I am running NGINX on debian 9 and was attempting to get SSL working on Roundcube with: https://www.howtoforge.com/community/threads/enable-ssl-on-roundcube.77627/ When I go to https://mydomain.com:8081/squirrelmail/ I get Your connection is not secure The owner of mydomain.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Not sure what went wrong. Is there a newer information on this?
neither do we, check the configured files for your ssl, check the path / follow symlinks and check the ssl is indeed valid for that domain. if not, change it. all I can guess now.
Thanks for the reply. I an not following you. Are you saying that nobody has been able to encrypt roundcube or ??? I can say that Let's Encrypt works fine on the webserver and any file configuration was performed during the installation. Do I just need a directive or??
no not what I meant, just there nothing we can do. You basically said: it doesn't work. And asked: why? no way to help you except hinting to check the configured vhost on your side wether the desired requests actually goes into the block you defined on nginx. maybe increase debugging level and you can see on the logs which is used / causing the response you see.
Like anything if you can ask the right question you can probably come up with the answer. https://www.howtoforge.com/community/threads/enable-ssl-on-roundcube.77627/ I am trying to use Let's Encrypt if I can but this appears to be a little different. Is this the best way to go about it?
If you want to have SSL on the apps vhost, then you'll have to modify the apps vhost config and enable SSL there. The alternative would be to add a website like webmail.yourdomain.tld in ISPConfig, enable SSL in that website and then install RoundCube into that site instead of using the global installation. This has pros and cons, on the plus side, you have that you'll get the latest Roundcube version when you install it manually and you get rid of the port 8081 in the URL and SSL can be enabled with a simple checkbox, on the negative side you have that you must install Roundcube updates manually.
Thanks for the reply. I must be doing something wrong. It does not appear that it is working with Let's encrypt. I keep getting a security exception when I attempt to access the page. mydomain.com:8081 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is not valid for the name mydomain.com. Error code: SEC_ERROR_UNKNOWN_ISSUER Is this normal and/or will this work with Let's Encrypt? Code: cat apps.vhost server { listen 8081; listen [::]:8081 ipv6only=on; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; # redirect to https if accessed with http #error_page 497 https://$host:{vhost_port}$request_uri; server_name _; root /var/www/apps; client_max_body_size 100M; location / { index index.php index.html; } Thanks for your help
The self signed certificate is not made with Let's Encrypt. The vhost file looks like it is indeed using the self signed cert. Decide which yuo want to use. @till adviced one way to use LE. There is a thread by @ahrasis on how to use LE for ISPConfig panel and other services.