How to setup Free Let’s Encrypt SSL certificates with ISPConfig 3

by Luigi Nori Date: 03-12-2019 Encryption Free HTTPS Letsencrypt Servers SSL

Let’s Encrypt is an initiative to provide a better way of enabling encryption on websites. It is open, automated and above all: it offers free SSL certificates. Obtaining SSL certificates was always a bit of a hassle and now thanks to Let’s Encrypt and Certbot, finding a certificate authority, doing regular payment, renewals and installing the certificate on your server it's easy.
Learn to use Let’s Encrypt on an ISPConfig 3.0 server.

To proceed you must already have an ISPConfig server up and running. You might have a number of sites that use plain HTTP of HTTPS that you want to secure with free SSL certificates. That’s good, we’re going to do the following:

  1. Obtaining certbot
  2. Requesting free SSL certificates
  3. Configuring SSL in ISPConfig
  4. Enabling automatic periodical renewal

Note: ISPConfig 3.1.1 features automatic installation of Let’s Encrypt certificates. This article was written for ISPConfig 3.0 but still applies to ISPConfig 3.1 as an alternative way (with more control) to integrate ISPConfig with Let’s Encrypt. If you are using the built-in Let’s Encrypt support it is not necessary to run the update script listed in this article. 

Obtaining letsencrypt certbot

First of all, obtain the certbot helper scripts and binaries. Certbot is the name of what previously was called the letsencrypt application.

Method 1: Clone the Git repository

If you do not have Git installed, either do it now or use the second method.

Installing git in Ubuntu/Debian

sudo apt-get install git

Installing git in CentOS/RedHat

sudo yum install git

When the installation is completed, navigate to a folder to put the certbot files into, for example, your home-folder.

cd ~
git clone https://github.com/Certbot/Certbot
cd Certbot

Method 2: Download the zipped repository

Download and extract the files. You can do this easily using the command line if you have wget and zip utilities available:

wget https://github.com/certbot/certbot/archive/master.zip
unzip master.zip
mv certbot-master Certbot
cd Certbot

Requesting free SSL certificates

We are going to request a certificate for our website wow-doge.com with subdomain amaze.wow-doge.com.

./certbot-auto certonly -w /var/www/ma-no.org/web -d ma-no.org -d www.ma-no.org -d api.ma-no.org

No some real magic is going to happen: the certbot-auto script will setup all requirements and when it is finished it will ask you how to validate the selected domain. Choosing ‘Apache Web Server’ is the easiest but placing files in the webroot works as well.

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ma-no.org/fullchain.pem. Your cert will
expire on 2017-04-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

The magic has happened: Certbot has created all necessary keys and your free SSL certificates files.  We are going to configure ISPConfig to use the certificate.

Configuring SSL in ISPConfig

Open the ISPConfig control-panel, go to sites, open the relevant website and enable the SSL checkbox.

Now go the the SSL tab. We need to copy the obtained certificates and keys to these fields:

SSL Key: privkey.pem
Execute cat /etc/letsencrypt/live/ma-no.org/privkey.pem and copy the contents to the field in ISPConfig.

SSL Certificate: cert.pem
Execute cat etc/letsencrypt/live/ma-no.org/cert.pem and copy the contents to the field in ISPConfig.

SSL Bundle: chain.pem
Execute cat /etc/letsencrypt/live/ma-no.org/chain.pem and copy the contents to the field in ISPConfig.

Important: Select SSL Action ‘Save Certificate’

Finally, have Apache redirect HTTP requests to HTTPS.

Method 1: Go to the Options tab and put the following in the Apache Directives field.

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Method 2: Go to Redirect tab and check Rewrite HTTP to HTTPS

Now the server is configured for this specific certificate. Select save and wait a minute or so for the configuration to become active.

Important: Let’s Encrypt certificates are only a couple of months valid and should be automatically renewed. See the next section for more info. 

Enabling automatic periodical renewal

Certificates issued by Certbot have relatively short validity. Renewing a certificate however is easy. When a certificate is renewed it will be placed under /etc/letsencrypt/domain.com . We do not want to copy the certificates and keys every time we have to renew. Luckily there is an easy solution to this.

