Enable SSL for the ISPConfig 3 Control Panel

This is how you enable SSL for the ISPConfig 3 Control Panel if you left it out on installation.

If you have ISPConfig version 3.0.3+ this is achieved very easily through “ispconfig_update.php” script from the installation archive, but if, from some reasons, you kept a version prior to 3.0.3 or you can’t run the updater script the you will have to do this manually.

  • First you’ll have to create the directory for the SSL certificate (if it doesn’t exist already):
mkdir /usr/local/ispconfig/interface/ssl
cd /usr/local/ispconfig/interface/ssl
  • Create the certificate files:
openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr -signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key
  • Enable the “mod_ssl” module (if not enabled already):
a2enmod ssl
  • Edit th ISPConfig vhost file, “/etc/apache2/sites-available/ispconfig.vhost” and add the following lines between “<VirtualHost>…</VirtualHost>” tags:
SSLEngine On
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
  • Restart “apache2” server;
  • Your ISPConfig Control Panel will be accessible at “https://ispconfig-vhost.tld:8080
  • If you are accessing the old address, “http://ispconfig-vhost.tld:8080” you will get an “error 400” page because now the ISPConfig interface should be accessed only through “https” protocol.
  • A workaround for this small issue it’s to define a “custom error 400 message” and for this just add the following line under the SSL lines we’ve added above:
SSLEngine On
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
ErrorDocument 400 "<script language='javascript' type='text/javascript'>window.location = 'https://'+window.location.hostname+':8080'+window.location.pathname;</script>"