3.7.5 Configuring the SSL certificate for the ISPManager control panel
Information: this article will be relevant for owners of virtual and dedicated servers with installed ISPManager4 control panel. You must have root administrator access.
Security of access to the virtual or dedicated server control panel is an important step towards information security. Using SSL/TLS certificates for traffic encryption ensures confidentiality and protection against data interception while working with the ISPManager4 control panel.
Secure HTTPS connection not only encrypts data transmitted between the user’s browser and the control panel but also confirms server authenticity, preventing man-in-the-middle attacks.
Important: before making changes to the configuration, be sure to create backups of standard certificate files and configuration. Make sure You have up-to-date certificate files, certificate chain, and private key.
Prerequisites
To set up a secure connection for Your ISPManager4 control panel, You need to order a certificate for the domain that will be used to access the control panel and activate it.
Information: for convenient access to the ISPManager4 control panel, You can create a separate subdomain, for example panel.domain_name.com or admin.domain_name.com. You can use any of the existing domains on Your server or register a new one.
It’s important to properly configure DNS records - create an A record that points to Your server’s IP address, and wait for complete DNS propagation (up to 24 hours) before ordering an SSL certificate.
After activation, before installing the SSL certificate, make sure You have successfully passed the certificate validation and have the following files “on hand”:
- Certificate. Sent to the administrator’s email after successful validation. Usually named
Your_domain.crt. - Certificate chain. Sent to the administrator’s email after successful validation. Chain names may slightly differ, usually they are:
USERTrust_RSA_Certification_AuthorityorCA_Bundle. Sometimes the chain may come as two files, for exampleSectigo_RSA_Domain_Validation_Secure_Server_CA.crtandUSERTrust_RSA_Certification_Authority.crt. In this case, the actual chain is the content of these two files added together, in this exact order. - Secret (private) key. Generated along with CSR during the SSL ordering or generation stage. It is confidential information that is strictly forbidden to share with third parties.
Question: where can I find the secret (private) key of my SSL certificate ordered from TheHost?
If the SSL certificate was ordered from us, You can find the secret key in the billing panel, in the SSL certificates section. Select the desired certificate with a mouse click and click Edit in the top right. In one of the sections of the popup window, You will be able to see the secret key:
Configuring SSL/TLS for ISPManager
Information: certificate files may have a different path, You can check this in the configuration file /usr/local/ispmgr/etc/ispmgr.inc.
The path to certificate files is contained in the lines:
SSLCertificateFile /usr/local/ispmgr/etc/manager.crt
SSLCertificateKeyFile /usr/local/ispmgr/etc/manager.key
1. Log into the control panel as root user and go to Settings ⮕ Panel Address.
2. In the Use dedicated name field, specify the domain for which You have an SSL certificate.
Information: after changing the control panel address, access to it will be through the new address. Make sure DNS records are properly configured before making changes.
3. Navigate to the certificates directory via SSH or File Manager:
- cd /usr/local/ispmgr/etc/
4. Open the manager.crt file and replace its contents with Your certificate and certificate chain. It’s important to add them sequentially, one after another, without extra spaces.
5. Open the manager.key file and replace its contents with Your private key.
6. Restart the control panel using the command via SSH:
- killall -9 ispmgr
Important: after restarting the control panel, it may take several minutes to restore access. If You experience access problems, check the correctness of installed certificates and configuration.
7. Check the availability of the control panel via HTTPS at the new address by opening https://New_panel_address.com/ispmgr in the address bar. The connection should show as secure when connecting.
Worth noting: when further working with the control panel, You should use the domain https://New_panel_address.com/ispmgr for connection rather than IP, for example: https://172.172.172.172/ispmgr.
The certificate needs to be renewed every year, along with updating the contents of the files on the server.
