update to ispconfig 3.1 and lets encrypt install

Discussion in 'ISPConfig 3 Priority Support' started by chico11mbit, Aug 5, 2016.

  1. chico11mbit

    chico11mbit Member

    when i'll update to 3.1 later next week, what is the order with a fresh letsencrypt installation on this server? Should i install lets encrypt first or ispconfig 3.1 update first?

    Do you publish a HowTo for the update process from to 3.1?
  2. sjau

    sjau Local Meanie Moderator

    it shouldn't matter. Just when you try to generate a cert you should have LE installed and made that dry run which creates necessary config stuff.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I recommend that you go trough the new ISPConfig 3.1 perfect server tutorials that I've published over the last weeks and install LE as shown there. you might want to install also other packages that got added but the old and new system requirements are really similar, so ISPConfig 3.1 will work on a server that has been installed for ISPConfig 3.0.
  4. chico11mbit

    chico11mbit Member

    thx for the info.
    I have another question for the following scenario:
    I have a server named server.domain.com. On this server postfix and dovecot are installed. For that the mx-entry in DNS is mail.domain.com
    Is it possible with ispconfig to create and renew the certificate for mail.domain.com automatically, which are used from postfix and dovecot? or is there another way to create and renew certificates automatically for mail.domain.com with lets encrypt on a ispconfig installation?

    Best regards
  5. till

    till Super Moderator Staff Member ISPConfig Developer

  6. chico11mbit

    chico11mbit Member

    Urrah. so i have to use another cert auth for that? Or is it possible to set a cronjob for Let's Encrypt beside the ISPconfig configuration which will do the job?
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    You can use letsencrypt, but you have to take care of cert creation and renewal manually e.g. by creating a custom script or cronjob.
  8. chico11mbit

    chico11mbit Member

    Hi Till,
    do you think this is an adequate workaround with ispconfig 3.1? :

    I create a subdomain (vhost) with ipsconfig named "mail" for domain.com. The I let ispconfig create a let's Encrypt SSL certificate for mail.domain.com and ispconfig will renew this Cert periodically like for all other certs. Then i set the postfix and dovecot confs to:
    smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.com/fullchain.pem
    smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem

    tls_ca_file: /etc/letsencrypt/live/mail.domain.com/chain.pem
    tls_cert_file: /etc/letsencrypt/live/mail.domain.com/cert.pem
    tls_key_file: /etc/letsencrypt/live/mail.domain.com/privkey.pem

    At least i set a cronjob to restart postfix and dovecot once a week to reload the certificate.
    Last edited: Aug 8, 2016

Share This Page