As stated in the first post of this guide, since 6 August 2017, there is an alternative added to ease users in using LE SSL for their ISPConfig panel, of which they may want to use LE4ISPC script created for this purpose. The script should support both nginx and apache2 from ISPConfig up to pure-ftpd, except for monit which you should add it manually. Before using it, you should already completed the tutorial from step 1 to 5 and have : 1. Created the website for your server via ISPConfig; 2. The website is accessible online; 3. ISPConfig SSL is enabled (via installation or update); 4. LE SSL is successfully enabled for the website.
Thanks for your script, I was just reading https://www.howtoforge.com/community/threads/bind-supports-caa.77249/ will this effect your script? if so then could you add an 'IF' statement code for if using ispconfig 3.2 so that the CAA will work along with your script, or your script applies CAA with the CA too.
I donno about this stuff just checking and asking the question just to be sure, but if not change is needed then fine. thanks
Hey guys, im having some issues with this. When using Firefox and going to http://panel.domain.com, it redirects to https://panel.domain.com and shows me cert is used for domain.com and www.domain.com When using IE, Edge and Chrome, i can open http://panel.domain.com without any issue and the https shows selfsigned cert. Any idea whats going on there? SSL/LE wont activate at this point.. FailedChallenges: Failed authorization procedure. panel.domain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://panel.domain.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: Timeout -edit- Reset firefox, now it does load correctly, retrying LE. -edit2- Nope, i still get its using wrong certs.. from the main domain. I did create a panel.domain.com website without ssl, its available, then turned on SSL/LE. -edit3- doh.. There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
There is no wildcard involved here as far as I ca see and LE does not support wildcard ssl certs anyway. According to the errir messages he posted, there was first an issue that the LE servers were not able to reach his server and then further attempts were blocked by LE as the failure limit was exceeded.
LE not supporting wildcard, I didn't know that, dose ispconfig have a work around or support LE for sub-domains?
Yeah but according to this tutorial, i had to create a site for panel.domain.com. Which i did, which is also accessible..
@Tuumke: Please see post #167 for the answer to your question. The question #169 from @budgierless and my answer #170 are not related to this thread topic.
Thnx, will try again tomorrow. I don;t have to create an additional DNS zone do i? domain.com can is setup, then i can add an a record to panel.domain.com and add a site as panel.domain.com? -edit- Still having issues.. FailedChallenges: Failed authorization procedure. panel.tsictdiensten.nl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://panel.tsictdiensten.nl/.well-known/acme-challenge/yL0qd3xxj69weLPnzffBQ6HNHs-UXsY3VGQutgPAxTY: Timeout
Holy mess, it works... after creating a zone for panel.domain.com... Adjust the tutorial maybe? @ahrasis
Separate zones for subdomains are not needed. All you have to do is to add the subdomain as a-record to the zone of the domain. If thst did not work your you, then you either had a typo in the subdomain record (like using a fqdn without dot at the end) or you did not wait until the dns changes were propagated to all caching servers (which might take 24 hours).
I could access panel.tsictdiensten.nl without trouble when I said that the DNS was setup correctly. Not sure though if this was before or after the zone creation...
glad a newbie like myself could be of help. Its surprising sometimes how easily we can get tangled up in coding for solutions, and neglect something as basic as our zone file records. years ago, as a teenager who had just left school, i worked for a family friend in his lawn mower repair shop. The first thing he used to always get me to do whenever anyone came in and said "my lawn mower wont start" was to "open the tank and check it had fuel in it". You would be surprised how often this is exactly what the problem with a broken lawnmower was