Hi I have installed ispconfig 3.2.x and debian 9 in my server. When I activate a website I correctly get the lets' encrypt ssl certificate on the https: // domain but not on the mail service or on the control panel port 8080 where a security problem is instead shown due to the self-signed certificate. I tried to reinstall ispconfig 3.2 by setting yes to the various steps to activate the ssl again but the result is always negative. Can anyone help me by indicating the correct procedure to activate let's encrypt for mail and port 8080?
Do a force update and let it configure a new cert: Code: ispconfig_update.sh --force If this does not work, share the output shown when updating.
Hi Thanks for your reply using the command ispconfig_update.sh --force I get Code: Select update method: Stable Recofigure permission in master database:no Service firewall_server: no Reconfigure service: yes Ispconfig port :8080 Create new ispconfig Ssl certificate: yes Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for ns3043849.ip-176-31-233.eu Using certificate path /etc/letsencrypt/live/ns3043849.ip-176-31-233.eu Using apache for certificate validation Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal Keeping the existing certificate Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Checking / creating certificate for ns3043849.ip-176-31-233.eu Using certificate path /etc/letsencrypt/live/ns3043849.ip-176-31-233.eu Using apache for certificate validation Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Cert not yet due for renewal Keeping the existing certificate Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... PHP Warning: Packets out of order. Expected 1 received 0. Packet size=30 in /tmp/update_runner.sh.eJd0JE88Vi/install/lib/mysql.lib.php on line 207 Update finished. root@ns3043849:~# PHP Warning: Packets out of order. Expected 1 received 0. Packet size=30 in /tmp/update_runner.sh.eJd0JE88Vi/install/lib/mysql.lib.php on line 207 -bash: PHP: comando non trovato
let's encrypt works only in the https:// In the Port 8080 and the mail it's shown an untrusted self-signed certificate
Code: Last login: Sat Feb 6 13:35:55 2021 from 79.00.000.00 root@ns000000:~# ls -la /usr/local/ispconfig/interface/ssl totale 40 drwxr-s--- 2 root root 4096 feb 6 09:23 . drwxr-s--- 9 ispconfig ispconfig 4096 feb 6 09:18 .. -rwxr-x--- 1 root root 45 feb 6 09:23 empty.dir lrwxrwxrwx 1 root root 62 feb 6 09:23 ispserver.crt -> /etc/letsencrypt/live/ns3043849.ip-176-31-233.eu/fullchain.pem lrwxrwxrwx 1 root root 62 feb 6 09:17 ispserver.crt-20210206092326.bak -> /etc/letsencrypt/live/ns3043849.ip-176-31-233.eu/fullchain.pem lrwxrwxrwx 1 root root 60 feb 6 09:23 ispserver.key -> /etc/letsencrypt/live/ns3043849.ip-176-31-233.eu/privkey.pem lrwxrwxrwx 1 root root 60 feb 6 09:17 ispserver.key-20210206092326.bak -> /etc/letsencrypt/live/ns3043849.ip-176-31-233.eu/privkey.pem -rwxr-x--- 1 root root 3172 feb 6 09:23 ispserver.pem -rwxr-x--- 1 root root 7082 feb 6 09:17 ispserver.pem-20210206092326.bak
