Server-level Class1 SSL Certificate

Discussion in 'Installation/Configuration' started by philgardner, Oct 28, 2016.

  1. philgardner

    philgardner Member

    ISPConfig version: 3.1.1
    Server: Ubuntu 16.04 (64-bit)

    I have recently set up a new server, following the instructions in this tutorial: https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/.

    I want to replace the self-signed certificate in /usr/local/ispconfig/interface/ssl/ with a full certificate. Should I get a free StartSSL Class 1 certificate and install it as described in the rather old tutorial https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl? Or would it be better to get a Let'sEncrypt certificate, now that Let's Encrypt is installed in ISPConfig 3.1?

    If I go down the Let'sEncrypt route, how exactly should I do it? I think the ISPConfig interface only provides for creating certificates for individual websites, so presumably the server-level certificate would have to be created from the command line. I don't want to do anything that might mess up the existing functionality!

    Any help would be much appreciated.
    Phil
     
  2. kerrsmith

    kerrsmith Member

    Hi Phil,

    Take a look at the following post where the method I used is detailed using a Let's Encrypt certificate:

    https://www.howtoforge.com/communit...-control-panel-certificate.74113/#post-348752

    This method basically makes the control panel use the same certificate created for the domain used to access it. For example if you access your control panel at https://www.mydomain.com:8080 then you tell the control panel to use the certificate for www.mydomain.com.

    There are only a couple of steps to get this working and it would be very easy to undo if you had an issue.
     
    Last edited: Oct 29, 2016
    philgardner likes this.
  3. chico11mbit

    chico11mbit Member HowtoForge Supporter

    so, what would you do on a server with multiple vhosts?
     
  4. philgardner

    philgardner Member

    Thank you! That's very helpful. It would be good if this could be integrated into the Control Panel interface, which should be quite straightforward as the control panel knows what domain it is using.
     
  5. Jesse Norell

    Jesse Norell Active Member

    https://git.ispconfig.org/ispconfig/ispconfig3/issues/3987
    It doesn't know what names it can be accessed by, all it can tell is the servername which is in use on any given request. Proper support for using letsencrypt with the panel will include the ability to specify the names which should be included in the certificate (you can do that manually when you request the certificate now).
     

Share This Page