Centos, Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate

Discussion in 'ISPConfig 3 Priority Support' started by nmazza, Feb 20, 2018.

  1. nmazza

    nmazza Member HowtoForge Supporter

    This tutorial shows how to create and configure a free Let's encrypt SSL certificate for the ISPconfig interface (port 8080), the email system (Postfix and Dovecot/Courier), the FTP server (pure-ftpd) and Monit. The commands in this tutorial have been tested on Ubuntu 16.04, they should work for Debian as well.
    Certain modifications may be necessary to make it work on CentOS.
    Please, create a new tutorial on CentOS, I have some several problems with my clients on iPhone mobiles.
    I'll appreciate your cooperation
    Nestor Mazza
  2. nmazza

    nmazza Member HowtoForge Supporter

    Why, no answer
    I have several problems with many clients over Iphone email client.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You did not ask a specific support question, you just asked if someone could write a new tutorial for you, so which answer did you expect? Of course, someone from the ISPConfig community might write a tutorial for CentOS in future like the community member Ahrarsis did for Ubuntu and if that's the case, we will publish it at HowtForge. And did you follow that tutorial, I guess there are no differences for the mail system at all, just for the apache web server and for FTP.

    Back to your original issue, you seem to have a problem with some Iphones, so the first step to get help would be that you post the exact error message or a screenshot of that error message that your iphone shows when the error appears.
  4. nmazza

    nmazza Member HowtoForge Supporter


    I had wrote ...
    Since from 18th of December 2017, one day after, let's encrypt certificate renew.
    Ios mail client over iphone 6, 6plus, 7, 7plus and 5se
    says the following ...
    Let me show you 3 images.
    The domain is laviruta.com and the server domain is sofihacloud.com.ar
    At first I used another email client, spark for ios, and works fine,
    but some of my clients want use the ios mail client because is more familiar for them.

    and now there are another clients with another domains,
    For example: kiero.com.ar, osblyca.com.ar, inter-cargas.com, and so on.
    Please, see the images again...

    Attached Files:

  5. till

    till Super Moderator Staff Member ISPConfig Developer

  6. nmazza

    nmazza Member HowtoForge Supporter

    I'll test over this night, thanks
    After that I'll send you my coments.
    Nestor Mazza
  7. At the moment to restart Dovecot at section "Using The Same Let's Encrypt SSL Certs For Other Major Services" , my server broke down. Display a message that Dovecot couldn't start.
    And if I try to access my webpages display "ERR_CONNECTION_REFUSED"
    I remove the simulinks at this point. And return the certs to his original version.

    Please advise.
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Check that the cert you liked to actually exists and that the cert files are not empty.
  9. [email protected]:/etc/letsencrypt/live/fyde.com.mx# openssl verify -CAfile chain.pem cert.pem
    cert.pem: OK
    [email protected]:/etc/letsencrypt/live/fyde.com.mx# openssl verify -CApath chain.pem cert.pem
    CN = fyde.com.mx
    error 20 at 0 depth lookup: unable to get local issuer certificate
    error cert.pem: verification failed
    [email protected]:/etc/letsencrypt/live/fyde.com.mx#

    This happen in all domains.
    I can't access ispconfig, should manually create the certificates again?
    Please help.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    That's fine and not an issue, just a wrong test command. What you have to check is if the paths that you used in the deovecot.conf file exists and point to the ssl cert.

Share This Page