Securing ISPConfig 3 Control Panel (Port 8080) With Let's Encrypt Free SSL

Discussion in 'Tips/Tricks/Mods' started by ahrasis, Feb 14, 2017.

Page 9 of 20
  1. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    As stated in the first post of this guide, since 6 August 2017, there is an alternative added to ease users in using LE SSL for their ISPConfig panel, of which they may want to use LE4ISPC script created for this purpose. The script should support both nginx and apache2 from ISPConfig up to pure-ftpd, except for monit which you should add it manually.

    Before using it, you should already completed the tutorial from step 1 to 5 and have :
    1. Created the website for your server via ISPConfig;
    2. The website is accessible online;
    3. ISPConfig SSL is enabled (via installation or update);
    4. LE SSL is successfully enabled for the website.
     
    Last edited: Sep 19, 2017
    ahrasis, Aug 27, 2017
    #161
    madmucho likes this.
  2. budgierless

    budgierless Member HowtoForge Supporter

    budgierless, Sep 8, 2017
    #162
  3. sjau

    sjau Local Meanie Moderator

    why would the CAA change anything?
     
    sjau, Sep 8, 2017
    #163
  4. budgierless

    budgierless Member HowtoForge Supporter

    I donno about this stuff just checking and asking the question just to be sure, but if not change is needed then fine. thanks
     
    budgierless, Sep 10, 2017
    #164
  5. Tuumke

    Tuumke Active Member

    Hey guys, im having some issues with this.
    When using Firefox and going to http://panel.domain.com, it redirects to https://panel.domain.com and shows me cert is used for domain.com and www.domain.com
    When using IE, Edge and Chrome, i can open http://panel.domain.com without any issue and the https shows selfsigned cert.
    Any idea whats going on there? SSL/LE wont activate at this point..
    FailedChallenges: Failed authorization procedure. panel.domain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://panel.domain.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: Timeout

    -edit-
    Reset firefox, now it does load correctly, retrying LE.
    -edit2-
    Nope, i still get its using wrong certs.. from the main domain.
    I did create a panel.domain.com website without ssl, its available, then turned on SSL/LE.
    -edit3-
    doh..
    There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
     
    Last edited: Sep 18, 2017
    Tuumke, Sep 18, 2017
    #165
  6. budgierless

    budgierless Member HowtoForge Supporter

    That seems like some form of wildcard issue. Let's see what the support team has to say!!
     
    budgierless, Sep 18, 2017
    #166
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no wildcard involved here as far as I ca see and LE does not support wildcard ssl certs anyway. According to the errir messages he posted, there was first an issue that the LE servers were not able to reach his server and then further attempts were blocked by LE as the failure limit was exceeded.
     
    till, Sep 18, 2017
    #167
    Tuumke likes this.
  8. adamjedgar

    adamjedgar Member

    two things come to mind...
    1.browser caching and
    2. zone records you have setup
     
    adamjedgar, Sep 18, 2017
    #168
  9. budgierless

    budgierless Member HowtoForge Supporter

    LE not supporting wildcard, I didn't know that, dose ispconfig have a work around or support LE for sub-domains?
     
    budgierless, Sep 18, 2017
    #169
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig adds subdomains and alias domains automatically to the LE cert.
     
    till, Sep 18, 2017
    #170
  11. Tuumke

    Tuumke Active Member

    Yeah but according to this tutorial, i had to create a site for panel.domain.com. Which i did, which is also accessible..
     
    Tuumke, Sep 18, 2017
    #171
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    @Tuumke: Please see post #167 for the answer to your question.
    The question #169 from @budgierless and my answer #170 are not related to this thread topic.
     
    till, Sep 18, 2017
    #172
  13. Tuumke

    Tuumke Active Member

    Thnx, will try again tomorrow.
    I don;t have to create an additional DNS zone do i? domain.com can is setup, then i can add an a record to panel.domain.com and add a site as panel.domain.com?
    -edit-
    Still having issues..
    FailedChallenges: Failed authorization procedure. panel.tsictdiensten.nl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://panel.tsictdiensten.nl/.well-known/acme-challenge/yL0qd3xxj69weLPnzffBQ6HNHs-UXsY3VGQutgPAxTY: Timeout
     
    Last edited: Sep 18, 2017
    Tuumke, Sep 18, 2017
    #173
  14. budgierless

    budgierless Member HowtoForge Supporter

    Yes you do, without question!
     
    budgierless, Sep 18, 2017
    #174
  15. HSorgYves

    HSorgYves Active Member HowtoForge Supporter

    Enable ISPConfig debug and check what happens. The DNS is setup correctly.
     
    HSorgYves, Sep 18, 2017
    #175
  16. Tuumke

    Tuumke Active Member

    Holy mess, it works... after creating a zone for panel.domain.com...
    Adjust the tutorial maybe? @ahrasis
     
    Tuumke, Sep 18, 2017
    #176
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    Separate zones for subdomains are not needed. All you have to do is to add the subdomain as a-record to the zone of the domain. If thst did not work your you, then you either had a typo in the subdomain record (like using a fqdn without dot at the end) or you did not wait until the dns changes were propagated to all caching servers (which might take 24 hours).
     
    till, Sep 18, 2017
    #177
  18. HSorgYves

    HSorgYves Active Member HowtoForge Supporter

    I could access panel.tsictdiensten.nl without trouble when I said that the DNS was setup correctly. Not sure though if this was before or after the zone creation...
     
    HSorgYves, Sep 18, 2017
    #178
  19. adamjedgar

    adamjedgar Member

    glad a newbie like myself could be of help. Its surprising sometimes how easily we can get tangled up in coding for solutions, and neglect something as basic as our zone file records.

    years ago, as a teenager who had just left school, i worked for a family friend in his lawn mower repair shop. The first thing he used to always get me to do whenever anyone came in and said "my lawn mower wont start" was to "open the tank and check it had fuel in it".
    You would be surprised how often this is exactly what the problem with a broken lawnmower was ;)
     
    adamjedgar, Sep 19, 2017
    #179
  20. Tuumke

    Tuumke Active Member

    Have both A and AAA record, didnt work until i created a zone for panel.domain.com
     
    Tuumke, Sep 19, 2017
    #180
Page 9 of 20

Share This Page