Let's Encrypt & Multiserver Environment

Discussion in 'ISPConfig 3 Priority Support' started by Spaetzle, Dec 18, 2020.

  1. Spaetzle

    Spaetzle Member HowtoForge Supporter

    Hi
    I have a multi server environment running with ISPC3.1 and I want to upgrade the installation to 3.2 soon. The following servers are in use:
    • Web & ISPC
    • Mail
    • DB
    • NS
    I would like to use Let's encrypt on the mail server. Is this possible with version 3.2. Do I only need to install the certbot packages on the mail server or do I need to do some more stuff. I am running ubuntu 18.04 at the moment but will upgrade to 20.04 before updating ispconfig.
    Regards
    Bernd
     
    ahrasis likes this.
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    ahrasis and mrbronz like this.
  3. Spaetzle

    Spaetzle Member HowtoForge Supporter

    Hi
    Thanks for this reply.
    The advantage of the Apache version is probably that I can assign multiple domain names to the mail server, right?
    However, when I do this, the certificate that the mail server delivers shows all the aliases. Is that correct?
    Should I choose the variant with the new ispconfig version (acme.sh) probably only one hostname can be defined? Is it possible to change/customize this in ispconfig?

    Greetings
    Bernd
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That is one difference/advantage, yes.
    Yes, any names that are contained in a certificate can be seen by anyone reading the certificate.
    It's entirely up to you.
    No.

    The ability to manage multiple certificates for email has been an increasingly popular request, there's no system in place for it currently, but if someone wanted to organize it, it might be possible to join together and sponsor developing that feature.
     
    ahrasis likes this.
  5. Spaetzle

    Spaetzle Member HowtoForge Supporter

    Hello

    I have now set up an email server with ispconfig3. When setting up the system, a certificate was created.

    In /etc/postfix I can see that there are symbolic links from smtp.cert and smtp.key to the corresponding files in /usr/local/interfaces/ssl/.
    If I now use the howto (https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/) to set up customized certificates, it should be sufficient to replace the links with the new ones. Will ISPConfig reset the links after some time or some actions? Or do I have to expect no problems there?

    Is there a list collecting ideas for extending ispconfig? Maybe it would be a good idea to have such a list. If there would be some feedback from developers, e.g. how expensive The development of a feature should be approximately, that could help to find people for sponsoring.

    Regards
    Bernd
     
    ahrasis likes this.
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    No, that should work fine.

    See https://git.ispconfig.org/ispconfig/ispconfig3/-/issues
    Anyone can open a MR to implement a feature. I can't tell you how much it would cost to implement something as a dev can cost almost nothing to the jackpot... and some features are done in 30 minutes, some in 30 hours :)
     
    ahrasis likes this.

Share This Page