Apache will not load if SSL is enabled

Discussion in 'General' started by cephlon, Aug 8, 2008.

  1. cephlon

    cephlon New Member

    I have a fresh install of ISPconfig on CentOS 4
    I install an SSL certificate for my site and I went to restart apache. Apache will not start if I have the SSL enabled for the site.
    Here is the output from the error log:

    Code:
    [Fri Aug 08 11:29:04 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:09 2008] [notice] caught SIGTERM, shutting down
    [Fri Aug 08 11:29:10 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Fri Aug 08 11:29:10 2008] [notice] Digest: generating secret for digest authentication ...
    [Fri Aug 08 11:29:10 2008] [notice] Digest: done
    [Fri Aug 08 11:29:10 2008] [notice] Apache/2.0.52 (CentOS) configured -- resuming normal operations
    [Fri Aug 08 11:29:15 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:15 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:20 2008] [notice] SIGHUP received.  Attempting to restart
    [Fri Aug 08 11:29:20 2008] [notice] Digest: generating secret for digest authentication ...
    [Fri Aug 08 11:29:20 2008] [notice] Digest: done
    [Fri Aug 08 11:29:22 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Fri Aug 08 11:29:23 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Fri Aug 08 11:29:42 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Fri Aug 08 11:29:43 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Fri Aug 08 11:29:43 2008] [notice] Digest: generating secret for digest authentication ...
    [Fri Aug 08 11:29:43 2008] [notice] Digest: done
    [Fri Aug 08 11:29:44 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:44 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:44 2008] [notice] Apache/2.0.52 (CentOS) configured -- resuming normal operations
    [Fri Aug 08 11:29:45 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:45 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:46 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:46 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:48 2008] [error] an unknown filter was not added: PHP
    [Fri Aug 08 11:29:48 2008] [error] an unknown filter was not added: PHP
     
  2. falko

    falko Super Moderator Howtoforge Staff

  3. cephlon

    cephlon New Member

    Thank you That did it.

    I still seem to be having an issue with the certificate though. If I try to go to https://mydomain.com, I get a invalid security certificate warning.

    I went through the install process several times in ISPconfig,but it doesn't seem to make a difference. It seems to be pulling the self-signed certificate, not the one I bought from Godaddy. How to I change the server config so that the IP is not shared and so it will use the specific certificate?
     
  4. cephlon

    cephlon New Member

    Well I spoke too soon.

    Code:
    $go_info["server"]["apache2_php"] = 'both';
    
    to:
    
    $go_info["server"]["apache2_php"] = 'addtype';
    Worked for a while, but I had to restart apache after changing my php.ini file and now my site won't load if I check SSL.

    I rechecked the config.inc.php file and it hasn't changed.

    Is there any hope for ISPconfig supporting SSL? I really like it but I need SSL support.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    What a question ;) ISPConfig supports SSL, otherwise there were not the SSL checkboxes.

    Please post the exact error messages that you get in the error log of the website when you turn on SSL.
     
  6. cephlon

    cephlon New Member

    I guess I should have said "MY" install of IspConfig :)

    Which error log, the httpd error log?
     
    Last edited: Aug 11, 2008
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, please look in the gloabl apache error log and in the error log of the website which is inside of the log directory in the website root.
     
  8. cephlon

    cephlon New Member

    Well I figured out from the log why the site wouldn't come up with ssl enabled. There was a private key mismatch error, so I deleted the certificate.

    I redid the entire SSL process outlined here: http://www.ispconfig.org/downloads/manual_en/manual_kunde_en_src.htm#4_2_4

    But I still get:
    Secure Connection Failed

    www.alohabroadband.com uses an invalid security certificate.

    The certificate is not trusted because it is self signed.

    (Error code: sec_error_ca_cert_invalid)

    In Firefox, when I click to add exception and view the certificate, it is not the one I installed from GoDaddy. Is it pulling the certificate from a different place? The cert in my /ssl directory matches exactly the cert from Godaddy.
    Hmm... any help is appreciated.
     
  9. falko

    falko Super Moderator Howtoforge Staff

  10. cephlon

    cephlon New Member

  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Please do the steps exactly in the order as described there. You created a new certificate request and certificate already, that is fine. Now take this certificate request and login at godaddy and let it sign, then copy this new ssl certificate that must be based on the csr created by ispconfig back to your ispconfig server.

    The mistake you made the first time was that the ssl certificate you used from godaddy was not based on the csr created by ispconfig.
     
  12. cephlon

    cephlon New Member

    But I have followed these steps exactly about 10 times. The certificate from godaddy is on my server in the web1/ssl directory. But when I go to https://mydomain.com, I the certificate that is being pulled is a self signed cert. I can't even find the self-signed cert on my server, but the godaddy one is right in my SSL.

    Does it have anything to do with the fact that the IP is shared? There is no where is ISPconfig to set a private IP address.
     
  13. cephlon

    cephlon New Member

    Ok, it worked this time. I had to restart ISPconfig in order for it to be recognized. The instructions didn't say anything about restarting ISPconfig, so someone may think about adding that.

    Thanks...
     
  14. dayjahone

    dayjahone Member

    There are a lot of posts about this but none from the beginning, so I'm still really confused.

    I bought an SSL certificate from godaddy. I enabled SSL on the website I want to be secure, gave godaddy the top portion of text, and they gave me two files:

    1) gd_bundle.crt
    2) www.mydomain.com.crt

    ...with the following instructions for installing the certificate:

    Code:
    Open the Apache ssl.conf file and add the following directives:
    SSLCertificateFile /path to certificate file/your issued certificate
    SSLCertificateKeyFile /path to key file/your key file
    SSLCertificateChainFile /path to intermediate certificate/null
    Save your ssl.conf file and restart Apache.
    I basically ignored these instructions and uploaded the two files they gave me to the site's SSL directory.

    I then added the following to the directives space on the website:

    Code:
    SSLCertificateChainFile/var/www/web#/ssl/gd_intermediate_bundle.crt
    Am I missing something? It still fails when I try and restart apache.

    Can it use the same IP address as everything else on the server?

    PLEASE help. This is driving me nuts.
     

Share This Page