We are going to create symbolic links to help ISPConfig use the certificates directly generated in the /etc/letsencrypt directory. Go to the SSL directory of your site and create the following links (you might need to do this as super-user, sudo):

cd /var/www/ma-no.org/ssl
ln -sf /etc/letsencrypt/live/ma-no.org/fullchain.pem wowdoge.com.crt
ln -sf /etc/letsencrypt/live/ma-no.org/privkey.pem wowdoge.com.key

Note: first just copy-paste the certificates and keys into ISPConfig. This is required for ISPConfig to configure the Apache correctly.

Create a renew-script, this is based on Let’s Encrypt example:

#!/bin/sh
service apache2 stop
/home/yourname/Certbot/certbot-auto renew -nvv --standalone > /var/log/letsencrypt/renew.log 2>&1
LE_STATUS=$?
service apache2 start
if [ "$LE_STATUS" != 0 ]; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi

Save it in for example your home-directory as renew-letsencrypt.sh and make it executable:

chmod +x renew-letsencrypt.sh

Now periodically call this script using CRON as root:

sudo crontab -e

Add the following line to call the renewal script every firstServer of the month at 4-o-clock.

00 04 01 * * /home/yourname/renew-letsencrypt.sh

Save your crontab and you’re ready to go!

Conclusion

That’s it! I am currently running multiple websites using Let’s Encrypt without any problems at all. Their free SSL certificates are trusted by almost all modern browsers and a lot of other applications that use SSL encryption.

 
by Luigi Nori Date: 03-12-2019 Encryption Free HTTPS Letsencrypt Servers SSL hits : 23063  
 
Luigi Nori

Luigi Nori

He has been working on the Internet since 1994 (practically a mummy), specializing in Web technologies makes his customers happy by juggling large scale and high availability applications, php and js frameworks, web design, data exchange, security, e-commerce, database and server administration, ethical hacking. He happily lives with @salvietta150x40, in his (little) free time he tries to tame a little wild dwarf with a passion for stars.

 
 
 

Related Posts

Free Netflix: everything you can see without subscribing

To view the contents of an audiovisual streaming platform such as Netflix, it is necessary to pay a monthly connection fee. However, the company has enabled a series of contents…

How to get into the Deep Web: a guide to access TOR, ZeroNet, Freenet and I2P

We would like to present you with a guide that will allow you to enter the main darknets that make up the Dark Web, colloquially known as the Deep Web,…

Best Free Image Optimization Tools for Image Compression

Our monitors are getting better and better and, of course, we want to make them profitable by enjoying images with an increasing resolution when we browse. The problem is that…

How to enable DoH in Chrome, Firefox, and Edge to prevent your ISP from knowing which sites you visit

Maybe you haven't heard of DoH, the new security standard in Firefox, Chrome and other browsers that prevents your Internet provider from spying on the sites you visit. Let's see…

The best collections of Royalty free videos for social networks

If you are looking for videos that can be edited and uploaded to social networks, pay attention, because we have here a great list of websites that offer this type…

Best 9 Free Rss Readers

Lately we have been on a constant lookout for good RSS readers to find and share rich content for our users. RSS is a great way to keep in the…

How to install Letsencrypt Certificates with Certbot in Ubuntu

In this article we will explain how to install, manage and configure the SSL Security certificate, Let's Encypt in NGINX server used as proxy. This certificate is free but does…

Useful Free UX Ebooks

Design and user experience (UX) is becoming a key and fundamental factor for the development and creation of software products and web applications. Today, our UX team recommends a selection of…

Tips on How to Prevent Data Loss for Your Business

Data is information stored electronically that makes the world go round, and for businesses, in particular, it could include sensitive information about its finances, customers, and employees. The majority of…

8 Free PHP Books to Read in Summer 2018

In this article, we've listed 8 free PHP books that can help you to learn new approaches to solving problems and keep your skill up to date.   Practical PHP Testing This book…

6 Free Film Effect Photoshop Actions

Film and graphic lovers rejoice! Today we give us this little pack film effect Photoshop actions!  Photoshop actions allow designers to automate common sequences for increased efficiency. If you do much…

Top 10 Freebies For Designers of 2015

My grandmother always says, “Nothing in life is free.” In a way, she was correct. Even (some) Google products – considered free – are ad-supported.  Freebies be it any kind of…

Clicky