Hi, I'm using ISPConfig 3.2.2 on a multi server setup. I have been using wildcards SSL for few years now. I heard that I can use letsencrypt for all ISPConfig services. Can anyone confirm if I wll be able to secure: webmail, IMAP, POP, SMTP, FTP with letsencrypt?
Yes you can. Wildcard certificates I think do not work on ISPConfig using Let's Encrypt. https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ Found that using Internet Search Engines with Code: secure: webmail, IMAP, POP, SMTP, FTP with letsencrypt? site:howtoforge.com
Run an ISPConfig update and choose to recreate the SSL cert during update, this will create a let#s encrypt cert for the hostname and install it for all services.
I can verify that one can use LE wildcard certificates with ISPConfig server and its services as I am using them since they were made available and I did share the methods of obtaining the same in one thread. And as they used dns challenge, they work from multiple servers behind a nat router easily without needing for any proxies or having own public ip for each server. The only gotcha is though the above may work with some tweaks this dns challenge method is yet to be written and integrated into ISPConfig as it was deemed neither urgent nor important, or I think it is like that, still.
This will be done automatically? Sure it will install SSL for mail and FTP and websites? I have a multi server setup, mail is on a separate server.
A certificate for the server hostname can be setup automatically, and put in place for mail and ftp and the control panel website; website you add via the control panel are setup differently. When you have multiple servers, each will need their own certificate setup, which does require http access to the server (eg. if you have a network firewall it may port forwards, those would need configured for your mail server as well).
Depending on your LE client (as I only tested using certbot), dns server and its plugin, I think I can guide, if that what you are asking. The key is installing them right after you have built minimal server but before following any of ISPConfig PST. Basically ISPConfig will detect if the LE certs (wildcard or not) for your hostname fqdn are already available and use it for your server and all its services. It will be a lot tricky for acme.sh if you choose to use it since ISPConfig will basically install them to its SSL folder instead of just linking them there, so to avoid headache I won't be supporting it as I consider that as some sort of coding bug that prevents certs for ISPConfig server to be pre-installed.
Great! I have the wildcard with me. Can you please guide me how to install it? Let's start with FTP. I didnt know how to merge the files and make a pem. I have the request and the chain files.
Would you be interested in helping me fixing some stuff please? I will be more than glad to pay for the efforts/time spent.
