How to Setup Free Let’S Encrypt Ssl Certificates With Ispconfig 3

by Luigi Nori Date: 03-12-2019 Encryption Free HTTPS Letsencrypt Servers SSL


Let’s Encrypt is an initiative to provide a better way of enabling encryption on websites. It is open, automated and above all: it offers free SSL certificates. Obtaining SSL certificates was always a bit of a hassle and now thanks to Let’s Encrypt and Certbot, finding a certificate authority, doing regular payment, renewals and installing the certificate on your server it's easy.
Learn to use Let’s Encrypt on an ISPConfig 3.0 server.

To proceed you must already have an ISPConfig server up and running. You might have a number of sites that use plain HTTP of HTTPS that you want to secure with free SSL certificates. That’s good, we’re going to do the following:

  1. Obtaining certbot
  2. Requesting free SSL certificates
  3. Configuring SSL in ISPConfig
  4. Enabling automatic periodical renewal

Note: ISPConfig 3.1.1 features automatic installation of Let’s Encrypt certificates. This article was written for ISPConfig 3.0 but still applies to ISPConfig 3.1 as an alternative way (with more control) to integrate ISPConfig with Let’s Encrypt. If you are using the built-in Let’s Encrypt support it is not necessary to run the update script listed in this article. 

Obtaining letsencrypt certbot

First of all, obtain the certbot helper scripts and binaries. Certbot is the name of what previously was called the letsencrypt application.

Method 1: Clone the Git repository

If you do not have Git installed, either do it now or use the second method.

Installing git in Ubuntu/Debian

sudo apt-get install git

Installing git in CentOS/RedHat

sudo yum install git

When the installation is completed, navigate to a folder to put the certbot files into, for example, your home-folder.

cd ~
git clone https://github.com/Certbot/Certbot
cd Certbot

Method 2: Download the zipped repository

Download and extract the files. You can do this easily using the command line if you have wget and zip utilities available:

wget https://github.com/certbot/certbot/archive/master.zip
unzip master.zip
mv certbot-master Certbot
cd Certbot

Requesting free SSL certificates

We are going to request a certificate for our website wow-doge.com with subdomain amaze.wow-doge.com.

./certbot-auto certonly -w /var/www/ma-no.org/web -d ma-no.org -d www.ma-no.org -d api.ma-no.org

No some real magic is going to happen: the certbot-auto script will setup all requirements and when it is finished it will ask you how to validate the selected domain. Choosing ‘Apache Web Server’ is the easiest but placing files in the webroot works as well.

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ma-no.org/fullchain.pem. Your cert will
expire on 2017-04-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

The magic has happened: Certbot has created all necessary keys and your free SSL certificates files.  We are going to configure ISPConfig to use the certificate.

Configuring SSL in ISPConfig

Open the ISPConfig control-panel, go to sites, open the relevant website and enable the SSL checkbox.

Now go the the SSL tab. We need to copy the obtained certificates and keys to these fields:

SSL Key: privkey.pem
Execute cat /etc/letsencrypt/live/ma-no.org/privkey.pem and copy the contents to the field in ISPConfig.

SSL Certificate: cert.pem
Execute cat etc/letsencrypt/live/ma-no.org/cert.pem and copy the contents to the field in ISPConfig.

SSL Bundle: chain.pem
Execute cat /etc/letsencrypt/live/ma-no.org/chain.pem and copy the contents to the field in ISPConfig.

Important: Select SSL Action ‘Save Certificate’

Finally, have Apache redirect HTTP requests to HTTPS.

Method 1: Go to the Options tab and put the following in the Apache Directives field.

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Method 2: Go to Redirect tab and check Rewrite HTTP to HTTPS

Now the server is configured for this specific certificate. Select save and wait a minute or so for the configuration to become active.

Important: Let’s Encrypt certificates are only a couple of months valid and should be automatically renewed. See the next section for more info. 

Enabling automatic periodical renewal

Certificates issued by Certbot have relatively short validity. Renewing a certificate however is easy. When a certificate is renewed it will be placed under /etc/letsencrypt/domain.com . We do not want to copy the certificates and keys every time we have to renew. Luckily there is an easy solution to this.

