Enable Let’s Encrypt SSL for ISPConfig control panel


The problem:

Recently I found myself with a bit of ssl problem in a web server managed through ISPConfig. The server is using free ssl certificate from Let’s Encrypt. Although all the sites in the server was loading fine via https with Lets Encrypt without any ssl warning , the control panel page for ispconfig was showing “not secure” warning. ISPConfig control panel login page is normally accessed via  port 8080 of the server. So basically “anyofyoursites:8080” takes you to login page.

The server was running on centos 7.3 and using apache 2.4.6

The problem was ISPConfig control panel page is using the self signed certificate created during the ispconfig setup instead of the Let’s Encrypt certificate . Browsers normally shows “not secure” warning for any self signed certificate.

So the solution is to force ispconfig to use keyfiles from Lets Encrypt instead of using its own self signed files.  Then create a symlink to Lets Encrypt files. they are normally in the /etc/letsencrypt/live/”your site name”/ directory. Here “your site name  is normally the first site in your server as used when you first run lets encrypt installer. Do check which name is actually used Lets Encrypt.

Configuration:

First remove the existing ISPConfig keyfiles.

rm /usr/local/ispconfig/interface/ssl/ispserver.crt
rm /usr/local/ispconfig/interface/ssl/ispserver.key

 

Then create a symlink to Let’s Encrypt files. They are normally in the /etc/letsencrypt/live/”your site name”/ directory. Here “your site name “  is normally the first site in your server as used when you first run lets encrypt installer. Do check which name is actually used Lets Encrypt.

ln -s /etc/letsencrypt/live/"your site name"/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt
ln -s /etc/letsencrypt/live/"your site name"/privkey.pem /usr/local/ispconfig/interface/ssl/ispserver.key

Now create the .pem file by combining these two files.

cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem

Now restart the apache to affect the changes.

Since we have manually built the .pem files by combining two files, problem arises when the actual Lets encrypt files get updated during Let’s Encrypt certificate renewal. We have to schedule a cron job , so it does not create any problem in the future.

Leave a comment

Your email address will not be published. Required fields are marked *