Hello, I was wondering if this has been pulled into the ISPC project or if there are plans for doing so. If its not been done I do think it should be considered so that all servers and services and interfaces could be secured by LE at install time without these extra few steps to manually complete.
Tentatively will be in 3.1.16. However, the proposed merge doesn't covers all including the re-creation of ispserver.pem file after its LE SSL certs renewal. I am still thinking the best way to achieve that using normal cron instead of incron for ISPConfig.
That's great news. I have servers to set up soon and though it's not a big step to do it now another manual task struck off the installation procedures would be great.
Yes but not the tutorial version. There is already requests to merge integrating this with ISPConfig that can use either certbot or acme.sh. It is pending developers' test / check.
As posted at https://www.howtoforge.com/communit...or-ispconfig-servers.80449/page-2#post-391973 those who are interested to test the above said proposed merge can do so by running this code on clean install of ISPConfig server or on top of their testing ISPConfig server: Code: cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd /tmp/ispconfig3_install/server/scripts wget https://git.ispconfig.org/ahrasis/ispconfig3/raw/patch-3/server/scripts/letsencrypt_pre_hook.sh wget https://git.ispconfig.org/ahrasis/ispconfig3/raw/patch-3/server/scripts/letsencrypt_post_hook.sh wget https://git.ispconfig.org/ahrasis/ispconfig3/raw/patch-3/server/scripts/letsencrypt_renew_hook.sh cd /tmp/ispconfig3_install/install/lib mv installer_base.lib.php installer_base.lib.php-$(date +"%y%m%d%H%M%S").bak wget https://git.ispconfig.org/ahrasis/ispconfig3/raw/patch-3/install/lib/installer_base.lib.php cd /tmp/ispconfig3_install/install mv install.php install.php-$(date +"%y%m%d%H%M%S").bak mv update.php update.php-$(date +"%y%m%d%H%M%S").bak wget https://git.ispconfig.org/ahrasis/ispconfig3/raw/patch-3/install/install.php wget https://git.ispconfig.org/ahrasis/ispconfig3/raw/patch-3/install/update.php Thereafter run the needed "php -q install.php" or "php -q update.php".
Just found this tutorial, and understand the rest thoroughly, but where does this go? --Running nginx, ispconfig3.1-- I did follow the non-recommended tutorial, but then went back and restored the old ISPconfig backup crt/key, and restarted services. Getting a self-signed error with the ones created initially with ISPconfig installation when accessing hostname.website.com:8080. My problem is that "/etc/letsencrypt/live/WEBSITE" certs do not match the FQDN with hostname (eg. hostname.website.com) so I am trying to unlink "/etc/letsencrypt/live/WEBSITE" symbolic links from "/usr/local/ispconfig/interface/ssl/" by restoring the original keys created during ISPconfig installation (which are for hostname.website.com), but I am getting a self-signed error now after restoring the original backups in "/usr/local/ispconfig/interface/ssl/" and restarting services.
I am sorry but the tutorial is still good guide as far as I am concerned provided you understand it properly. Also actually there were some further developments to the script as I attempt to merge the same to ISPConfig installer files and the post above yours is what I attempted for others to test. For the time being, I don't have the free time to update the script, but if anyone has the ability to code php and bash, do read my latest in ISPConfig and revert it back LE4ISPC script, do PR to my LE4ISPC github.
Hi, I just installed ispconfig Server: server1 (Debian Buster) ISPConfig 3.1.15p3 with the new perfect server tutorial https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/ and tried the https://github.com/ahrasis/LE4ISPC and I get this: root@Server1:/etc/ssl# ./le4ispc.sh ./le4ispc.sh: line 28: certbot: command not found root@server1:/etc/ssl# Is there anything to follow before calling the script ./le4ispc.sh or it should be working as is? Thanks Spazio
Certbot should be there when you followed the tutorial. Please run all commands from chapter 11 of the perfect server guide again to install it.
