ISP Config 3.1 Let Encrypt Control Panel Certificate

Discussion in 'General' started by rgwilliams20, Sep 30, 2016.

  1. rgwilliams20

    rgwilliams20 New Member HowtoForge Supporter

    Hi All,

    This is probably a really stupid question but....
    Can you use Lets Encrypt to generate a certificate for the ISP Config Control Panel? If so, how?
    ganewbie likes this.
  2. diablo666

    diablo666 Active Member HowtoForge Supporter

    I was searching the same :)
  3. adevx

    adevx New Member

    I don't believe this is possible from the web interface itself. But can be achieved by other means.
    First make sure you have a letsencrypt certificate for the domain you want to use to access the ispconfig web panel.
    If you don't have a certificate make an otherwise empty website in ispconfig with the required domain name and letsencrypt enabled.
    Now go to "/usr/local/ispconfig/interface/ssl" , here are the self signed certs for the ispconfig web interface

    First make a backup / move the current certificate:
    # mv ispserver.crt ispserver.crt.backup
    # mv ispserver.key ispserver.key.backup

    Link .cert and .key to your previously generated certificates, for instance (client en web dir wil be different):
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.crt
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.key
    This results in:
    # ls -lha
    lrwxrwxrwx 1 root root 51 apr 4 18:20 ispserver.crt -> /var/www/clients/client1/web9/ssl/
    lrwxrwxrwx 1 root root 51 apr 4 18:20 ispserver.key -> /var/www/clients/client1/web9/ssl/

    Perhaps a webserver restart and you should be good to go. I haven't checked out the just released ispconfig 3.1, it might have been integrated.
  4. kerrsmith

    kerrsmith Member

    Thanks for the post adevx, I just tried it and it works in ISPConfig 3.1.

    I had to do the following in /usr/local/ispconfig/interface/ssl:

    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.crt
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.key
    # ln -s /var/www/clients/client1/web9/ssl/ ispserver.bundle

    (note the extra bundle line)

    Then in the file /etc/apache2/sites-available/ispconfig.vhost I had to uncomment the following line:

    SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    I then did an Apache restart and got a Verified by Let's Encrypt padlock when on the admin login page.
    CreeWarrior and diablo666 like this.
  5. diablo666

    diablo666 Active Member HowtoForge Supporter

Share This Page