SSL - Roundcube

Discussion in 'ISPConfig 3 Priority Support' started by conductive, Jul 19, 2018.

  1. conductive

    conductive Member HowtoForge Supporter

  2. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    neither do we, check the configured files for your ssl, check the path / follow symlinks and check the ssl is indeed valid for that domain. if not, change it. all I can guess now.
     
  3. conductive

    conductive Member HowtoForge Supporter

    Thanks for the reply.
    I an not following you. Are you saying that nobody has been able to encrypt roundcube or ???
    I can say that Let's Encrypt works fine on the webserver and any file configuration was performed during the installation. Do I just need a directive or??
     
  4. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    no not what I meant, just there nothing we can do.

    You basically said: it doesn't work. And asked: why?

    no way to help you except hinting to check the configured vhost on your side wether the desired requests actually goes into the block you defined on nginx. maybe increase debugging level and you can see on the logs which is used / causing the response you see.
     
  5. conductive

    conductive Member HowtoForge Supporter

  6. till

    till Super Moderator Staff Member ISPConfig Developer

    If you want to have SSL on the apps vhost, then you'll have to modify the apps vhost config and enable SSL there. The alternative would be to add a website like webmail.yourdomain.tld in ISPConfig, enable SSL in that website and then install RoundCube into that site instead of using the global installation. This has pros and cons, on the plus side, you have that you'll get the latest Roundcube version when you install it manually and you get rid of the port 8081 in the URL and SSL can be enabled with a simple checkbox, on the negative side you have that you must install Roundcube updates manually.
     
  7. conductive

    conductive Member HowtoForge Supporter

    Thanks for the reply.
    I must be doing something wrong. It does not appear that it is working with Let's encrypt. I keep getting a security exception when I attempt to access the page.

    mydomain.com:8081 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is not valid for the name mydomain.com. Error code: SEC_ERROR_UNKNOWN_ISSUER
    Is this normal and/or will this work with Let's Encrypt?

    Code:
     cat apps.vhost
    server {
            listen 8081;
            listen [::]:8081 ipv6only=on;
            ssl on;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
            ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
    
            # redirect to https if accessed with http
            #error_page 497 https://$host:{vhost_port}$request_uri;
    
            server_name _;
    
            root   /var/www/apps;
    
            client_max_body_size 100M;
    
            location / {
                   index index.php index.html;
            }
    
    Thanks for your help
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The self signed certificate is not made with Let's Encrypt. The vhost file looks like it is indeed using the self signed cert.
    Decide which yuo want to use. @till adviced one way to use LE. There is a thread by @ahrasis on how to use LE for ISPConfig panel and other services.
     
    conductive likes this.

Share This Page