I just upgraded from ISPConfig 3.0 to 3.1.2 on Debian 7.
According to the Changelog, Let's Encrypt is now supported.
However, I don't see any Let's Encrypt specific options. I can create an SSL certificate from the SSL tab of a Website, but accessing the domain using https:// results in the following error in Chrome:
This site can’t provide a secure connection.
Is Let's Encrypt only available for new (clean) installations?
- or will the proper options emerge if I install e.g. CertBot or some other package?
It seems CertBot has a plugin for Apache that automates everything, but I'm worried ISPConfig and CertBot will conflict when both trying to control configuration files.
Thanks in advance for any guidance.
Jimmy
I realized that HowToForge would be the ideal place to ask. Here is the response I received from Till Brehm:
"1) You have to install certbot and just certbot, no certbot apache plugin. and do not create ssl certs with certbot at install time, when it asks for that, choose cancel.
2) then login to ispconfig, go to the website settings amd emable the checkbox labeled "Letsencrypt" which is on the first tab of the site settings. The SSL tab is not used for letsencrypt."
It worked just the way he said.
https://www.howtoforge.com/community/threads/ispconfig-lets-encrypt-not-available-after-upgrade.75540/#post-355688
Related
Previously I used RapidSSL certificate. After it expired I moved to Lets Encrypt (free ssl) and installed on my server. But site uses still old SQL certificate after couple of refreshes taking new SSL certificate and resources (css, images, scripts) are not loading gives NET::ERR_CERT_DATE_INVALID error.
I restarted Apache couple of times.
I'm using Ubuntu 16.04.
NET::ERR_CERT_DATE_INVALID means your SSL certificate date is invalid, that is because your old certificate has expired. Check your apache config to make sure that - certificate files mentioned are the desired ones. For detail debugging of your problem, you need to look at your apache server log could be located at /var/log/apache2.
How to manually install SSL certificate without Cpanel access on Centos 7/Apache? My Cpanel license is expired (simply have no money), so I can't login and can't use WHM API (command line) because API try to read Cpanel license file.
The certificate is already stored on system (issued by Lets Encrypt plugin). But I don't know how to make it effective on my site since Apache config folder is different on Cpanel system. What file should I edit to input my cert address?
Certificate is stored at: /etc/letsencrypt/live/mydomain.com/fullchain.pem
Private key is stored at: /etc/letsencrypt/live/mydomain.com/privkey.pem
Note: I use Engintron (Nginx Cpanel plugin), don't know if this change anything. I have root access.
I got to install SSL certificate (by Let's Encrypt) on cPanel directly by running Certbot-Auto command on SSH screen. Certbot-Auto will generate certificate and install it. It is very simple: https://certbot.eff.org/docs/install.html#certbot-auto.
I had to delete the old expired certificates from my /home/mydomain/ssl folder to avoid conflict. I don't know how things are inside cPanel cause I still have no license to access. I will renew license soon, but can't stop working on my site just because I have no SSL.
I'm having issues with TLS enabling in Mattemost. In my server I configured a lot of virtualHosts plus the mattermost files. In http everything was working fine.
Today I tried to setup TLS and https. I followed the instuctions as in https://docs.mattermost.com/install/config-tls-mattermost .html. Now I get this:
Please notice the error: I'm trying to access domain1.mywebsite.com and the error is "its security certificate is signed by domain2.mywebsite.com". domain2.mywebsite.com is one of the websites configured as virtualhosts in apache.
I did not configure any virtualhost for Mattermost, since I don't thing any is needed (and it worked flawlessly without one, and without TLS). But how can I tell mattermost (or the browser?) that the server of domain2.mywebsite.com is the same of domain1.mywebsite.com?
I generated the certificates using letsencrypt with the standalone option (sudo certbot certonly --standalone -d domain1.mywebsite.com) and didn't move any file, just enabled "UseLetsEncrypt": true, in config.json file.
Do you happen to have any idea about how I could fix this?
Thank you
Marco
You'll need to configure TLS on Apache. You'll needs to use separate certificates for each virtual host.
Here is information that might help you: https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Don't configure TLS on Mattermost if TLS is being handled by the proxy.
So... I have my SSL certificate (Comodo, btw). I can't install it on cpanel.
I've been told that it can be solved easily with the 'instal ssl' but I don't have that option.
Please help...
You should be able to install the SSL certificate from your
cPanel -> SSL/TLS -> Install and Manage SSL for your site (HTTPS)
If you do not have this option in your cPanel, you can try changing your cPanel theme from the Switch Theme menu and try again.
In case it still does not show, I am afraid that your only option left would be to provide the SSL to your hosting company, so they install it for you from WHM.
Please forward your SSL certificate file to your hosting provider. They will install it for your through WHM root user.
Hello I would like some pointers for enabling ssl on bitnami joomla that works with xampp I have read many tutorials nothing seems to work.I have tried to forse ssl from joomla adminstrator it says that the connection is not safe where might the problem be i see that the cert is not trusted i accepted it as trusted but still doesn't work .if someone knows the answer please share!
Bitnami developer here,
I have created a new auto-signed certificate using our guide at https://wiki.bitnami.com/Components/Apache#How_to_create_a_SSL_certificate.3f and modified file installdir/etc/extras/httpd-ssl.conf to use the new certificate files and after that restarted Apache server with sudo installdir/ctlscript.sh restart apache. It worked for me. The lines I modified in httpd-ssl.conf are:
...
SSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
...
SSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"
...
Then, I browsed my server using HTTPS and it showed an error page with error code NET::ERR_CERT_AUTHORITY_INVALID.
That means that the certificate is invalid because of the Certificate Authority is not a trusted one. It is completely normal because I have auto-signed the certificate. To skip this, click the "Advanced options" button and then click the link "Proceed to ...". You should see your website.
Also in the navigation bar you will see text "https" in red. If you click in the lock close to it, it will prompt a window with text:
The identity of this website has not been verified.
• Server's certificate is not trusted.
Your connection to your_domain.com is encrypted with modern cryptography.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
Regards,
Gonzalo