How to renew the ISPConfig 3 SSL Certificate

This tutorial describes the steps to renew the SSL Certificate of the ISPConfig 3 control panel. There are two alternative ways to achieve that:

  1. Create a new OpenSSL Certificate and CSR on the command line with OpenSSL.
  2. Renew the SSL Certificate with the ISPConfig updater

I'll start with the manual way to renew the ssl cert.

1) Create a new ISPConfig 3 SSL Certificate with OpenSSL

Login to your server on the shell as root user. Before we create a new SSL Cert, backup the current ones. SSL Certs are security sensitive so I'll store the backup in the /root/ folder.

tar pcfz /root/ispconfig_ssl_backup.tar.gz /usr/local/ispconfig/interface/ssl
chmod 600 /root/ispconfig_ssl_backup.tar.gz

Now create a new SSL Certificate key, Certificate Request (csr) and a self signed Certificate.

openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr \
-signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key
mv ispserver.key.insecure ispserver.key

Restart Apache to load the new SSL Certificate.

service apache2 restart

2) Renew the SSL Certificate with the ISPConfig installer

The alternative way to get a new SSL Certificate is to use the ISPConfig update script.

Download ISPConfig to the /tmp folder, unpack the archive and start the update script.

cd /tmp
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php

The update script will ask the following question during update:

Create new ISPConfig SSL certificate (yes,no) [no]:

Answer "yes" here and the SSL Certificate creation dialog will start.

How to install FFmpeg on Ubuntu 14.04

FFmpeg has been removed from Ubuntu 14.04 and was replaced by Libav. This decision has been reversed so that FFmpeg is available now in Ubuntu 15.04 again, but there is still no official package for 14.04. In this tutorial, I will show you how to install FFmpeg from mc3man ppa. Add the mc3man ppa:

sudo add-apt-repository ppa:mc3man/trusty-media

And confirm the following message by pressing <enter>:

Also note that with apt-get a sudo apt-get dist-upgrade is needed for initial setup & with some package upgrades
More info:
Press [ENTER] to continue or ctrl-c to cancel adding it

Update the package list.

sudo apt-get update
sudo apt-get dist-upgrade

Now FFmpeg is available to be installed with apt:

sudo apt-get install ffmpeg

Disable IPv6 networking on CentOS

Follow these steps to disable IPv6 on CentOS. Edit the /etc/sysctl.conf file, I will use the nano editor here:

nano /etc/sysctl.conf

And add the following line at the end of the file:

net.ipv6.conf.all.disable_ipv6 = 1

Then run:

sysctl -p

to load the new settings.

The next step is to edit the network card configuration file (/etc/sysconfig/network-scripts/ifcfg-eth*) and add or edit the setting IPV6INIT so that it is set to "no".


Now edit the file /etc/sysconfig/network:

nano /etc/sysconfig/network

And set the NETWORKING_IPV6 option to "no":


Then restart the server.

Enable image caching in apache for better Google Page Speed results

High page speed and short page load times of your website are essential for good search engine rankings today. In this FAQ, I will show you how to enable caching of graphic and CSS files in apache on Ubuntu and Debian.

The first step is to enable the expires module in apache:

a2enmod headers expires

This module allows the apache web server to set HTTP headers, in this case, to set the modification header for static assets like image and CSS files that don't change often.

Add the following config snippet inside the vhost file of the web site or at the end of the file /etc/apache2/apache2.conf to enable it globally.

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=3024000, public"

Finally reload apache to apply the configuration change.

service apache2 reload

On ISPConfig 3 servers, the snippet can be added in the "Apache Directives" field of the website instead. There is no apache reload required as ISPConfig takes care about that.

How to add PHP support for jailed SSH users in ISPConfig 3

Jailkit is an easy to use tool to create and maintain jail environments for shell users on Linux. In this guide, I will show you how to move PHP and its dependencies into the jail so that the jailed user can execute PHP scripts inside the jail.
Continue reading How to add PHP support for jailed SSH users in ISPConfig 3