To add SSL for ISPConfig control panel, add the server hostname as a website in ISPConfig and enable the LetsEnrypt checkbox. You can find the server hostname with the command
hostname -f
That will get SSL installed for your hostname. You need to point the server hostname to the server’s IP address to get SSL certificate. Visit server hostname subdomain in a browser and verify SSL works.
Once you have a valid LetsEncrypt SSL certificate installed on your site, create a file
mkdir /usr/serverok/ vi /usr/serverok/ssl-hostname-renew
Add the following content to the file
#!/bin/bash
cat /etc/letsencrypt/live/$(hostname -f)/fullchain.pem > /usr/local/ispconfig/interface/ssl/ispserver.crt
cat /etc/letsencrypt/live/$(hostname -f)/privkey.pem > /usr/local/ispconfig/interface/ssl/ispserver.key
cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem
chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.pem
systemctl restart apache2
cat /usr/local/ispconfig/interface/ssl/ispserver.crt > /etc/postfix/smtpd.cert
cat /usr/local/ispconfig/interface/ssl/ispserver.key > /etc/postfix/smtpd.key
service postfix restart
service dovecot restart
cat /usr/local/ispconfig/interface/ssl/ispserver.pem > /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
service pure-ftpd-mysql restart
If you use nginx webserver, replace apache2 with nginx.
Make the script executable
chmod 755 /usr/serverok/ssl-hostname-renew
Run the script to activate SSL for the ISPConfig control panel, FTP, and mail server.
/usr/serverok/ssl-hostname-renew
Now set a cronjob
crontab -e
Add
@weekly /usr/serverok/ssl-hostname-renew > /dev/null
Now you should be able to access ISPConfig with a valid SSL certificate on URL
https://HOSTNAME:8080
Back to ISPconfig
Leave a Reply