Hello there. I have a ISPConfig behind a router. Ports 53/80/443/8080 are forwaded to the ISPConfig. I have a dns entry "web.mydomain.fr" going to my IP address. And it shows me the default apache page (seems logic on port 80). When I try to access "https://my-ip:8080" or "https://web.mydomain.fr:8080", I get to the ispconfig interface but the SSL shows as "Not secure, blablabla". I think it's because I don't get to the domain name on the 80 port, I tried several things, editing the 000-default.conf in /etc/apache2/sites-enabled/ Following theses exemples : https://serverfault.com/questions/1...omains-to-a-different-port-on-the-same-server but it didn't worked, and I had a 500 error, misconfiguration, blabla. So my question is, how do I get to the ISPConfig Interface with my "web.mydomain.fr" url, and how do I get the let's encrypt SSL OK ? The /var/log/apache2/error.log shows : Code: [Thu Jul 13 16:23:27.564093 2017] [ssl:error] [pid 986] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=web.imperial-legion.fr,OU=IT,O=Imperium,L=Lyon,ST=Rhone-Alpes,C=FR / issuer: [email protected],CN=web.imperial-legion.fr,OU=IT,O=Imperium,L=Lyon,ST=Rhone-Alpes,C=FR / serial: 8A3B3FCDFB810110 / notbefore: Jul 13 13:21:18 2017 GMT / notafter: Jul 11 13:21:18 2027 GMT] [Thu Jul 13 16:23:27.564107 2017] [ssl:error] [pid 986] AH02567: Unable to configure certificate web.imperial-legion.fr:8080:0 for stapling The ISPConfig diagnostic script : Code: ##### ISPCONFIG ##### ISPConfig version is 3.1.5 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.6.30-0+deb8u1 [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.30-0+deb8u1 ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 986) [INFO] I found the following mail server(s): Postfix (PID 1476) [INFO] I found the following pop3 server(s): Dovecot (PID 662) [INFO] I found the following imap server(s): Unknown process (init) (PID 1) [INFO] I found the following ftp server(s): PureFTP (PID 1381) ##### LISTENING PORTS ##### (seulement () Adresse (distante) [anywhere]:465 (1476/master) [anywhere]:27665 (1383/portsentry) [anywhere]:1524 (1383/portsentry) [anywhere]:21 (1381/pure-ftpd) ***.***.***.***:53 (620/named) [localhost]:53 (620/named) [anywhere]:22 (617/sshd) [anywhere]:119 (1383/portsentry) [anywhere]:1080 (1383/portsentry) [anywhere]:25 (1476/master) [anywhere]:12345 (1383/portsentry) [localhost]:953 (620/named) [anywhere]:12346 (1383/portsentry) [anywhere]:635 (1383/portsentry) [anywhere]:49724 (1383/portsentry) [anywhere]:540 (1383/portsentry) [anywhere]:1 (1383/portsentry) [anywhere]:993 (1/init) [anywhere]:20034 (1383/portsentry) [anywhere]:32771 (1383/portsentry) [anywhere]:995 (662/dovecot) [anywhere]:32772 (1383/portsentry) [anywhere]:40421 (1383/portsentry) [anywhere]:32773 (1383/portsentry) [anywhere]:32774 (1383/portsentry) [localhost]:10023 (751/postgrey.pid) [localhost]:10024 (1256/amavisd-new) [anywhere]:41256 (579/rpc.statd) [localhost]:10025 (1476/master) [anywhere]:31337 (1383/portsentry) [localhost]:10026 (1256/amavisd-new) [localhost]:3306 (979/mysqld) [localhost]:10027 (1476/master) [anywhere]:587 (1476/master) [anywhere]:6667 (1383/portsentry) [anywhere]:11 (1383/portsentry) [localhost]:11211 (613/memcached) [anywhere]:5742 (1383/portsentry) [anywhere]:110 (662/dovecot) [anywhere]:79 (1383/portsentry) [anywhere]:15 (1383/portsentry) [anywhere]:143 (1/init) [anywhere]:111 (566/rpcbind) [anywhere]:54320 (1383/portsentry) [anywhere]:2000 (1383/portsentry) [anywhere]:10000 (999/perl) *:*:*:*::*:465 (1476/master) *:*:*:*::*:8081 (986/apache2) *:*:*:*::*:21 (1381/pure-ftpd) *:*:*:*::*:53 (620/named) *:*:*:*::*:22 (617/sshd) *:*:*:*::*:25 (1476/master) *:*:*:*::*:953 (620/named) *:*:*:*::*:443 (986/apache2) *:*:*:*::*:993 (1/init) *:*:*:*::*:995 (662/dovecot) *:*:*:*::*:54787 (579/rpc.statd) *:*:*:*::*:10023 (751/postgrey.pid) *:*:*:*::*:10024 (1256/amavisd-new) *:*:*:*::*:10026 (1256/amavisd-new) *:*:*:*::*:587 (1476/master) [localhost]10 (662/dovecot) [localhost]43 (1/init) [localhost]11 (566/rpcbind) [localhost]0000 (999/perl) *:*:*:*::*:8080 (986/apache2) *:*:*:*::*:80 (986/apache2) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpts:11000:11100 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 ACCEPT udp -- [anywhere]/0 [anywhere]/0 limit: avg 1/sec burst 5 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 limit: avg 1/sec burst 5 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:123 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21
If you wanna use DNS-01 challenge metho with acme.sh look here: https://www.howtoforge.com/communit...utomated-dns-01-challenge-for-ispc-3-1.74850/ Otherwiese there's a good guide with certbot: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/