User Tools

Site Tools


software:controlpanels:ispconfig3:tricks

ISPConfig 3 Tricks

Execute local command via e-mail

ISPConfig makes it difficult to send an e-mail to be interpreted by the local server. All e-mail addresses are handled by the information in the database. In order to do this, you need to create an alias to an e-mail alias on localhost.

  1. In ISPConfig, create a forwarder something@example.com, pointing to something@localhost
  2. From the server CLI, open /etc/aliases and add an alias like:
    something "|/full/path/to/script parameter parameter"
  3. Run
    newaliases ; service postfix reload

At this point, anything sent to something@localhost will be executed on the server by the command /full/path/to/script

Use Certbot with other services

This is old, as ISPConfig v3.3 or something fixed most of these problems, and you can install your certs during installation

ISPConfig3 has support for using Certbot with its web sites. However, it is more difficult to get the certbot to work with your mail/ftp/whatever, including the control panel. User ahrasis wrote a very nice article on this. Actually, he says it best, so I'll leave it up to him

https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

Can not create certbot SSL script on web site

This one drove me up a tree, and used several hours of my time, but I finally got it fixed after reading https://www.niih.de/fixed-warning-could-not-verify-domain-so-excluding-it-from-letsencrypt-request/.

Bottom line: ISPConfig v2.9, I think, does some checking on the ability to reach a web site before requesting a Certbot SSL certificate. This is still a little flaky in this version, and various things can make it fail (behind a DMZ, split DNS).

Simply go to System | Server Config | {server name} | Web | SSL Settings and put a check mark in “Skip Lets Encrypt Check”

/var/www on NFS Share

ISPConfig will work with /var/www on an NFS share, but you should do a couple of things first. Go to

System | Server Config | {server name} | Web

* Put a check mark in Network Filesystem * Uncheck Make web folders immutable (click Permissions) to disable extended attributes that many network file systems won't handle.

acme.sh vs certbot

More and more, ISPConfig is moving to acme.sh vs the older certbot to manage LetsEncrypt SSL certificates. I really like it because it appears to be much cleaner.

Till Brehm, one of the developers over at ISPConfig made a quick note for people who accidentally have certbot installed prior to the ISPConfig installation. ISPConfig will attempt to detect if this is the case and simply fall back to using it.

I already had a broken system, so I decided to see if I could use what he said to move my system over from certbot to acme.sh, and it worked (kinda'). I missed a couple of steps and broke my server pretty well, but was able to recover.

Tills comments (at https://forum.howtoforge.com/threads/acme-sh-on-new-install.86553/), give an order to fixing a new installation (before you have any sites), but I modified it to work with an already populated one. NOTE: your web sites will be down, or not available over https, for a while if you do this.

  1. Go through every web site and disable SSL
  2. Remove Configuration
    mv /etc/letsencypt /etc/letsencrypt.disabled
  3. Remove certbot
    mv /opt/certbot /opt/certbot.disabled # may be called other things

    OR, if you installed from a package manager, simply uninstall it.

  4. Install the acme.sh code
    curl https://get.acme.sh | sh -s
  5. Reconfigure ispconfig
    ispconfig_update.sh --force
  6. Go through every web site and enable LetsEncrypt SSL

Step 3 is difficult, as cerbot has been installed in various places at various times, so it could be called anything. Normally, if not part of a package manager installation, it is in /opt.'

The last line will reconfigure ispconfig. All you really care about (maybe) is generating a new certificate for the control panel, mail server and ftp.

software/controlpanels/ispconfig3/tricks.txt · Last modified: 2023/02/02 01:25 by rodolico