(SOLVED) ISPConfig Interface 8080 with domain-name and let's encrypt SSL

Hello there. I have a ISPConfig behind a router.
Ports 53/80/443/8080 are forwaded to the ISPConfig.

I have a dns entry "web.mydomain.fr" going to my IP address. And it shows me the default apache page (seems logic on port 80).

When I try to access "https://my-ip:8080" or "https://web.mydomain.fr:8080", I get to the ispconfig interface but the SSL shows as "Not secure, blablabla".

I think it's because I don't get to the domain name on the 80 port, I tried several things, editing the 000-default.conf in /etc/apache2/sites-enabled/
Following theses exemples : https://serverfault.com/questions/1...omains-to-a-different-port-on-the-same-server
but it didn't worked, and I had a 500 error, misconfiguration, blabla.

So my question is, how do I get to the ISPConfig Interface with my "web.mydomain.fr" url, and how do I get the let's encrypt SSL OK ?

The /var/log/apache2/error.log shows :

Code:

[Thu Jul 13 16:23:27.564093 2017] [ssl:error] [pid 986] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=web.imperial-legion.fr,OU=IT,O=Imperium,L=Lyon,ST=Rhone-Alpes,C=FR / issuer: [email protected],CN=web.imperial-legion.fr,OU=IT,O=Imperium,L=Lyon,ST=Rhone-Alpes,C=FR / serial: 8A3B3FCDFB810110 / notbefore: Jul 13 13:21:18 2017 GMT / notafter: Jul 11 13:21:18 2027 GMT]
[Thu Jul 13 16:23:27.564107 2017] [ssl:error] [pid 986] AH02567: Unable to configure certificate web.imperial-legion.fr:8080:0 for stapling

The ISPConfig diagnostic script :

Code:

##### ISPCONFIG #####
ISPConfig version is 3.1.5


##### VERSION CHECK #####

[INFO] php (cli) version is 5.6.30-0+deb8u1
[INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.30-0+deb8u1

##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
        Apache 2 (PID 986)
[INFO] I found the following mail server(s):
        Postfix (PID 1476)
[INFO] I found the following pop3 server(s):
        Dovecot (PID 662)
[INFO] I found the following imap server(s):
        Unknown process (init) (PID 1)
[INFO] I found the following ftp server(s):
        PureFTP (PID 1381)

##### LISTENING PORTS #####
(seulement              ()
Adresse         (distante)
[anywhere]:465          (1476/master)
[anywhere]:27665                (1383/portsentry)
[anywhere]:1524         (1383/portsentry)
[anywhere]:21           (1381/pure-ftpd)
***.***.***.***:53              (620/named)
[localhost]:53          (620/named)
[anywhere]:22           (617/sshd)
[anywhere]:119          (1383/portsentry)
[anywhere]:1080         (1383/portsentry)
[anywhere]:25           (1476/master)
[anywhere]:12345                (1383/portsentry)
[localhost]:953         (620/named)
[anywhere]:12346                (1383/portsentry)
[anywhere]:635          (1383/portsentry)
[anywhere]:49724                (1383/portsentry)
[anywhere]:540          (1383/portsentry)
[anywhere]:1            (1383/portsentry)
[anywhere]:993          (1/init)
[anywhere]:20034                (1383/portsentry)
[anywhere]:32771                (1383/portsentry)
[anywhere]:995          (662/dovecot)
[anywhere]:32772                (1383/portsentry)
[anywhere]:40421                (1383/portsentry)
[anywhere]:32773                (1383/portsentry)
[anywhere]:32774                (1383/portsentry)
[localhost]:10023               (751/postgrey.pid)
[localhost]:10024               (1256/amavisd-new)
[anywhere]:41256                (579/rpc.statd)
[localhost]:10025               (1476/master)
[anywhere]:31337                (1383/portsentry)
[localhost]:10026               (1256/amavisd-new)
[localhost]:3306                (979/mysqld)
[localhost]:10027               (1476/master)
[anywhere]:587          (1476/master)
[anywhere]:6667         (1383/portsentry)
[anywhere]:11           (1383/portsentry)
[localhost]:11211               (613/memcached)
[anywhere]:5742         (1383/portsentry)
[anywhere]:110          (662/dovecot)
[anywhere]:79           (1383/portsentry)
[anywhere]:15           (1383/portsentry)
[anywhere]:143          (1/init)
[anywhere]:111          (566/rpcbind)
[anywhere]:54320                (1383/portsentry)
[anywhere]:2000         (1383/portsentry)
[anywhere]:10000                (999/perl)
*:*:*:*::*:465          (1476/master)
*:*:*:*::*:8081         (986/apache2)
*:*:*:*::*:21           (1381/pure-ftpd)
*:*:*:*::*:53           (620/named)
*:*:*:*::*:22           (617/sshd)
*:*:*:*::*:25           (1476/master)
*:*:*:*::*:953          (620/named)
*:*:*:*::*:443          (986/apache2)
*:*:*:*::*:993          (1/init)
*:*:*:*::*:995          (662/dovecot)
*:*:*:*::*:54787                (579/rpc.statd)
*:*:*:*::*:10023                (751/postgrey.pid)
*:*:*:*::*:10024                (1256/amavisd-new)
*:*:*:*::*:10026                (1256/amavisd-new)
*:*:*:*::*:587          (1476/master)
[localhost]10           (662/dovecot)
[localhost]43           (1/init)
[localhost]11           (566/rpcbind)
[localhost]0000         (999/perl)
*:*:*:*::*:8080         (986/apache2)
*:*:*:*::*:80           (986/apache2)

##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            state RELATED,ESTABLISHED
ACCEPT     all  --  [anywhere]/0            [anywhere]/0
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpts:11000:11100

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp flags:0x17/0x02 limit: avg 1/sec burst 5
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            limit: avg 1/sec burst 5
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8 limit: avg 1/sec burst 5
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp flags:0x17/0x04 limit: avg 1/sec burst 5

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            state RELATED,ESTABLISHED
ACCEPT     all  --  [anywhere]/0            [anywhere]/0
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:123
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21

 

If you wanna use DNS-01 challenge metho with acme.sh look here:

https://www.howtoforge.com/communit...utomated-dns-01-challenge-for-ispc-3-1.74850/

Otherwiese there's a good guide with certbot:

https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/

 

I will check this out thanks.