GoDaddy SSL Certificates and ISPConfig

Discussion in 'Installation/Configuration' started by dayjahone, Oct 8, 2008.

  1. dayjahone

    dayjahone Member

    There are a lot of posts about this but none from the beginning, so I'm still really confused.

    I bought an SSL certificate from godaddy. I enabled SSL on the website I want to be secure, gave godaddy the top portion of text, and they gave me two files:

    1) gd_bundle.crt
    2) www.mydomain.com.crt

    ...with the following instructions for installing the certificate:

    Code:
    Open the Apache ssl.conf file and add the following directives:
    SSLCertificateFile /path to certificate file/your issued certificate
    SSLCertificateKeyFile /path to key file/your key file
    SSLCertificateChainFile /path to intermediate certificate/null
    Save your ssl.conf file and restart Apache.
    I basically ignored these instructions and uploaded the two files they gave me to the site's SSL directory.

    I then added the following to the directives space on the website:

    Code:
    SSLCertificateChainFile/var/www/web#/ssl/gd_intermediate_bundle.crt
    Am I missing something? It still fails when I try and restart apache.

    Can it use the same IP address as everything else on the server?

    PLEASE help. This is driving me nuts.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Create a self signed certificate in ISPConfig.
    2) Take the certificate request which is shown in the ispconfig interface then and let it sign by godaddy.
    3) The certificate (crt) that you receive as result of the signung process has to be pasted into the certificate field in ispconfig and then select save certificate as action. Be aware that only a certificate will work ere the ecrtificate request has been generated by ISPConfig.
    4) upload the intermediate file to the ssl directory of the website and add the line:

    SSLCertificateChainFile /var/www/web#/ssl/gd_intermediate_bundle.crt

    to the apache directives field. In the line you posted above there is a space missing after SSLCertificateChainFile.
     
  3. dayjahone

    dayjahone Member

    Last edited: Oct 9, 2008
  4. falko

    falko Super Moderator Howtoforge Staff

    The SSL cert for the ISPConfig interface is located in /root/ispconfig/httpd/ssl.
     
  5. dayjahone

    dayjahone Member

    Do I just copy the intermediate bundle and the cert. there? Then what? Do I need the cert. in both places? They are both the same domain.
     
  6. dayjahone

    dayjahone Member

    I guess I just need instructions on how to set up a certificate for the ISPConfig login and use the same certificate for other pages on that domain.
     
  7. JeGr

    JeGr Member

    It doesn't matter that both are the same domain. They are running with two different apache instances (the one for the system on port 80 and ispconfig's own on port 81) and are therefore technically two different sites. The second one (ispconfig's own) doesn't yet know anything about a new certificate. Copy the cert to the location Falko gave in his post and modify /root/ispconfig/httpd/conf/httpd.conf accordingly.
     
  8. bigger_travis

    bigger_travis New Member

    thanks so much, i have been looking for a way to install a ssl i purchase with godaddy. im by no means a pro when it comes to programming, thats why i like your "Perfect" install tutorials. was inspired by them that i created my own tutorial to show people like me (beginners) how you can re-install godaddy ssl certificate into your ispconfig site.

    tutorial is here: how to setup and install goddaddy ssl certificate with ispconfig

    thanks
     
  9. dpicella

    dpicella New Member

    The easiest way to use GoDaddy SSL with ISPConfig

    I discovered a much easier way to do this!!

    1. Generate your self signed certificate the normal way using ISPConfig 2 or 3
    2. Paste your certificate request in the GoDaddy website
    3. When GoDaddy asks you what type of server you are using (i.e., apache, CPanel, Plesk, Etc.) select "Other" - this is the most important step!!!
    4. When you get the certificate download from GoDaddy it will not have an intermediate file. You can simply past the certificate they sent you in the certificate box and you are ready to go. You do not have to add any Apache server directives and you do not have to alter any conf files!

    Cheers!
     
  10. obrienj619

    obrienj619 New Member HowtoForge Supporter

    GoDaddy SSL Cert 256bit

    I never actually found an article to install step by step GoDaddy SSL certs using 256bit encryption. I figured it out how to actually get an SSL cert working for a website located on my webserver running ISPConfig 2.2.33.

    Please note the # symbols should represent your website number.

