SSL to access ispconfig pannel

Discussion in 'Installation/Configuration' started by mbensoussan, Oct 14, 2019.

  1. mbensoussan

    mbensoussan New Member

    I just install a new server on Ubuntu 18.04 with ispconfig 3.
    i have create a website and it's work perfectly (ssl for the website is working)
    but when i try to connecte to my ispconfig pannel with : https://FQDN:8080 it's say that the site is not securised.
    i read a lot of post and nothing work.
    someone can help me ?

    my website domain is like :
    my server hostname is like :
  2. ahrasis

    ahrasis Well-Known Member

  3. mbensoussan

    mbensoussan New Member

    Thx i'm on it !
    but it's not work.

    1) i have create a new website in ispconfig with domain :
    Option : Auto subdomain : none, php disable, SSL et let's encrypt ticked
    after that, i go to ssl Create SSL certificate.

    I see the new certificate in /etc/letsencrypt/live/

    i run this command to make the link enable :
    cd /usr/local/ispconfig/interface/ssl/
    mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
    mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
    ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
    ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
    cat ispserver.{key,crt} > ispserver.pem
    chmod 600 ispserver.pem

    When i connect, i see on google chrome unsecure website.
    but the certificat seems to be valide... strange no ?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. mbensoussan

    mbensoussan New Member

    it's work now ! thank you.
    it's my browser cache.
    But it's strange that we have to create a fake website to allow to connect to a secure SSL. it's my point of view.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not a fake website, its the central website for your server hostname and SSL certs from LE are authorized against that site. You could have simply bought an SSL cert from e.g. comodo instead, then this website is not needed. So you have plenty of options to get an official validated SSL cert, with and without a website for the server name, creating that website is just the easiest way to get one for free. And btw, your server was completely secure before that as well, a self-signed SSL cert is not less secure, the encryption level is exactly the same, its just a matter that you have to trust it and as you created it yourself, you should trust it ;)
  7. mbensoussan

    mbensoussan New Member

    thank you for all you answer !

Share This Page