SSL how to for ISPconfig 3 with Letsencrypt

Discussion in 'General' started by SamTzu, Nov 16, 2016.

?

Who's the man?

  1. You

    0 vote(s)
    0.0%
  2. Me

    0 vote(s)
    0.0%
  1. SamTzu

    SamTzu Member HowtoForge Supporter

    Ok. I have spent the last 3 days to get this to work so you best gimme some kudos :)

    Create new sites on ISPconfig 3.1 "perfect server" (in this example we call these new web sites ic4.eu, smtp.ic4.eu and imap.ic4.eu) and enable Let's Encrypt SSL on these sites. Use www. as alias on ic4.eu root (but remember to disable www. alias on any other web site that possibly will use the (ic4.eu) root domain address like smtp.ic4.eu or any other web site alias in the future.) Make sure your DNS settings have these new addresses.

    Define ISPconfig to use the new SSL certificate with symbolic links.
    (If you don't know how to use symbolic links this how-to is not for you)
    /usr/local/ispconfig/interface/ssl/
    ispserver.crt -> /etc/letsencrypt/archive/ic4.eu/fullchain.pem
    ispserver.key -> /etc/letsencrypt/archive/ic4.eu/privkey.pem

    Define Postfix to use the new SSL certificate in /etc/postfix/main.cf.
    (If you don't know how to add these entries this how-to is not for you)
    smtpd_tls_cert_file = /etc/letsencrypt/archive/smtp.ic4.eu/cert1.pem
    smtpd_tls_key_file = /etc/letsencrypt/archive/smtp.ic4.eu/privkey1.pem
    smtpd_tls_CAfile = /etc/letsencrypt/archive/smtp.ic4.eu/fullchain1.pem

    Define Dovecot to use the new SSL certificate in /etc/dovecot/dovecot.conf.
    (If you don't know how to add these entries this how-to is not for you)
    ssl_cert = </etc/letsencrypt/archive/imap.ic4.eu/fullchain1.pem
    ssl_key = </etc/letsencrypt/archive/imap.ic4.eu/privkey1.pem

    Enjoy your working SSL certificates for SMTP(s) and IMAP(s).
    Who's the man?
     
    Last edited: Nov 17, 2016
    dfumagalli likes this.
  2. PermaNoob

    PermaNoob Member

    Quick question: I don't use dns on my servers, I use my domain registrar's dns. Is that going to cause a problem with Let's Encrypt?
     
  3. sjau

    sjau Local Meanie Moderator

    No, you just have to make sure that there are A or CNAME entries in your zone file.
     
    PermaNoob likes this.
  4. PermaNoob

    PermaNoob Member

    Thanks!
     

Share This Page