Hi Tim, Thanks for the reply. I ran chapter 11 commands and still get the same error: Here they are and the response root@server1:/usr/local/bin# wget https://dl.eff.org/certbot-auto --2020-02-27 13:10:13-- https://dl.eff.org/certbot-auto Resolving dl.eff.org (dl.eff.org)... 151.101.0.201, 151.101.64.201, 151.101.128.201, ... Connecting to dl.eff.org (dl.eff.org)|151.101.0.201|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 80073 (78K) [application/octet-stream] Saving to: ‘certbot-auto’ certbot-auto 100%[========================================================================>] 78.20K --.-KB/s in 0.02s 2020-02-27 13:10:13 (3.77 MB/s) - ‘certbot-auto’ saved [80073/80073] root@server1:/usr/local/bin# chmod a+x certbot-auto root@server1:/usr/local/bin# ./certbot-auto --install-only Certbot is installed. root@server1:/usr/local/bin# root@server1:/usr/local/bin# cd /etc/ssl root@server1:/etc/ssl# ./le4ispc.sh ./le4ispc.sh: line 28: certbot: command not found root@server1:/etc/ssl# I tried to search if the certbot was in the PATH. Here is the results: root@server1:/etc/ssl# echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin root@server1:/etc/ssl# find / -type f -name certbot /opt/eff.org/certbot/venv/bin/certbot root@server1:/etc/ssl# Is certbot supposed to be elsewhere or in the PATH? Did I miss something in the perfect server setup?
Seems the certain binary is not in the path. First try logging out and in again, this will refresh your bash session. If that doesn’t work add the path for certbot in your env
ISPConfig is aware of certbot in path /opt/eff.org/certbot/venv/bin/certbot, so there is no problem with ISPConfig here. But the le4ispc.sh script seems to expect it to be in the path and I'm quite sure that certbot-auto put it tino the path in the path either by using a symlink or adding its path to the PATH variable. Or add a symlink to certbot in /usr/local/bin/ folder.
Thanks Till and Rein! That fix the error! I just added the /opt/eff.org/certbot/venv/bin to the path of root user and it work! I was able to succesfully run ./le4ispc.sh After thaught: I tested the standard user $PATH and the weird thing is this: user@server1:~$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/opt/eff.org/certbot/venv/bin Is certbot-auto was not able to add the location to the user root path??? ( I was root when I installed it)
Might be. Is this Debian 10? If yes, how have you become root, with 'su' or 'su -', or did you login as root by ssh?
Yes it's debian 10 Buster and I log in as root when I followed the tutorial the first time. The other time I log in as a normal user and then "sudo su" since the user is part of the sudo group!
Try using 'su -' or maybe 'sudo su -'. As mentioned in the perfect server guide and also Debian 10 docs, the path variable is different and therefore is incomplete in Debian 10 when you use su without '-'.
Looks like it was the problem! With the su - the path is added to the user root now! user@server1:~$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/opt/eff.org/certbot/venv/bin user@server1:~$ sudo su root@server1:/home/user# echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/eff.org/certbot/venv/bin root@server1:/home/user# exit exit user@server1:~$ sudo su - root@server1:~# echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/eff.org/certbot/venv/bin:/opt/eff.org/certbot/venv/bin root@server1:~#
Since the script ./le4ispc.sh is now handling the certificate renewal and not ispconfig. How can we handle the alternate name to be added to the certificate for postfix and dovecot use? Before, in the tutorial, it was asking to create a site to the hostname of the server: server1.domain.com and if some aliasdomain were added to ispconfig like mail.domaintest.com, mail.domaintest2.com etc, the generated certificate had all those aliasdomain as alternate name in the certificate. That was handy for the email client iphone and android not to complaint about a certificate being wrong and not containing the domain name of the email config! If I create a site in ispconfig to server1.domain.com and add alias domaine like mail.domaintest.com. When the certificate will be renewed. Will it contain the alias domain? What will happend since the script ./le4ispc.sh AND ispconfig will try to renew the certificate at different intervals? If those won't work, any suggestion as to achieved this?