software:controlpanels:ispconfig3:tricks
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
software:controlpanels:ispconfig3:tricks [2020/09/22 20:23] – rodolico | software:controlpanels:ispconfig3:tricks [2023/02/02 01:25] (current) – rodolico | ||
---|---|---|---|
Line 12: | Line 12: | ||
===== Use Certbot with other services ===== | ===== Use Certbot with other services ===== | ||
+ | |||
+ | **This is old, as ISPConfig v3.3 or something fixed most of these problems, and you can install your certs during installation** | ||
ISPConfig3 has support for using Certbot with its web sites. However, it is more difficult to get the certbot to work with your mail/ | ISPConfig3 has support for using Certbot with its web sites. However, it is more difficult to get the certbot to work with your mail/ | ||
https:// | https:// | ||
+ | |||
+ | ===== Can not create certbot SSL script on web site ===== | ||
+ | |||
+ | This one drove me up a tree, and used several hours of my time, but I finally got it fixed after reading [[https:// | ||
+ | |||
+ | Bottom line: ISPConfig v2.9, I think, does some checking on the ability to reach a web site **before** requesting a Certbot SSL certificate. This is still a little flaky in this version, and various things can make it fail (behind a DMZ, split DNS). | ||
+ | |||
+ | Simply go to System | Server Config | {server name} | Web | SSL Settings and put a check mark in "Skip Lets Encrypt Check" | ||
+ | |||
+ | ===== /var/www on NFS Share ===== | ||
+ | |||
+ | ISPConfig //will// work with /var/www on an NFS share, but you should do a couple of things first. Go to | ||
+ | |||
+ | **System | Server Config | {server name} | Web** | ||
+ | |||
+ | * Put a check mark in //Network Filesystem// | ||
+ | * Uncheck //Make web folders immutable// (click Permissions) to disable extended attributes that many network file systems won't handle. | ||
+ | |||
+ | ===== acme.sh vs certbot ===== | ||
+ | |||
+ | More and more, ISPConfig is moving to acme.sh vs the older certbot to manage LetsEncrypt SSL certificates. I really like it because it appears to be much cleaner. | ||
+ | |||
+ | Till Brehm, one of the developers over at ISPConfig made a quick note for people who accidentally have certbot installed prior to the ISPConfig installation. ISPConfig will attempt to detect if this is the case and simply fall back to using it. | ||
+ | |||
+ | I already had a broken system, so I decided to see if I could use what he said to move my system over from certbot to acme.sh, and it worked (kinda' | ||
+ | |||
+ | Tills comments (at https:// | ||
+ | |||
+ | - Go through every web site and disable SSL | ||
+ | - Remove Configuration< | ||
+ | - Remove certbot< | ||
+ | - Install the acme.sh code< | ||
+ | - Reconfigure ispconfig< | ||
+ | - Go through every web site and enable LetsEncrypt SSL | ||
+ | |||
+ | Step 3 is difficult, as cerbot has been installed in various places at various times, so it could be called anything. Normally, if not part of a package manager installation, | ||
+ | |||
+ | The last line will reconfigure ispconfig. All you really care about (maybe) is generating a new certificate for the control panel, mail server and ftp. | ||
+ | |||
+ |
software/controlpanels/ispconfig3/tricks.txt · Last modified: 2023/02/02 01:25 by rodolico