archive/fyde.com.mx/chain6.pem lrwxrwxrwx 1 root root 40 May 23 03:00 fullchain.pem -> ../../archive/fyde.com.mx/fullchain6.pem lrwxrwxrwx 1 root root 38 May 23 03:00 privkey.pem -> ../../archive/fyde.com.mx/privkey6.pem -rw-r--r-- 1 root root 543 Jul 26 2018 README
Run these commands to fix it: Code: cd /usr/local/ispconfig/interface/ssl/ rm ispserver.crt rm ispserver.key rm ispserver.pem ln -s /etc/letsencrypt/live/fyde.com.mx/fullchain.pem ispserver.crt ln -s /etc/letsencrypt/live/fyde.com.mx/privkey.pem ispserver.key cat ispserver.{key,crt} > ispserver.pem chmod 600 ispserver.pem
Done, ok. Chrome display: NET::ERR_CERT_AUTHORITY_INVALID Subject: www.fyde.com.mx Issuer: www.fyde.com.mx Expires on: 12 ene 2028 Current date: 23 may 2019 PEM encoded chain:-----BEGIN CERTIFICATE----- MIIF8jCCA9qgAwIBAgIJAPxWq4w8UB6zMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD VQQGEwJNWDELMAkGA1UECAwCTkwxEjAQBgNVBAcMCU1PTlRFUlJFWTENMAsGA1UE .. .. -----END CERTIFICATE----- Internet explorer: Código de error: DLG_FLAGS_INVALID_CA DLG_FLAGS_SEC_CERT_CN_INVALID Firefox: Código de error: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT Please help