Using letsencrypt on 3.2.2

Discussion in 'Installation/Configuration' started by Marwan Kandeel, Oct 6, 2021 at 11:22 AM.

  1. Marwan Kandeel

    Marwan Kandeel New Member

    Hi,

    I'm using ISPConfig 3.2.2 on a multi server setup. I have been using wildcards SSL for few years now. I heard that I can use letsencrypt for all ISPConfig services. Can anyone confirm if I wll be able to secure: webmail, IMAP, POP, SMTP, FTP with letsencrypt?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Run an ISPConfig update and choose to recreate the SSL cert during update, this will create a let#s encrypt cert for the hostname and install it for all services.
     
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I can verify that one can use LE wildcard certificates with ISPConfig server and its services as I am using them since they were made available and I did share the methods of obtaining the same in one thread.

    And as they used dns challenge, they work from multiple servers behind a nat router easily without needing for any proxies or having own public ip for each server.

    The only gotcha is though the above may work with some tweaks this dns challenge method is yet to be written and integrated into ISPConfig as it was deemed neither urgent nor important, or I think it is like that, still.
     
  5. Marwan Kandeel

    Marwan Kandeel New Member

    This will be done automatically? Sure it will install SSL for mail and FTP and websites? I have a multi server setup, mail is on a separate server.
     
  6. Marwan Kandeel

    Marwan Kandeel New Member

    can you help me installing/configuring it please?
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    A certificate for the server hostname can be setup automatically, and put in place for mail and ftp and the control panel website; website you add via the control panel are setup differently. When you have multiple servers, each will need their own certificate setup, which does require http access to the server (eg. if you have a network firewall it may port forwards, those would need configured for your mail server as well).
     
  8. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Depending on your LE client (as I only tested using certbot), dns server and its plugin, I think I can guide, if that what you are asking.

    The key is installing them right after you have built minimal server but before following any of ISPConfig PST.

    Basically ISPConfig will detect if the LE certs (wildcard or not) for your hostname fqdn are already available and use it for your server and all its services.

    It will be a lot tricky for acme.sh if you choose to use it since ISPConfig will basically install them to its SSL folder instead of just linking them there, so to avoid headache I won't be supporting it as I consider that as some sort of coding bug that prevents certs for ISPConfig server to be pre-installed.
     
  9. Marwan Kandeel

    Marwan Kandeel New Member

    Great! I have the wildcard with me. Can you please guide me how to install it? Let's start with FTP. I didnt know how to merge the files and make a pem. I have the request and the chain files.
     

Share This Page