Hi, when i'll update to 3.1 later next week, what is the order with a fresh letsencrypt installation on this server? Should i install lets encrypt first or ispconfig 3.1 update first? Do you publish a HowTo for the update process from 3.0.5.4p9 to 3.1?
it shouldn't matter. Just when you try to generate a cert you should have LE installed and made that dry run which creates necessary config stuff.
I recommend that you go trough the new ISPConfig 3.1 perfect server tutorials that I've published over the last weeks and install LE as shown there. you might want to install also other packages that got added but the old and new system requirements are really similar, so ISPConfig 3.1 will work on a server that has been installed for ISPConfig 3.0.
Hi, thx for the info. I have another question for the following scenario: I have a server named server.domain.com. On this server postfix and dovecot are installed. For that the mx-entry in DNS is mail.domain.com Is it possible with ispconfig to create and renew the certificate for mail.domain.com automatically, which are used from postfix and dovecot? or is there another way to create and renew certificates automatically for mail.domain.com with lets encrypt on a ispconfig installation? Best regards Chico
Urrah. so i have to use another cert auth for that? Or is it possible to set a cronjob for Let's Encrypt beside the ISPconfig configuration which will do the job?
You can use letsencrypt, but you have to take care of cert creation and renewal manually e.g. by creating a custom script or cronjob.
Hi Till, do you think this is an adequate workaround with ispconfig 3.1? : I create a subdomain (vhost) with ipsconfig named "mail" for domain.com. The I let ispconfig create a let's Encrypt SSL certificate for mail.domain.com and ispconfig will renew this Cert periodically like for all other certs. Then i set the postfix and dovecot confs to: /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.com/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem /etc/imapd.conf: tls_ca_file: /etc/letsencrypt/live/mail.domain.com/chain.pem tls_cert_file: /etc/letsencrypt/live/mail.domain.com/cert.pem tls_key_file: /etc/letsencrypt/live/mail.domain.com/privkey.pem At least i set a cronjob to restart postfix and dovecot once a week to reload the certificate.
