Discussion in 'Installation/Configuration' started by johannes1985, Aug 29, 2019.
to use it for pure-ftpd for example.
pub ip 1 nat to web1 server (80 & 443)
BUT pub ip 1 also nat , BUT to webmaster server (8080) (our ispconfig panel ;-))
pub ip 2 nat to web2 server (80 & 443)
pub ip 3 nat to web3 server (80 & 443)
Then you will need to use shared storage so the panel can use a cert that is acquired by web1.
so i can acquire cert with web1 (server) like a site ... then push the cert to webmaster ?
Yes, with something like a shared filesystem. But you could also copy the files with a script.
what and where must i copy ?
i try with web1 , it's ok , cert is in ./live folder.
But next , where (and what file exactly) must i copy to webmaster server ?
i must do that :
and i think that , direvent or incrond, could perfectly do the job.
when certbot renew, direvent copy cert to target server.
So far that I am concerned, I already submitted all code to the git to allow any ISPConfig server install to generate its own Let's Encrypt for 3.1 either using acme.sh or certbot and they had been ready for quite some times but I am not sure why they are kept on hold or postponed by the developers from one released to another.
I didn't upgrade my LE4ISPC scripts simply because they will definitely become obsolete and useless as all of the submitted code in the ISPConfig git are already ready to be used, so I don't want to waste more of my time on it.
The developers may say they have their own reasons for keeping users waiting and asking about these same problems again and again and again but for me I think I am done with it as it is hard to help when the key people in my opinion are being too subjective, prejudice and not appreciative.
The problem is that you did not submit that code into the 3.1 code base as far as I can see, so please don't blame us for that as there is no code or script provided by you that we could have released. I asked you some time ago if you are really sure that you submitted it all into 3.1 as I was not able to find it and as it did not work when I tested it or to be more precise, I could not test it as it was non existant. See discussions in your MR against the master (3.3 base) and not the stable code base: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/911
you told me that that the code is there.
So here my question again, please double-check that you submitted it into stable-3.1 branch. I can see your code in master:
But it's not in stable-3.1 branch:
and we can't simply merge that automatically from 3.3 branch into 3.1 branch, that's why you should have resubmitted it into 3.1 to get it released.
The reason is that you did not submit it into the release code branch yet, so not we keep users waiting here. Please don't blame us for that.
If you want to get that function released, port your code from 3.3 to 3.1 branch, make a merge request, and if you do that within the next week, it will make it even into the 3.2 release where I'll release the first beta next week.
the deal that work for me. :
install incrontab on servers that can ask lets encrypt cert(push servers) : like a crontab , but this code can detect if cert. are renewed.
then create a little bash script which copy new cert with nfs mount to target server.
servers with no ability to challenge cert. lets encrypt are the targets.(e.g. my ispconfig server hosting panel)
I had done MR for both since the very beginning as you did advise to put up for both and the developers will choose which one to commit.
Details of my codes and responses to yours, other developers and concerned parties are in the git links below.
For stable 3.1
For master (already merged)
Please don't put a blame on me as I am just a contributor, not your developers and I do not know how you all work and nobody like me does too.
People can follow the above links themselves. The facts will speak for themselves.
Separate names with a comma.