ISPconfig control panel SSL issue

Discussion in 'HOWTO-Related Questions' started by Tony321, Oct 1, 2018.

  1. Tony321

    Tony321 New Member

    I am following this tutorial to secure the ispconfig control panel and ran the commandds as stated with no errors as I run the ispconfig_update.sh and followed the instructions for SSL: https://www.howtoforge.com/tutorial...nabling-ssl-for-ispconfig-control-panel-port-

    The issue is that the control panel is still not secure and the HTTPS has a line across it in the URL bar stating it is not secure?
    How to troubleshoot this because if it does not work for the control panel then there is no point trying to the same for the other services?

    Same with webmail and phpmyadmin, they are not secure either.
     
  2. Frankenstein

    Frankenstein Member

    Some solutions:
    1. Check the certificate
    U can go to the certificate directive of ispconfig and do a "ls -l". Their u can see if ur certificate is already a symlink to the letsencrypt certificate.

    2. Check LE Cert
    Go to the directory where the symlink goes to and check if the certificate is right on his place

    3. Check ur Browser and DNS Chache
    U can do a first check on the website. Go to the url bar and click on the certificate - look if its ur selfsigned or ur letsencrypt. If its the letsencrypt test if its the one for this url

    If its the le ssl cert remove browser chache
     
  3. Tony321

    Tony321 New Member

    Thanks for the reply Frankenstein.

    1. Check the certificate
    U can go to the certificate directive of ispconfig and do a "ls -l".
    Where is this? You mean in CLI?
    [​IMG]

    2. Check LE Cert
    Go to the directory where the symlink goes to
    Sorry, where is this?

    3. Check ur Browser and DNS Chache
    U can do a first check on the website. Go to the url bar and click on the certificate - look if its ur selfsigned or ur letsencrypt. If its the letsencrypt test if its the one for this url
    Here is the details in the url browser:
    [​IMG]

    Hope the above can provide some answers.

     
  4. Frankenstein

    Frankenstein Member

  5. Tony321

    Tony321 New Member

    Ok, I will check the url you sen, thanks.

    I only have one dedicated server, i don't think I have multi server setup.
     
  6. Frankenstein

    Frankenstein Member

    multi server is a setup out of 5 dedicated or vps servers which running as example like:
    web.domain.tld as Web/File-Server and Mail Relay Server and with ISP Control Panel
    db.domain.tld as the Database Server
    mail.domain.tld as the Mail Gateway
    ns1 and ns2.domain.tld as ur primary and secondary dns server

    So - no - u dont have multi server
     
  7. Tony321

    Tony321 New Member

    The part of the tutorial that says this:
    Securing ISPConfig Website With Let's Encrypt SSL]
    5. To create Let's Encrypt SSL files and enable them for your server site, go back to ISPConfig panel > Sites > Website > Website Name, click SSL and Let's Encrypt check buttons and save. If successful, your server website shall now be using this Let's Encrypt SSL files but not yet for your ISPConfig 8080 port. If unsuccessful, DO NOT proceed further but check its log file for a clue.

    I have added a website for the server.domain.com in ISPconfig as follows:
    [​IMG]
    Was I meant to add the server address with the port, like https://server.mydomain.com:8080/?
     
  8. Tony321

    Tony321 New Member

    Ok, Nginx has failed and cannot acces the ISPconfig control panel now, after googling the error and checking nginx status i an the command and have this:

    nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/ispconfig/interface/ssl/ispserver.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    What has gone wrong?
     
  9. ahrasis

    ahrasis Active Member

    Did you managed to get LE SSL certs for your server fqdn after creating your website and before proceeding further?

    Browse https://your.server.fqdn and/or run in terminal: "ls -lat /etc/letsencrypt/*/$(hostname -f)" to check.

    You can try using LE4ISPC script mentioned in that guide if you want to ease your work and avoid any neglects or mistakes of typing or copy-pasting.
     
    Frankenstein likes this.
  10. Tony321

    Tony321 New Member

    I ran that command and I got the below so am guessing the LE SSL certs are there.

    [​IMG]
     
  11. Frankenstein

    Frankenstein Member

    Yes, the ssl certificates right on their place.

    Did ur certificate is working now?
     
  12. Tony321

    Tony321 New Member

    No, I just followed the post from ahrasis: ISPconfig control panel SSL issue

    And when running the script there is an error: ./le4ispc.sh: line 119: syntax error: unexpected end of file
    [​IMG]
    Is is a script error? Because I followed the guide on github.

    I still can't access ISPconfig control panel.
     
  13. ahrasis

    ahrasis Active Member

    I am sorry, after your report I revisited the script today and found there is an error in LE4ISPC for Nginx, so I fixed it.

    You may try again now.

    (It is fine for Apache2 though.)
     

Share This Page