Encrypting CLIENTS SITES with Let's Encrypt

Discussion in 'Installation/Configuration' started by snowweb, Aug 19, 2020.

  1. snowweb

    snowweb Member

    I've successfully followed the tutorial Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate. ISPConfig is now secured nicely.

    Now I need to do the same for each of the clients sites (this particularly needs to cover there http://webmail.<client_domain> (which will point to there Roundcube). I guess it will also be available to be used by their website too if needed.

    I have checked the box to enable "SSL" and also "Let's Encrypt" under "sites" for my test client, but this is using the certificate issued for my ISPConfig site which will cause the customers to have to accept dia warnings before accessing their webmail. I'd like to avoid that, so I think I need to create individual Let's Encrypt certificates for each client.

    I have looked for a tutorial on how to do that for sites created on ISPConfig 3.1 but not found one. I have found this one Getting started with Let's Encrypt SSL Certificates on Ubuntu. Should I follow it? It mentions that if using ISPConfig it should not be followed since we should just wait for 3.1 to come out which will do it automatically.

    Sorry, I'm a bit confused. Please advise! Thanks.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    All you have to do is to enable the SSL and Let's encrypt checkbox in the website settings of the site and then press save button. Do not use the guide that you posted a link to, it will just break your setup and is not needed anyway as everything that's needed is covered by the ISPConfig perfect server install guide.
  3. snowweb

    snowweb Member

    I remember checking those two boxes, but upon checking, it seems like I must of moved on without clicking "Save"! I feel pretty dumb for doing that!

    I've just retested the test domain and it's working great. Much better than I thought... no errors, no warnings and the certificate is reports that it's issued to my test domain (not shared). I'm well impressed with that.

    Thanks for pointing me back to those check boxes and sorry to bother you.

Share This Page