How to make the ISP panel work on https

Discussion in 'Installation/Configuration' started by kike28101, Mar 10, 2017.

  1. kike28101

    kike28101 New Member

    Hello everyone
    Could someone please tell me how to run the ISPConfig admin panel on https
    Or is there a tutorial that explains well how to configure

    I have made new installs to create panel certificate, but it does nothing. Ports 443 and 8080 are enabled on ISP firewall

    I have a SSL certificate purchased from Comodo Positive SSL that is installed on the web that is on the ISP server, but the admin panel does not work on https appears as not secure

    Server: vps203679.ovh.net (Debian Jessie) ISPConfig 3.1.2

    Thanks
     
  2. kerrsmith

    kerrsmith Member

    Hi kike28101, please see the thread below which explains how to do this using an SSL certificate already created for a domain on the server:

    https://www.howtoforge.com/communit...-let-encrypt-control-panel-certificate.74113/

    It is not difficult and only takes a couple of minutes to get working. Basically you create a certificate for the domain you wish to use to access your control panel then link the control panels SSL information to this certificate.
     
  3. ahrasis

    ahrasis Active Member

  4. kike28101

    kike28101 New Member

    Hi

    Thank you for your answers.
    I do not want a certificate for the website ...
    I already have the website certificate purchased on Comodo Rapid SSL --- hosted on the ISPConfig panel ---
    The website works perfectly with your SSL certificate

    The ISPConfig panel does not work with https and I have installed it as indicated at
    https://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from- Startssl

    ISP Control Panel
    [​IMG]

    Web
    [​IMG]

    I do not know what I'm doing wrong if I followed the tutorials
    Thanks
    Best Regards
    KiKe
     
  5. kerrsmith

    kerrsmith Member

    The certificate you have will only be valid for the domain it was created for. In order to get SSL working for the ISPConfig user interface you will need to access it using the same URL. So, if your current certificate is for domain.com you will need to access the user interface using domain.com:8080 BUT this certificate will need to be referenced in the ispconfig.vhost file.

    If you see the link I posted previously and read the fourth comment you can see how it works and you should be able to do the same kind of thing using your current certificate:

    https://www.howtoforge.com/communit...-let-encrypt-control-panel-certificate.74113/

    Please also note you do not need to be spending money on certificates as the LetsEncrypt ones are free and setting them up in ISPConfig just involves clicking a checkbox on the relevant domains setting page.
     
  6. ahrasis

    ahrasis Active Member

    Basically, first you have to change your hostname to your domain name that you has bought its SSL certificate. Then you use the guide as I mentioned before.

    Note that I posted the guide link as you already bought SSL certificate for your domain. If you haven't bought it, I would also suggest you to use Let's Encrypt as our friend @kerrsmith mentioned above.
     
  7. kike28101

    kike28101 New Member

    I apologize for my explanations in English, I do not speak this language well

    The certificate I have is for a web with a domain.es, it's not .com, I already had it before updating ISpConfig 3
    My question is if I can make the ISPconfig panel work with https regardless of whether it has one, two or three webs inside.

    If I install ISPconfig clean, following the turorial of Perfect Server with
    Https://www.howtoforge.com/tutorial/perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1/2/

    And then access the administration panel without having installed a web, in the access URL to the panel with https does not work
    I want the access to the ISPConfig Administration Panel to be by https with its own independent certificate and that the hosted webs work with their own certificates
    I do not want to change my hostname to my domain name, first because the domain is not mine and secondly because on this server, with this same panel, I will install a second web --personal-- that is still in the industry, I want to go to the ISP admin panel by https Independent websites

    Is it possible only the administration panel? According to the tutorial steps, when the installation of ISPConfig finishes you should be able to access by htpps !!!!

    Thank you very much for your help
    If you want I can give access to my server so you can review it
    KiKe
     
  8. ahrasis

    ahrasis Active Member

    From my side, https://vps203679.ovh.net:8080 i.e. access for ISPC is already secured by a self-signed SSL certificate created using OpenSSL following the How To that you referred to. You can also access your ISPC from https://zonabytetienda.es:8080.

    So, the https is actually working for your ISPC. You are seeing a non green lock with warning because modern browser(s) do not celebrate / recognize self-signed certificate. I guess you already knew that there is a warning when accessing via both links, which you can overcome by accepting/confirming/adding the said self-signed SSL certificate to your browser(s).

    If you want to have the green lock when accessing ISPC, and without any warning, the easiest way is you should choose only one website to access ISPC.

    The given https://vps203679.ovh.net will not be the ideal one since domain ovh.net is not owned by you and there could be thousands of subdomains like yours under it.

    And since you already have a valid certificate for https://zonabytetienda.es, I would suggest you change your server hostname to that domain then secure ISPC using that domain SSL certificate that you have bought. This means you shall be accessing your ISPC via https://zonabytetienda.es:8080.

    To achieve this, you should be able to secure your ISPC by folowwing the said https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl.

    It doesn't matter if your TLD (Top Level Domain) is .es, .com, .net etc.
     
    Last edited: Mar 12, 2017
  9. kike28101

    kike28101 New Member

    Hello ahrasis
    DO NOT
    The question is how to access the admin panel of ISP with the https protocol and to each of the webs that are hosted inside the server, with their corresponding independent SSL certificates each.

    THE SOLUTION
    The solution I have found and I think is the correct one is the following.
    1- With the installation of the ISPConfig Panel,
    Https://www.howtoforge.com/tutorial...4-jessie-apache-bind-dovecot-ispconfig-3-1/2/

    There is a point that says: Do you want to secure (SSL) connection to the ISPConfig web interface (y, n) [y] :, by answering yes, the certificate is generated for the panel that is saved in / usr / local / Ispconfig / interface / ssl
    This is the Certified that I have loaded to the browser Chrome, Mozilla, Edge, etc., so that the panel of ISPConfig tarabaje well in https.

    2- Once the web is installed in the Web Domain> Domain> SSL, the corresponding certificate is placed to the web, either free or purchased

    This way the admin panel works with SSL regardless of the web hosted inside

    Thank you
     
  10. ahrasis

    ahrasis Active Member

Share This Page