Securing ISPConfig 3 Control Panel (Port 8080) With Let's Encrypt Free SSL

Did you install certbot / letsencrypt? Which distro / perfect server tutorials did you follow?

 

It is now installed and appears to be working properly. My only question now is about the steps to make it renew automatically. I am running Apache, and I do not have monit installed; therefore, this is the contents of my
/etc/init.d/le_ispc_pem.sh:

 

You missed postfix in that script.

 

Thanks!

 

Can ISPConfig 3.1.2 update ispserver.pem and restart relevant services automatically?

 

I think if you apply @florian030 suggestion for the hook correctly, it may work, even on a multi server setup as he said.

He suggests to make the full use of ISPC and run an update script via post-hook in the customized 900-letsencrypt.inc.php, while this guide suggests to install and use incron to detect LE SSL certs archive folder for the server and then run its update script.

Though it comes with a caveat that the customized 900-letsencrypt.inc.php may be overwritten in any of your ISPC update, as stated, this may also be implemented in the future ISPC.

Both theories are almost the same i.e. at the end, you must have the update script you want to run when the LE SSL certs for ISPC website are updated. This is especially for removing the old ispconfig.pem and creating a new one, and restarting all related services.

If you wish to test the post-hook, I think you can simply take the script in the last part of this guide removing the first line "while..." as well as the last line "done" (leaving the code in the middle to be used) and it should theoretically work.

 

Hello Friend,
I run /etc/init.d/le_ispc_pem.sh from a command console and it never finishes. If I set it to auto-start at boot time, will it hang up my server?

 

Check your script contents as it shouldn't be running endlessly. Please note that the script is intended to be run only by incron upon detection of any modification (which includes the creation of any new files) in /etc/letsencrypt/archive/yourserverdomain/ folder, not by running it on its own. You should also be able to use the script with @florian030 suggestion as well.

 

Anyone had any issues following this tutorial when one has apache on Ubuntu 16.04.2 (https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/) installed instead of nginx?
The reason I ask is that I received an error at step [Using Your ISPConfig Let's Encrypt SSL For Others] namely postfix and dovecot.

even though the symlinks were there.

 

Can you produce the said dovecot.conf content?

 

I actually deleted the symlinks to get dovecot running again and I am a bit hesitant as you may guess to go through the procedure again until I get some verification from someone on a similar platform.
However without any symlinks anywhere - here is the content of etc/dovecot

 

There is no content in that image but a directory with list of files.

Anyway, if you dovecot works after removing your symlink, that there lies your problem at the first place.

 

sorry I misunderstood you what do actually want to see?
This?

 

I agree that it is the problem - the question is why is it a problem if I have followed the steps exactly and the symlinks are there pointing to the correct files (at least as far as the tutorial goes)

 

Please provide:

Code:

ls -al /etc/postfix

 

I can't help you to fix something which is no more there. As said, something could gone wrong when you created the symlinks whether ispserver.crt to fullchain.pem or smtpd.cert to ispserver.crt and that could have caused dovecot to report the said error.

Sometime it is a simple as not running service dovecot restart.

Alternatively, you could try other guides to secure ISPC control panel and other services.

 

Remember, the things to be examined are the created symlinks for why they are reported as "missing" by dovecot. Your above list only shows that they are already deleted confirming your previous post, so how can we help you to examine them?

 

OK I tried again and got through dovecot this time however when attempting to restart apache I get the following error:

The output of
systemctl status apache2.service

I have managed to get apache restarted by renaming the symlink for the time being.
Should this line:-

be just polyoz.net.au as there is no /etc/letsencrypt/archive/server1.polyoz.net.au/
nor is there a:-
/etc/letsencrypt/live/server1.polyoz.net.au/privkey.pem

Which is what the symlink refers to

Also in addition now I cannot FTP to any sites all I get is:-

Which is not good as I am expecting a developer to do some changes in one of my Joomla site

 

You can follow its instruction to see what caused the error (you can also use - service apache2 status).