We are going to create symbolic links to help ISPConfig use the certificates directly generated in the /etc/letsencrypt directory. Go to the SSL directory of your site and create the following links (you might need to do this as super-user, sudo):

cd /var/www/ma-no.org/ssl
ln -sf /etc/letsencrypt/live/ma-no.org/fullchain.pem wowdoge.com.crt
ln -sf /etc/letsencrypt/live/ma-no.org/privkey.pem wowdoge.com.key

Note: first just copy-paste the certificates and keys into ISPConfig. This is required for ISPConfig to configure the Apache correctly.

Create a renew-script, this is based on Let’s Encrypt example:

#!/bin/sh
service apache2 stop
/home/yourname/Certbot/certbot-auto renew -nvv --standalone > /var/log/letsencrypt/renew.log 2>&1
LE_STATUS=$?
service apache2 start
if [ "$LE_STATUS" != 0 ]; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi

Save it in for example your home-directory as renew-letsencrypt.sh and make it executable:

chmod +x renew-letsencrypt.sh

Now periodically call this script using CRON as root:

sudo crontab -e

Add the following line to call the renewal script every firstServer of the month at 4-o-clock.

00 04 01 * * /home/yourname/renew-letsencrypt.sh

Save your crontab and you’re ready to go!

Conclusion

That’s it! I am currently running multiple websites using Let’s Encrypt without any problems at all. Their free SSL certificates are trusted by almost all modern browsers and a lot of other applications that use SSL encryption.

 
by Luigi Nori Date: 03-12-2019 Encryption Free HTTPS Letsencrypt Servers SSL hits : 126  
 
Luigi Nori

Luigi Nori

Lavora in Internet dal 1994 (praticamente una mummia), specializzato in tecnologie Web fa felici i suoi clienti smanettando con applicazioni su larga scala e ad alta disponibilità, frameworks php e js, disegno web, intercambio dati, sicurezza, e-commerce, amministrazione database e server, hacking etico. Convive felicemente con @salvietta150x40, nel (poco) tempo libero cerca di addomesticare un piccolo nano selvaggio appassionato di astri.

 
 
 

Related Posts

    The best collections of Royalty free videos for social networks

    If you are looking for videos that can be edited and uploaded to social networks, pay attention, because we have here a great list of websites that offer this type…

    Best 9 Free Rss Readers

    Lately we have been on a constant lookout for good RSS readers to find and share rich content for our users. RSS is a great way to keep in the…

    How to install Letsencrypt certificates with certbot in ubuntu 16.04

    Install Certbot's Nginx package with apt-get. sudo apt-get install python-certbot-nginx sudo certbot -i nginx -a webroot -w /var/www/mysite.org -d www.mysite.org edit the nginx config file for /etc/nginx/sites-available/default. server { listen 443 ssl; server_name mysite.org; ssl_certificate /etc/letsencrypt/live/mysite.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mysite.org/privkey.pem; location…

    Useful Free UX Ebooks

    Looking for some good tips to give you an edge in UX design? We’ve rounded up a selection of our favorite e-books from the Web that you can download for…

    Tips on How to Prevent Data Loss for Your Business

    Data is information stored electronically that makes the world go round, and for businesses, in particular, it could include sensitive information about its finances, customers, and employees. The majority of…

    8 Free PHP Books to Read in Summer 2018

    In this article, we've listed 8 free PHP books that can help you to learn new approaches to solving problems and keep your skill up to date.   Practical PHP Testing This book…

    6 Free Film Effect Photoshop Actions

    Film and graphic lovers rejoice! Today we give us this little pack film effect Photoshop actions!  Photoshop actions allow designers to automate common sequences for increased efficiency. If you do much…

    Top 10 Freebies For Designers of 2015

    My grandmother always says, “Nothing in life is free.” In a way, she was correct. Even (some) Google products – considered free – are ad-supported.  Freebies be it any kind of…

    How to Create a .ONION Website and Domain With Tor Network

    Not a lot of people know about .onion websites, not many people actually use it. .ONION websites are used by people who want to stay anonymous. In addition, .onion websites…

    20 Awesome Free Tools For Web Developers 2014

    If you’re a web designer or a front-end developer, you probably spend a lot of time writing mark-up.  Fortunatly, there are some great tools and projects on the web that…

    Long Shadows: Tutorial, Resources, Examples and Videos

    Within the flat design trend on the rise at the moment, especially in this world of the web, one thing that stands out is the use of long flat shadows,…

    11 Free and Popular Thin Fonts (Commercial Use Allowed)

    In today's post we bring together thin fonts which are really popular among designers.The below fonts are all free both for personal and commercial use. So why not download the ones…