Server-level Class1 SSL Certificate

ISPConfig version: 3.1.1
Server: Ubuntu 16.04 (64-bit)

I have recently set up a new server, following the instructions in this tutorial: https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/.

I want to replace the self-signed certificate in /usr/local/ispconfig/interface/ssl/ with a full certificate. Should I get a free StartSSL Class 1 certificate and install it as described in the rather old tutorial https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl? Or would it be better to get a Let'sEncrypt certificate, now that Let's Encrypt is installed in ISPConfig 3.1?

If I go down the Let'sEncrypt route, how exactly should I do it? I think the ISPConfig interface only provides for creating certificates for individual websites, so presumably the server-level certificate would have to be created from the command line. I don't want to do anything that might mess up the existing functionality!

Any help would be much appreciated.
Phil

 

Hi Phil,

Take a look at the following post where the method I used is detailed using a Let's Encrypt certificate:

https://www.howtoforge.com/communit...-control-panel-certificate.74113/#post-348752

This method basically makes the control panel use the same certificate created for the domain used to access it. For example if you access your control panel at https://www.mydomain.com:8080 then you tell the control panel to use the certificate for www.mydomain.com.

There are only a couple of steps to get this working and it would be very easy to undo if you had an issue.

 

so, what would you do on a server with multiple vhosts?

 

Thank you! That's very helpful. It would be good if this could be integrated into the Control Panel interface, which should be quite straightforward as the control panel knows what domain it is using.