How to Setup Free Let’S Encrypt Ssl Certificates With Ispconfig 3

by Luigi Nori Date: 03-12-2019 Encryption Free HTTPS Letsencrypt Servers SSL

Let’s Encrypt is an initiative to provide a better way of enabling encryption on websites. It is open, automated and above all: it offers free SSL certificates. Obtaining SSL certificates was always a bit of a hassle and now thanks to Let’s Encrypt and Certbot, finding a certificate authority, doing regular payment, renewals and installing the certificate on your server it's easy.
Learn to use Let’s Encrypt on an ISPConfig 3.0 server.

To proceed you must already have an ISPConfig server up and running. You might have a number of sites that use plain HTTP of HTTPS that you want to secure with free SSL certificates. That’s good, we’re going to do the following:

  1. Obtaining certbot
  2. Requesting free SSL certificates
  3. Configuring SSL in ISPConfig
  4. Enabling automatic periodical renewal

Note: ISPConfig 3.1.1 features automatic installation of Let’s Encrypt certificates. This article was written for ISPConfig 3.0 but still applies to ISPConfig 3.1 as an alternative way (with more control) to integrate ISPConfig with Let’s Encrypt. If you are using the built-in Let’s Encrypt support it is not necessary to run the update script listed in this article. 

Obtaining letsencrypt certbot

First of all, obtain the certbot helper scripts and binaries. Certbot is the name of what previously was called the letsencrypt application.

Method 1: Clone the Git repository

If you do not have Git installed, either do it now or use the second method.

Installing git in Ubuntu/Debian

sudo apt-get install git

Installing git in CentOS/RedHat

sudo yum install git

When the installation is completed, navigate to a folder to put the certbot files into, for example, your home-folder.

cd ~
git clone
cd Certbot

Method 2: Download the zipped repository

Download and extract the files. You can do this easily using the command line if you have wget and zip utilities available:

mv certbot-master Certbot
cd Certbot

Requesting free SSL certificates

We are going to request a certificate for our website with subdomain

./certbot-auto certonly -w /var/www/ -d -d -d

No some real magic is going to happen: the certbot-auto script will setup all requirements and when it is finished it will ask you how to validate the selected domain. Choosing ‘Apache Web Server’ is the easiest but placing files in the webroot works as well.

- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ Your cert will
expire on 2017-04-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:
Donating to EFF:

The magic has happened: Certbot has created all necessary keys and your free SSL certificates files.  We are going to configure ISPConfig to use the certificate.

Configuring SSL in ISPConfig

Open the ISPConfig control-panel, go to sites, open the relevant website and enable the SSL checkbox.

Now go the the SSL tab. We need to copy the obtained certificates and keys to these fields:

SSL Key: privkey.pem
Execute cat /etc/letsencrypt/live/ and copy the contents to the field in ISPConfig.

SSL Certificate: cert.pem
Execute cat etc/letsencrypt/live/ and copy the contents to the field in ISPConfig.

SSL Bundle: chain.pem
Execute cat /etc/letsencrypt/live/ and copy the contents to the field in ISPConfig.

Important: Select SSL Action ‘Save Certificate’

Finally, have Apache redirect HTTP requests to HTTPS.

Method 1: Go to the Options tab and put the following in the Apache Directives field.

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Method 2: Go to Redirect tab and check Rewrite HTTP to HTTPS

Now the server is configured for this specific certificate. Select save and wait a minute or so for the configuration to become active.

Important: Let’s Encrypt certificates are only a couple of months valid and should be automatically renewed. See the next section for more info. 

Enabling automatic periodical renewal

Certificates issued by Certbot have relatively short validity. Renewing a certificate however is easy. When a certificate is renewed it will be placed under /etc/letsencrypt/ . We do not want to copy the certificates and keys every time we have to renew. Luckily there is an easy solution to this.

We are going to create symbolic links to help ISPConfig use the certificates directly generated in the /etc/letsencrypt directory. Go to the SSL directory of your site and create the following links (you might need to do this as super-user, sudo):

cd /var/www/
ln -sf /etc/letsencrypt/live/
ln -sf /etc/letsencrypt/live/

Note: first just copy-paste the certificates and keys into ISPConfig. This is required for ISPConfig to configure the Apache correctly.

Create a renew-script, this is based on Let’s Encrypt example:

service apache2 stop
/home/yourname/Certbot/certbot-auto renew -nvv --standalone > /var/log/letsencrypt/renew.log 2>&1
service apache2 start
if [ "$LE_STATUS" != 0 ]; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1

Save it in for example your home-directory as and make it executable:

chmod +x

Now periodically call this script using CRON as root:

sudo crontab -e

Add the following line to call the renewal script every firstServer of the month at 4-o-clock.

00 04 01 * * /home/yourname/

Save your crontab and you’re ready to go!


That’s it! I am currently running multiple websites using Let’s Encrypt without any problems at all. Their free SSL certificates are trusted by almost all modern browsers and a lot of other applications that use SSL encryption.

by Luigi Nori Date: 03-12-2019 Encryption Free HTTPS Letsencrypt Servers SSL hits : 5487  
Luigi Nori

Luigi Nori

He has been working on the Internet since 1994 (practically a mummy), specializing in Web technologies makes his customers happy by juggling large scale and high availability applications, php and js frameworks, web design, data exchange, security, e-commerce, database and server administration, ethical hacking. He happily lives with @salvietta150x40, in his (little) free time he tries to tame a little wild dwarf with a passion for stars.


Related Posts