I skimmed over a handful of threads and a handful of post, on the letsencrypt forums on how to do this after comping across a different answer per thread i just did what seemed the intuitive way. If you have input by all means feel free to shoot me an email.
So, you already have a SSL cert, you have ISPCONFIG on the same host/domain and you want to extend it. Maybe even extend it to your webmail setup. Well the hard part is already done - getting the cert. ISPCONFIG has its own self signed certs in /usr/local/ispconfig/interface/ssl. We’re just going to replace those with a symlink.
. |-- domain1.net | |-- README | |-- cert.pem | |-- chain.pem | |-- fullchain.pem ../../archive/domain1.net/fullchain1.pem | `-- privkey.pem |-- domain2.net | |-- README | |-- cert.pem | |-- chain.pem | |-- fullchain.pem | `-- privkey.pem |-- domain2.net-0001 | |-- README | |-- cert.pem | |-- chain.pem | |-- fullchain.pem ../../archive/domain2.net-0001/fullchain1.pem | `-- privkey.pem
. |-- domain1.net.crt |-- domain1.net.csr |-- domain1.net.key
You’ll see several ISPCONFIG certs - you only need two of them. So backup what you see there and then remove them. The two keys that you need are going to be the cert (.crt), and key (.key). Those map to fullchain.pem, and privkey.pem respectively.
**ln -s /etc/letsencrypt/live/domain1.net/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt **ln -s /etc/letsencrypt/live/domain1.net/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.key
That’s it. It’s not necessary to restart any services, just try and hit your ISPCONFIG url and you should be met with an ssl certified web site.