Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • I ISPConfig 3
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 550
    • Issues 550
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 41
    • Merge requests 41
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #4667

Closed
Open
Created May 27, 2017 by Timo Volkmar@rootfuchs

Websites UI / Let's Encrypt :: add Option to allow switching to fullchain.pem in favor of chain.pem

ISPC 3.1.3

Currently we had multiple customers on Mac OS (latest: Mac OS Sierra Vers. 10.12.4.- Safari Vers. 10.1.) that cannot connect to Let's Encrypt protected Domains. A little search reveals it is an known issue of lets encrypt and - apparently - an simple fix for it. Simply the use of the LE given fullchain.pem instead of the chain.pem.

A) seems to fix the problem in every case. b) seems not to interfere with other Users (OS/Browser)

Solution was as follows:

  1. create in symlink to the fullchain-pem in the clients-ssl folder: /var/www/clients/clientX/webY/ssl/domain.example.com.pem -> /etc/letsencrypt/live/domain.example.com/fullchain.pem
  2. Inserting the new link as directive over the Interface overwriting in fact the default cert-Declaration.

Unfortunately the symlinks in the clients subfolder are not offering an link to the fullchain by default.

In fact the usage of chain.pem is nothring wrong, but faced with compatibility issue it seems maybe an good solution to add an option for that in an by page level.

Assignee
Assign to
Time tracking