Hi. When I tried access the website (https://myispconfig.domain.com:8080), it's using the correct SSL certificate issued by LetsEncrypt. However, when I tried to access https://myispconfig.domain.com (port 443), it uses the SSL certificate from one of the Web Domain Sites. How do I fix this? Where to look to fix this? Any guidance is greatly appreciated. Thanks in advance...
Basically you should not create a website using your server FQDN especially if you are using acme.sh as LE client because it doesn't symlink but instead copy the LE certs from acme.sh folder to ISPConfig SSL folder. Activating LE certs for website under the same FQDN will break the ISPConfig default settings for the server and vice versa if you use ISPConfig update to fix the same for the server.
thanks for the quick reply. I sort of understand what you are saying. I didn't intend to create https://myispconfig.domain.com:443. How do I fix it so it doesn't not respond to https://myispconfig.domain.com:443, but still responds to other Websites?
A server responds to any domain or subdomain that points to it. If the domain or subdomain does not exist in the apache or nginx config, then the web server will display the first site it finds in alphabetical order instead (as described in the read before posting post). What you can do is to add a default vhost to catch these requests, this default vhost must be first in alphabet to catch all requests and it must have SSL enabled with a SSL cert, e.g. a self-signed SSL cert. You can e.g. use a domain name like "000-default.tld" for it. But be aware that anyone who tries to access a non existing website then will get an SSL error of course, there is no real way to avoid this as SSL certs must contain the domains and the purpose of the default vhost is to catch unknown domains, so there is no way to match SSL cert and default vhost. If you just want to handle requests for the system hostname, you can try this method: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ But this changes the whole way SSL is set up for ISPCOnfig itself, due to the restrictions in acme.sh that @ahrasis mentioned.
Alternatively, I think to solve this matter (other than with what were already advised by @till above) is by manually creating a vhost for that server FQDN redirecting both its http and https back to its port 8080.
