aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
blob: f159d317f99aabc185762e00de17a99c5aa01c83 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
ISPConfig Let's Encrypt
=========================


# REQUIREMENTS

Let's Encrypt installed

ISPConfig (select version in branche)

Apache or Nginx


# INSTALLATION (as root)

```
git clone https://github.com/alexalouit/ISPConfig-letsencrypt.git
cd ISPConfig-letsencrypt
php -q install.php
```

After install, a new checkbox will be available in editing website, just check it.

Adjust server in ```/etc/letsencrypt/cli.ini```if isn't ``https://acme-v01.api.letsencrypt.org/directory```


## MANUAL INSTALLATION

- make your own backup!

- go to dir
```
cd ISPConfig-letsencrypt
```

- create Let's Encrypt configuration
```
cp ./cli.ini /etc/letsencrypt/cli.ini
```

- patch ISPConfig (merge all files from ./src to /usr/local/ispconfig)
```
rsync -av ./src/ /usr/local/ispconfig/
```

- prepare apache
```
cp ./apache.letsencrypt.conf /etc/apache2/conf-available/letsencrypt.conf
a2enmod headers
a2enconf letsencrypt
service apache2 reload
```

- prepare nginx
```
patch /etc/nginx/nginx.conf < ./nginx.conf.patch
service nginx reload
```

- create a cron for automatic renewal:
```
crontab -e
30 02 * * * /root/.local/share/letsencrypt/bin/letsencrypt-renewer >> /var/log/ispconfig/cron.log; done
```

- sql queries:
```
ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n';
```


## TROUBLESHOOTING

update Let's Encrypt
```
cd /root/letsencrypt
git fetch
./letsencrypt-auto
```

see Let's Encrypt log
```
cat /var/log/letsencrypt/letsencrypt.log
```

see ISPConfig log
```
cat /var/log/ispconfig/ispconfig.log
cat /var/log/ispconfig/cron.log
```

remove certs
```
rm -r /etc/letsencrypt/archive/$domain/
rm -r /etc/letsencrypt/live/$domain/
rm -r /etc/letsencrypt/renewal/$domain.conf
```

re-generate cert: uncheck SSL & Let's Encrypt, save, recheck and save