I notice ISPConfig Auto Installer is setting the repository when it is used but the setup repo is still using http, while I think it shoud be safer to use https by default, shouldn't it?
iirc, until a few years ago, https wasn't supported out of the box for apt. But it is nowadays, so we could/should change that. Will discuss it.
I discussed it and the problem is that not all images include the package apt-transport-https. So it is not a good idea to do this by default. And it doesn't improve much security wise, I can explain that but as I'm lazy, see https://askubuntu.com/a/146117
Quite a decade old opinion to hold on to but I guess it could still be good nonetheless despite whatever have changed and developed ever since.
Some installations may not want to use https, if they have cache servers set up. From the same thread @Th0m referred to in #3: Cache for https traffic does not work, since the files are encrypted and different for each downloader.
And vice versa, thus, very much arguable but I can accept default repository settings by ISPConfig Auto Installer which is with no https as an admin can change that manually if he prefers otherwise but preferably it should not change what admin have set in his server preferred repository prior to running the Auto Installer as discussed somewhere before. However, I am not sure about the cache servers you were saying or the proxy servers that the writer were talking about a decade ago which I hope can be explained about its relation here since so far all posts or responses I have been reading regarding to the use of https vs http for apt repository didn't touch much about this. If anyone interested to know about why I suggest the use of https in apt repository in this thread, just google "apt repository http vs https" and he should find the various anwsers for why or why not.