    1. Create the SSL Cert using the ISPConfig Control Panel
    2. SSH into ISPConfig Server
    3. Move the 4 files created by ISPConfig Control Panel in the
    /var/www/web#/ssl folder to a safe place in case you need to recover later.
    4. Manually Generate the SSL Certs using OpenSSL
    a. from the /var/www/web#/ssl folder type the following command:
    openssl genrsa –des3 –out www.yourwebsite.com.key 2048
    b. Create Your CSR to send to godaddy
    openssl req –new –key www.yourwebsite.com.key –out
    www.yourwebsite.com.csr
    c. Rename your key file
    mv www.yourwebsite.com.key www.yourwebsite.key.org
    d. Unencrypt your key file
    openssl rsa –in www.yourswebsite.com.key.org –out
    www.yourwebsite.com.key
    5. Send your CSR to Godaddy for signing
    6. Once you get your signed CSR you can upload the certificates into
    the ssl directory. You will typically get two files:
    www.yourwebsite.com.crt and gd_bundle.crt
    7. Open Your ISPConfig Control Panel and under the main screen and
    add the apache directive:
    SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
    8. Restart Apache using your ISPConfig Control Panel
    9. Test your SSL cert using the https protocol on your website:
    https://www.yourwebsite.com

    Good Luck
     
  11. obrienj619

    obrienj619 New Member HowtoForge Supporter

    Please see my pdf it may be easier to read
     

    Attached Files:

  12. totte_karlsson

    totte_karlsson New Member

    There is no 'Other' option at GoDaddy as of Dec 5 2009.
     
  13. createch

    createch New Member

    Another way to tackle the problem (I tried it myself and it works)

    1. edit the openssl.cnf.master file
    (typically it is in /root/ispconfig/isp/conf)
    change the "default_bits" from "1024" to "2048"

    2. edit the file config.lib.php
    (typically it is in /root/ispconfig/scripts/lib
    Change the "1024" to "2048" in the following command:

    openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key

    3. restart ispconfig (i.e. service ispconfig_server restart)

    Now use the normal steps to do the CSR generation in the ISPconfig panel and it will give you a key of 2048bit, which is suitable for Godaddy.

    i.e.
    1. In the ISPconfig panel, use "Create Certificate" to generate the CSR
    2. Put the CSR to the Godaddy and do a re-key (now it will be successful)
    3. download the Cert from godaddy
    4. put the cert back to ISPconfig panel SSL Certificate textbox and save
    5. Upload the 2 key files from Godaddy to the ssl directory of the domain concerned (gd_bundle.crt and yourname.crt)
    6. add the apache directive in the domain concerned:
    SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
    [replace the above # with the domain number]
    7. Restart http (i.e. service httpd restart)

    and you will get your SSL site running in the domain concerned.

    Enjoy..
    Createch
     
  14. paullorentzen

    paullorentzen New Member

    I'm running ispconfig 3.0.1.3 on Ubuntu 9.04 and can't seem to locate the config.lib.php or openssl.cnf.master files.

    The /root directory is empty.

    ispconfig is up an running so I know its located somewhere.

    A find / -name '*config.lib*' command yeilds nothing.

    What am I doing wrong?
     
  15. paullorentzen

    paullorentzen New Member

    ISPconfig 3 2048bit SSL certificate instructions

    Apparently, the configuration system changed from ISPconfig v2 to v3.

    Config for v3 is located in /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php.

    Here are complete config instructions for ISPconfig v3

    http://how2forge.com/forums/showthread.php?p=214955

    This worked perfectly for a godaddy premium SSL certificate.

    Paul
     
  16. kextra1

    kextra1 Member

    Enom & ispconfig & rapidssl

    I am having an ONGOING problem with SSL for the ISPConfig 2 admin panel.

    I have already wasted 2 certificates working on the 2nd for the ISPConfig admin panel. I cannot change my CSR once I submit it so please let me know if you have the answer to my problem if you are reading this.

    I do not care if https://www.mysite.com works at all. The SSL box can be uncheckmarked for that web for all i care if possible.

    My goal is to have the ISPConfig admin panel SSL cert for my web1 domain work so it doesnt give a "warning" in browsers when people try to access the panel or webmail at https://www.myispconfigsite.com:81

    I know how to generate the certificate in /root/ispconfig/httpd/conf

    Question1:

    I have to pick a certificate type to submit the CSR to rapidssl.

