Add new address
- IP-address — enter the IP-адрес for incoming connections.
- Port — enter the port number for incoming connections. Leaving this field blank will apply the default value.
- Forbid HTTP connections — the built-in web-server can receive both HTTP and HTTPS requests. Select the check box to forbid HTTP requests. They will be automatically redirected to HTTPS.
- Use my certificates — the web-server requires an SSL certificate for processing HTTPS connections. If the certificate is not specified, a self-signed certificate will be created and used.
- SSL certificate — enter the SSL certificate that you want to use. Leaving the field blank will not change the certificate for these IP/port. When creating a new record, the certificate will be created automatically
- SSL certificate key — enter the key for your SSL certificate.
- SSL-authentication — select how you want to configure authentication using SSL certificates. Once this option is selected, you will be able to add SSL keys for authentication in the control panel.
- Use certificate of web-server — select the check box to use the same SSL certificate as for HTTPS connections. In this case, you can create SSL keys for accessing the panel via the SSL keys management module.
- SSL certificate for authentication — if the above check box is not selected, enter the SSL certificate you are going to use for authentication.
- Only SSL-authentication — after activating this option you won’t be able to work with the panel through that port unless you have the appropriate SSL key. You can create a key in the SSL keys management module. HTTP requests will be redirected
Starting from version 5.124 you can add certificates for your panel in a separate module where you can add SSL-certificates to panel addresses or a domain name (support of Server Name Indication must be activated).
SSL-certificate will allow you to access a control panel by its IP address or domain name via https protocol.
Let’s Encrypt certificate
This feature is supported from version 5.124.
Let’s Encrypt is a free certification authority that provides free X.509 certificated for TLS encryption. An automated process enables to facilitate the creation, verification, setup, and renewal of SSL certificates for protected websites.
For more information, please refer to the official website.
Please note the following limits
- You can order only 5 certificates a week (TLD, including its subdomains)
- Wildcard certificates are not supported
- Let’s Encrypt certificate validity period is 3 months (every 3 months ISPmanager will reissue Let’s Encrypt certificates)
More information about additional limits can be found here.
Before you add Let’s Encrypt certificate, make sure that the domain name leads to existing IP address of the control panel, as the system will verify that you are the owner of that domain.
A file with token and data for verification is created in
Let’s Encrypt sends a request by the domain name and reads the token.
After the certificate is issued, a new cron job is added. It will check if the certificate needs to be renewed:
If several certificates for 3d-level (and higher) domain names are issued, you may face the “Too many subdomains” error. This Let’s Encrypt restriction allows to continue the issue procedure after a while (normally, within 24 hours).
Apache and Nginx web-servers are supported. If none of these servers are running, a built-in server will start to receive requests from Let’s Encrypt during domain verification.
When you add an existing certificate, domain name and its IP address are not checked. If domain and IP address do not match, the corresponding icon will be shown next to the certificate.
- Certificate type – select a certificate that you want to order.
- Let’s Encrypt certificate
- Existing certificate
- Domain name – enter a domain name the certificate will be issued for. If you want to use an existing SSL-certificate, the domain name will be taken from that certificate.
- IP address – IP address of the control panel that will be associated with the certificate.
- SSL-certificate – enter an SSL-certificate you want to use.
- SSL-certificate key – enter a key for your certificate
- SSL-certificate chain – enter a certificate chain that will be added into the certificate file.
Server Name Indication
If OS supports Server Name Indication, you can add several SSL-certificates for different domain names. When you access a panel via domain name, the panel will use the certificate corresponding to that domain name.
Server Name Indication is supported by:
- CentOS 7 and later.
- Debian 8 and later.
- Ubuntu16.04 and later.
Certificates with alternative domain names are also supported.
To delete an address, select it from the list and click the “Delete” icon. Confirm that you want to delete the selected address by clicking “OK” in the following window.