These are the certificates that are shown if it helps https://mygrashop.it Code: Organization: Let's Encrypt Location: US Valid from October 7, 2020 to September 29, 2021 Serial Number: 400175048314a4c8218c84a90c16cddf Signature Algorithm: sha256WithRSAEncryption Email, ftp or port 8080 Code: Certificate: Data: Version: 3 (0x2) Serial Number: 96:c7:dc:b5:7a:08:0e:4d Signature Algorithm: sha256WithRSAEncryption Issuer: C=--, ST=Germany, L=lim1, O=--, OU=--, CN=ns3135929.ip-51-77-65.eu/[email protected] Validity Not Before: Jan 30 10:07:39 2019 GMT Not After : Jan 27 10:07:39 2029 GMT Subject: C=--, ST=Germany, L=lim1, O=--, OU=--, CN=ns3135929.ip-51-77-65.eu/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b0:f2:11:1b:29:9e:1b:76:c8:1c:ce:0f:b4:1f: ec:52:45:b7:95:65:72:e2:e8:1b:3f:03:86:bb:db: 2f:95:36:54:b9:ff:e7:96:a7:d7:a0:00:07:44:fb: 40:70:71:cb:a6:cf:ce:a5:9d:13:0d:df:37:31:97: cc:24:c7:a9:12:19:9f:64:1f:3b:ec:18:62:2e:82: 4b:fe:b6:ff:cd:3e:38:3a:0f:c5:b9:6f:22:2a:49: de:dd:8a:a4:ce:cc:66:cc:86:07:9d:ed:5c:bb:85: 84:60:f6:fe:77:de:5b:a5:bd:1f:0e:01:7b:fd:8c: 23:d6:10:df:4c:2b:1b:62:b0:79:5b:d8:92:ff:7b: 05:ff:28:04:20:0d:47:b8:85:1f:cd:b5:1a:a8:68: 5e:4d:3f:9d:75:1b:a3:29:89:ec:9e:e2:8c:d8:26: 84:4e:df:38:cd:6f:d2:62:64:95:6b:36:a1:c6:09: e3:9d:92:30:7a:c1:1a:ac:f8:5c:3a:2c:a9:16:63: e3:f3:2e:1b:6b:d7:7f:28:bc:b7:e2:22:54:2b:19: 25:ea:96:7e:ea:a2:43:31:4b:6d:e7:e7:4a:0b:8c: 07:2f:2a:74:51:12:41:1f:34:09:ee:e3:ab:34:d1: 9a:c4:d4:ac:51:b2:9c:df:53:27:df:3c:cd:79:e6: b7:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: BB:EB:D7:04:83:B9:4B:0C:CB:B8:DC:02:EA:F1:7D:62:17:E7:DF:E5 X509v3 Authority Key Identifier: keyid:BB:EB:D7:04:83:B9:4B:0C:CB:B8:DC:02:EA:F1:7D:62:17:E7:DF:E5 X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 11:87:91:a2:93:46:94:2c:8a:d2:51:1f:7d:97:fd:b0:83:97: 38:9a:0d:d3:a9:24:eb:a3:6a:12:54:28:4f:85:ba:4f:0f:01: 50:95:6a:7c:82:99:e3:33:20:27:e9:72:26:6e:01:80:df:4d: 03:78:aa:a0:b7:96:cf:02:d4:ae:8e:4a:78:f8:30:d0:26:fd: ec:0e:7a:2f:c3:96:11:e2:dc:8b:25:42:13:c9:e7:19:87:ed: 8c:08:f0:2e:ad:a8:c3:dd:9e:be:a9:40:1a:a4:98:db:a1:86: 3d:df:17:97:65:47:1a:5a:6b:60:4c:ae:a7:83:b7:77:63:01: fd:68:5c:d0:81:49:df:ec:af:4f:ff:82:b0:23:04:92:d1:aa: 38:fa:75:c8:e2:91:28:03:05:24:7e:fd:c5:e0:17:da:51:ec: b7:d8:2a:31:eb:f0:82:2f:8d:53:c9:ce:ea:61:c1:e6:81:7d: 76:64:32:3b:07:36:19:bc:7b:d7:f1:b4:36:70:a1:d9:46:7d: 6a:c3:b5:00:d0:94:f4:c1:7a:57:d3:7d:dd:69:a8:7f:af:45: d6:96:0f:1f:4f:3f:8b:fb:9e:be:ad:58:88:79:14:55:69:1e: 8f:00:b2:89:a9:bc:49:5a:f1:84:55:fe:af:40:bd:fe:a7:d3: 47:f2:6d:be
No at the moment I did a fresh install. Only changes made on the server Installing php 7.2 and 7.3 by following this tutorial https://www.howtoforge.com/tutorial...fig-3-from-debian-packages-on-debian-8-and-9/
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies with Zend OPcache v7.0.33-38+0~20210112.44+debian9~1.gbpab637c, Copyright (c) 1999-2017, by Zend Technologies
Very weird. According to your outputs, it is using a LE cert, but a self signed cert is served. Your hostname is weird aswell though, ns3043849.ip-176-31-233.eu - did your provider give you this? Can you create your own hostname, like server1.example.com, where example.com is your domain?
ns3043849.ip-176-31-233.eu it 's automatically generated in the initial phase when i install the "Debian 9 + ispconfig 3.2" pack available from my provider's panel ovh.com after that i can manage domains from ispconfig. My domain if you want to see is www.migratoria.it
I would not use that installer from OVH, especially because it still uses Debian 9. Better install Debian 10 and use the ISPConfig autoinstaller: https://www.howtoforge.com/community/threads/ispconfig-3-autoinstaller.86078/ (before running that autoinstaller, follow step 6 and 7 from https://www.howtoforge.com/tutorial/debian-minimal-server/#-configure-the-network)
