Securing ISPConfig 3 Control Panel (Port 8080) With Let's Encrypt Free SSL

Excellent.

I used old tutorial for Ubuntu 14.04 (as first, Till sent me link to it) -> https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt. During installation process I hadn't window which is showed in tutorial. Currently ISP sees LE certificate for website. I should check both options - ssl, le ssl - in panel/ website edition.

 

I stand corrected about LE certificates created by certbot won't be automatically renewed by ISPC though I did read about them not getting renewed somehow.

 

@ahrasis I got notification on email about Your answer (Where it is? ):
"The link provided by me earlier is the same one as well but I think you didn't get the blue windows because the tutorial is for Debian, not Ubuntu.
Ok, I understood case with blue window.
My experience in running the same (./certbot-auto) in 14.04 is that it will ask you whether you want to install LE SSL on your available websites i.e. if they are created already. Logically, I think, if there is no created websites during installation, none will be asked.
This same like You. But before started with certbot I have deployed ISPC on the server and configured website.
Whether ISPC sees that LE SSL files is one thing. But my point is simpler, i.e. if you did use certbot directly in creating LE SSL files for your websites, they normally won't get renewed automatically by ISPC.
Ok, so probably they won't be renewed. How to do it manually?
Also, if you install certbot after completed the perfect server guide without updating ISPC, you may face some problems with LE and its certificates renewal.
I completed perfect server guide, then update ISPC to newest version.
Anyway, the best is gor you to wait for now because nobody what will happen until it happens. "
I didn't understand. Should I wait for what?

 

If it is not here, that means it is already deleted.

One of the solutions to check if they are not automatically renewed:

 

I will check this very soon. LE cert will expire in 1 month and 5 days.

PS
Is it possible that installation certbot after installing ISPC would determine that I have to manually choose website domains by executing ./certbot-auto?

 

I am not so sure but I think ./certbot-auto is mainly to install dependencies for proper running of LE and if you have existing websites, it would normally ask you to choose whether to create its SSL certificates for them or else.

 

First,

Second, I was merely suggesting on one of the solutions reported to check in the event LE SSL certificates are not automatically renewed because it does happen for whatever reason that is.

 

I am happy, because Let's Encrypt would automatically renew ssl certificate.

 

Hello, I tried following these steps. I setup the site using my full host name. Didn't run into any errors, I restarted my apache2 service. However I am getting NET::ERR_CERT_AUTHORITY_INVALID still when trying to access https://webhost.domain.com:8080 any tips to point me as to why I am still getting this.

 

Can you access your https://webhost.domain.com? Check your website and apache error logs and produce them (the relevant one) in here. Use [ quote ] errors [ / quote ] (without the white spaces and replace errors with the one from your logs) when posting them in here.

 

I noted you also posted your problems in other thread, so, I replied my findings in there i.e. based on my visit to your mentioned domain(s).

 

ahrasis, I did a fresh install of Debian 8.6 and manual reinstall of ISPconfig. Everything was running great and I could get Let's Encrypt work for my site https://angelright.com
Then I followed your instructions and tried to get my ISPconfig secured login to use the LE certificate. But when I tried to restart the server, I got this error message:

I could not restart the server! :-(

 

For your information...

 

???

 

Your vhost file(s) may not be not pointing to the right LE SSL files. Can you check your ISPC vhost as well as its website vhost and check where both vhost files ssl are pointing to?

Also do ls -lt /etc/letsencrypt/live/`hostname -f` and ls -lt /usr/local/ispconfig/interface/ssl/ and share their outputs in here.

 

I reinstalled with hearing from you. Now the output for that command is this...

 

Hmmm... for some reason the "hostname -f" returns server1.com instead of server1.angelright.com
How do I fix this after already building ISPconfig?

 

I do have LE created for angelright.com right now, see...

 

Ahrasis, should I stop the apache2 server (yes, I changed back to apache2 during the reinstall) first and then run your commands?