Securing Your Server With Let's Encrypt

Discussion in 'Tips/Tricks/Mods' started by ahrasis, Feb 14, 2017.

  1. Poliman

    Poliman Member

    Excellent.
    I used old tutorial for Ubuntu 14.04 (as first, Till sent me link to it) -> https://www.howtoforge.com/tutorial...ovecot-ispconfig-3-1/2/#-install-lets-encrypt. During installation process I hadn't window which is showed in tutorial. Currently ISP sees LE certificate for website. I should check both options - ssl, le ssl - in panel/ website edition.
     
    Last edited: Mar 16, 2017
  2. ahrasis

    ahrasis Member

    I stand corrected about LE certificates created by certbot won't be automatically renewed by ISPC though I did read about them not getting renewed somehow.
     
  3. Poliman

    Poliman Member

    @ahrasis I got notification on email about Your answer (Where it is? :) ):
    "The link provided by me earlier is the same one as well but I think you didn't get the blue windows because the tutorial is for Debian, not Ubuntu.
    Ok, I understood case with blue window.
    My experience in running the same (./certbot-auto) in 14.04 is that it will ask you whether you want to install LE SSL on your available websites i.e. if they are created already. Logically, I think, if there is no created websites during installation, none will be asked.
    This same like You. But before started with certbot I have deployed ISPC on the server and configured website.
    Whether ISPC sees that LE SSL files is one thing. But my point is simpler, i.e. if you did use certbot directly in creating LE SSL files for your websites, they normally won't get renewed automatically by ISPC.
    Ok, so probably they won't be renewed. How to do it manually?
    Also, if you install certbot after completed the perfect server guide without updating ISPC, you may face some problems with LE and its certificates renewal.
    I completed perfect server guide, then update ISPC to newest version. ;)
    Anyway, the best is gor you to wait for now because nobody what will happen until it happens. "
    I didn't understand. Should I wait for what? :)
     
  4. ahrasis

    ahrasis Member

    If it is not here, that means it is already deleted.

    One of the solutions to check if they are not automatically renewed:
     
    Poliman likes this.
  5. Poliman

    Poliman Member

    I will check this very soon. LE cert will expire in 1 month and 5 days.

    PS
    Is it possible that installation certbot after installing ISPC would determine that I have to manually choose website domains by executing ./certbot-auto?
     
    Last edited: Mar 17, 2017
  6. ahrasis

    ahrasis Member

    I am not so sure but I think ./certbot-auto is mainly to install dependencies for proper running of LE and if you have existing websites, it would normally ask you to choose whether to create its SSL certificates for them or else.
     
  7. Jesse Norell

    Jesse Norell Well-Known Member

    Certificates will be renewed automatically if they can be, whether they were issued by manually running certbot or by using the ispconfig interface. The notes at https://www.howtoforge.com/community/threads/letsencrypt-on-mail-server.73695/page-2#post-357516 explain they issued the certificate using standalone mode (which is correct for a dedicated mail server), but now has Apache running, so the details/method for renewing the certificate needed changed (to use webroot).
     
  8. ahrasis

    ahrasis Member

    First,
    Second, I was merely suggesting on one of the solutions reported to check in the event LE SSL certificates are not automatically renewed because it does happen for whatever reason that is.
     
  9. Poliman

    Poliman Member

    I am happy, because Let's Encrypt would automatically renew ssl certificate.
     
    ahrasis likes this.

Share This Page