    Here are my choices.

    Apache2
    Apache+ApacheSSL
    Apache+OpenSSL
    Apache+MOD SSL
    Apache+Raven
    Apache+SSLeay

    Which should I choose?

    Question2:

    Does SSL have to be enabled on the web I wish to have the admin panel accessed by?

    I simply want my RapidSSL certificate to work with my favorite domain/web so when people access ISPConfig at https://www.myispconfigpanel.com:81

    It will be valid!

    I've been feeling like pulling my hair out so let me know if you can answer my questions. It's driving me CRAZY!

    They have detailed instructions for CPanel, Plesk, and other panels but there is no instructions anywhere whatsoever for ISPConfig.

    Simply put, out of THESE options:

    Apache2
    Apache+ApacheSSL
    Apache+OpenSSL
    Apache+MOD SSL
    Apache+Raven
    Apache+SSLeay

    Which should I choose for the https://www.myispconfigpanel.com:81 certificate I will generate in /root/ispconfig/httpd/conf/ ?

    Thanks very much to anyone who can answer that question :)
     
  17. ambiental

    ambiental New Member

    How I made it

    Hi, first post, after years using ISPConfig!

    I made it in that way:

    01 - Login to ISPConfig Control Panel and under the SSL website, generate a SSL Cert.

    02 - Loging to your server command terminal (SSH) and cd to the website where you want the SSL (replace # with the website ID):

    Command
    Code:
    cd /var/www/web#/ssl
    03 - Now manaually generate the 2048-Bit Cert (replace example.com with your domain):

    Generate KEY with the command
    Code:
    openssl genrsa –des3 –out www.example.com.key 2048
    Generate CSR with the command
    Code:
    openssl req –new –key www.example.com.key –out www.example.com.csr
    Rename KEY with the command
    Code:
    mv www.example.com.key www.example.com.key.org
    Unencrypt KEY with the command
    Code:
    openssl rsa –in www.example.com.key.org –out www.example.com.key
    04 - You should have at least three files listed:

    Code:
    www.example.com.csr
    www.example.com.key
    www.example.com.key.org
    05 - Now copy and paste the CSR to the GoDaddy website:

    Send the cat command to display the CSR
    Code:
    cat www.example.com.csr
    Now paste the output of www.example.com.csr into the GoDaddy website to send you CSR to Godaddy for signing.

    06 - After signing has been completed, you will see a donwload button in the GoDaddy website. Unzip the two files, most likely the will look like this:

    Code:
    gd_bundle.crt
    www.example.com.crt
    Upload these two file in to the ssl directory of your website, for example: /var/www/web#/ssl

    07 - Go back to your ISPConfig Control Panel in the website where you are installating the SSL Cert, in the Apache Directives section, enter the following:

    Code:
    SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
    And save the changes.

    08 - Under the Management tab in your ISPConfig panel, go to Server > Services and restart the Web Server.

    09 - Done. Now test your website: https://www.example.com

    10 - If www.example.com is also your ISPConfig domain, make it work to the 81 port too:

    Edit the httpd.conf file
    Code:
    vim /root/ispconfig/httpd/conf/httpd.conf
    Point to the new CRT file
    Code:
    SSLCertificateFile /var/www/web#/ssl/www.example.com.crt
    #SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/server.crt
    Point to the new KEY file
    Code:
    SSLCertificateKeyFile /var/www/web#/ssl/www.example.com.key
    #SSLCertificateKeyFile /root/ispconfig/httpd/conf/ssl.key/server.key
    Point to the CRT bundle file
    Code:
    SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
    #SSLCertificateChainFile /root/ispconfig/httpd/conf/ssl.crt/ca.crt
    Regards,

    Haldor Omar
     
  18. 3DPeruna

    3DPeruna New Member

    When I go to check the SSL box for the domain to install SSL, I'm getting the following:

    Code:
    An SSL certificate does already exist for this IP.
     
  19. 3DPeruna

    3DPeruna New Member

    The problem I listed above still exists, but I was able to get the certificate created on GoDaddy. It's downloaded.

    However if I go to my https://www.domain.com, I'm getting the self-signed certificate for the server (https://server.serverdomain.com). Any thoughts?
     
    Last edited: Nov 10, 2010
  20. 3DPeruna

    3DPeruna New Member

Share This Page