blob: f159d317f99aabc185762e00de17a99c5aa01c83 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
ISPConfig Let's Encrypt
=========================
# REQUIREMENTS
Let's Encrypt installed
ISPConfig (select version in branche)
Apache or Nginx
# INSTALLATION (as root)
```
git clone https://github.com/alexalouit/ISPConfig-letsencrypt.git
cd ISPConfig-letsencrypt
php -q install.php
```
After install, a new checkbox will be available in editing website, just check it.
Adjust server in ```/etc/letsencrypt/cli.ini```if isn't ``https://acme-v01.api.letsencrypt.org/directory```
## MANUAL INSTALLATION
- make your own backup!
- go to dir
```
cd ISPConfig-letsencrypt
```
- create Let's Encrypt configuration
```
cp ./cli.ini /etc/letsencrypt/cli.ini
```
- patch ISPConfig (merge all files from ./src to /usr/local/ispconfig)
```
rsync -av ./src/ /usr/local/ispconfig/
```
- prepare apache
```
cp ./apache.letsencrypt.conf /etc/apache2/conf-available/letsencrypt.conf
a2enmod headers
a2enconf letsencrypt
service apache2 reload
```
- prepare nginx
```
patch /etc/nginx/nginx.conf < ./nginx.conf.patch
service nginx reload
```
- create a cron for automatic renewal:
```
crontab -e
30 02 * * * /root/.local/share/letsencrypt/bin/letsencrypt-renewer >> /var/log/ispconfig/cron.log; done
```
- sql queries:
```
ALTER TABLE `web_domain` ADD `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n';
```
## TROUBLESHOOTING
update Let's Encrypt
```
cd /root/letsencrypt
git fetch
./letsencrypt-auto
```
see Let's Encrypt log
```
cat /var/log/letsencrypt/letsencrypt.log
```
see ISPConfig log
```
cat /var/log/ispconfig/ispconfig.log
cat /var/log/ispconfig/cron.log
```
remove certs
```
rm -r /etc/letsencrypt/archive/$domain/
rm -r /etc/letsencrypt/live/$domain/
rm -r /etc/letsencrypt/renewal/$domain.conf
```
re-generate cert: uncheck SSL & Let's Encrypt, save, recheck and save
|