Free SSL certificates through Let's Encrypt

GuardMoony · Dec 3rd 2015

Quote from mrpink

What kind of certificate?

For admin panel (nginx) or imscp services (courier/dovecot, postfix, proftpd) you have to do these steps:

Execute the command to reconfigure ssl and panel_ssl:

Code

/var/www/imscp/engine/setup/imscp-setup -dr ssl panel_ssl

On the screen for the Private key open the file /etc/letsencrypt/live/domain.com/privkey.pem.

On the screen for the Certificate open the file /etc/letsencrypt/live/domain.com/cert.pem.

On the screen for the Intermediate certificate open the file /etc/letsencrypt/live/domain.com/chain.pem.

Quote from Ninos

@mrpink for services and panel I recommend the official way perl imscp-autoinstall -dr ssl panel_ssl. Just if someone don't want to rerun the installer and already have certs installed he can go your way (still not supported). Think it's better before someone breaks his system

I just tried the combination of these 2. Ain't it failed with saying wrong ssl cert...

it first asks for the private key ( then a password )
followed with intermediate
And as last it asks for the certificate ( at this point it fails )

mafioso · Dec 4th 2015

@GuardMoony You selected the public key?

rabuntu · Dec 4th 2015

Hi @ All,

I've created my first cert with let's encrypt with

Code

./letsencrypt-auto certonly -a manual

It works fine and has created 4 files. (privkey, cert, chain and fullchain). But when i want copy the content of files (privkey-->private key, cert-->certifikat and fullchain-->ca-bundle or chain-->ca-bundle) imscp said "Ein Zertifikat in Ihrem CA-Bundle fehlt oder ist ungültig."

I cant understand what is wrong.

mrpink · Dec 4th 2015

What do you want with a ca-bundle?

privkey.pem -> Private Key
cert.pem -> Certificate
chain.pem -> Intermediate

Thats all and it's working. It can't be that hard.

And please check the howto because everything is explained there.

mrpink · Dec 4th 2015

Quote from GuardMoony

it first asks for the private key ( then a password )
followed with intermediate
And as last it asks for the certificate ( at this point it fails )

Yes that's true.

Private key -> choose /etc/letsencrypt/live/domain.com/privkey.pem
On the Password dialog enter nothing (only hit enter)
Intermediate -> choose /etc/letsencrypt/live/domain.com/chain.pem
Certificate -> choose /etc/letsencrypt/live/domain.com/cert.pem

It can't be that hard. Please also use your brains.

And please check the howto because everything is explained there.

rabuntu · Dec 4th 2015

Thank you mrpink for your quick response.

Yes it can't be that hard. I've 3 inputfields.

1. Privater Schlüssel
2. Zerfifikat
3. CA Bundle

**bluecafe** · Dec 4th 2015

Not sure why your third field is named CA Bundle (mine is named intermediate Certificate(s)). However, I have put the content of fullchain.pem in the third field and everything is working fine.
1. => privkey.pem
2. => cert.pem
3. => fullchain.pem

(fullchain.pem is indeed some kind of bundle since it bundles cert.pem and chain.pem)

rabuntu · Dec 4th 2015

I think the answer is my version from IMSCP is too old. Ash on my head, i've too long waited with updates.

After my search i've found this...

Zertifikat in ein i-MSCP einbinden

mrpink · Dec 4th 2015

Here the explanation for the different certificates in the live directory of a domain:

privkey.pem - private key
cert.pem - server certificate only
chain.pem - intermediates
fullchain.pem - server certificate + intermediates

**bluecafe** · Dec 4th 2015

@mrpink, do you think it could create problems if I took fullchain.pem as intermediate certificate? By now everything is working fine ..

Free SSL certificates through Let's Encrypt

Share

Daily visitors