Installing an SSL certificate on your ISPConfig control panel involves a few steps, mainly focusing on generating or obtaining an SSL certificate and then configuring your web server to use that certificate for the ISPConfig’s control panel interface, which typically runs on port 8080. The process will slightly differ based on whether you are using Apache or Nginx as the web server for ISPConfig.
Before proceeding, ensure you have a backup of EVERYTHING you are modifying. It is easy to overlook this, but this guide does not work 100% of the time for every use case, and as such, there is a chance you will break something because of a path mismatch or because your configuration files do not mirror everything written here. Back up your files, you will be very grateful if something goes wrong.
Using Let’s Encrypt for SSL Certificate
If you decide to use Let’s Encrypt to secure your ISPConfig control panel, here’s how you can do it. This assumes you’re using Apache and have shell access to your server.
Install Certbot: Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
sudo apt update
sudo apt install certbot python3-certbot-apacheStop Apache or Nginx: Since you’re likely to use the standalone method (because ISPConfig is on a non-standard port), stop Apache or Nginx to free up port 80 for the verification process.
sudo systemctl stop apache2
# Or for Nginx
sudo systemctl stop nginxObtain the Certificate: Now, use Certbot to obtain an SSL certificate from Let’s Encrypt:
sudo certbot certonly --standalone -d server.example.com
# Replace 'server.example.com' with your host nameFollow the prompts. Certbot will temporarily spin up a web server to complete the domain verification process.
Configure Apache or Nginx for ISPConfig with SSL: Once you have your SSL certificate, you need to configure your web server to use it for the ISPConfig control panel. This involves editing the Apache or Nginx configuration file for ISPConfig.
For Apache, this might be /etc/apache2/sites-available/ispconfig.vhost or similar. You’ll need to add or modify it to include your SSL directives, pointing to the Let’s Encrypt certificates:
<VirtualHost *:8080>
ServerName server.example.com
Redirect "/" "https://server.example.com:8080/"
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
ServerName server.example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/server.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
# Remember to replace server.example.com with your host nameAdjust paths as necessary based on where your ISPConfig and Let’s Encrypt files are located.
Restart Apache or Nginx: After configuring SSL in the web server, restart the service:
sudo systemctl start apache2
# Or for Nginx
sudo systemctl start nginxAccess ISPConfig via HTTPS: Now, try accessing your ISPConfig control panel using
https://server.example.com:8080/
Remember to use your actual hostname. It should be secured with SSL.
Setting Auto-Renewal
Let’s Encrypt certificates are valid for 90 days. Certbot usually sets up a cron job or systemd timer to auto-renew certificates. Test auto-renewal with:
sudo certbot renew --dry-runAdjusting for Nginx
If your ISPConfig uses Nginx instead of Apache, you’ll need to adjust the SSL configuration steps for Nginx by editing the Nginx site configuration instead, located in a path like /etc/nginx/sites-available/. The SSL configuration directives differ slightly for Nginx.
This process sets up SSL for your ISPConfig control panel, enhancing its security by encrypting traffic between the server and its users.