There are a lot of posts about this but none from the beginning, so I'm still really confused. I bought an SSL certificate from godaddy. I enabled SSL on the website I want to be secure, gave godaddy the top portion of text, and they gave me two files: 1) gd_bundle.crt 2) www.mydomain.com.crt ...with the following instructions for installing the certificate: Code: Open the Apache ssl.conf file and add the following directives: SSLCertificateFile /path to certificate file/your issued certificate SSLCertificateKeyFile /path to key file/your key file SSLCertificateChainFile /path to intermediate certificate/null Save your ssl.conf file and restart Apache. I basically ignored these instructions and uploaded the two files they gave me to the site's SSL directory. I then added the following to the directives space on the website: Code: SSLCertificateChainFile/var/www/web#/ssl/gd_intermediate_bundle.crt Am I missing something? It still fails when I try and restart apache. Can it use the same IP address as everything else on the server? PLEASE help. This is driving me nuts.
1) Create a self signed certificate in ISPConfig. 2) Take the certificate request which is shown in the ispconfig interface then and let it sign by godaddy. 3) The certificate (crt) that you receive as result of the signung process has to be pasted into the certificate field in ispconfig and then select save certificate as action. Be aware that only a certificate will work ere the ecrtificate request has been generated by ISPConfig. 4) upload the intermediate file to the ssl directory of the website and add the line: SSLCertificateChainFile /var/www/web#/ssl/gd_intermediate_bundle.crt to the apache directives field. In the line you posted above there is a space missing after SSLCertificateChainFile.
It seems to be working if I go to https://www.mydomain.com, but if I go to port 81 (https://www.mydomain.com:81/ for ISPConfig and webmail) it uses the old certificate. I'd like it to use the certificate I purchased for the site.
Do I just copy the intermediate bundle and the cert. there? Then what? Do I need the cert. in both places? They are both the same domain.
I guess I just need instructions on how to set up a certificate for the ISPConfig login and use the same certificate for other pages on that domain.
It doesn't matter that both are the same domain. They are running with two different apache instances (the one for the system on port 80 and ispconfig's own on port 81) and are therefore technically two different sites. The second one (ispconfig's own) doesn't yet know anything about a new certificate. Copy the cert to the location Falko gave in his post and modify /root/ispconfig/httpd/conf/httpd.conf accordingly.
thanks so much, i have been looking for a way to install a ssl i purchase with godaddy. im by no means a pro when it comes to programming, thats why i like your "Perfect" install tutorials. was inspired by them that i created my own tutorial to show people like me (beginners) how you can re-install godaddy ssl certificate into your ispconfig site. tutorial is here: how to setup and install goddaddy ssl certificate with ispconfig thanks
The easiest way to use GoDaddy SSL with ISPConfig I discovered a much easier way to do this!! 1. Generate your self signed certificate the normal way using ISPConfig 2 or 3 2. Paste your certificate request in the GoDaddy website 3. When GoDaddy asks you what type of server you are using (i.e., apache, CPanel, Plesk, Etc.) select "Other" - this is the most important step!!! 4. When you get the certificate download from GoDaddy it will not have an intermediate file. You can simply past the certificate they sent you in the certificate box and you are ready to go. You do not have to add any Apache server directives and you do not have to alter any conf files! Cheers!
GoDaddy SSL Cert 256bit I never actually found an article to install step by step GoDaddy SSL certs using 256bit encryption. I figured it out how to actually get an SSL cert working for a website located on my webserver running ISPConfig 2.2.33. Please note the # symbols should represent your website number. 1. Create the SSL Cert using the ISPConfig Control Panel 2. SSH into ISPConfig Server 3. Move the 4 files created by ISPConfig Control Panel in the /var/www/web#/ssl folder to a safe place in case you need to recover later. 4. Manually Generate the SSL Certs using OpenSSL a. from the /var/www/web#/ssl folder type the following command: openssl genrsa –des3 –out www.yourwebsite.com.key 2048 b. Create Your CSR to send to godaddy openssl req –new –key www.yourwebsite.com.key –out www.yourwebsite.com.csr c. Rename your key file mv www.yourwebsite.com.key www.yourwebsite.key.org d. Unencrypt your key file openssl rsa –in www.yourswebsite.com.key.org –out www.yourwebsite.com.key 5. Send your CSR to Godaddy for signing 6. Once you get your signed CSR you can upload the certificates into the ssl directory. You will typically get two files: www.yourwebsite.com.crt and gd_bundle.crt 7. Open Your ISPConfig Control Panel and under the main screen and add the apache directive: SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt 8. Restart Apache using your ISPConfig Control Panel 9. Test your SSL cert using the https protocol on your website: https://www.yourwebsite.com Good Luck
Another way to tackle the problem (I tried it myself and it works) 1. edit the openssl.cnf.master file (typically it is in /root/ispconfig/isp/conf) change the "default_bits" from "1024" to "2048" 2. edit the file config.lib.php (typically it is in /root/ispconfig/scripts/lib Change the "1024" to "2048" in the following command: openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key 3. restart ispconfig (i.e. service ispconfig_server restart) Now use the normal steps to do the CSR generation in the ISPconfig panel and it will give you a key of 2048bit, which is suitable for Godaddy. i.e. 1. In the ISPconfig panel, use "Create Certificate" to generate the CSR 2. Put the CSR to the Godaddy and do a re-key (now it will be successful) 3. download the Cert from godaddy 4. put the cert back to ISPconfig panel SSL Certificate textbox and save 5. Upload the 2 key files from Godaddy to the ssl directory of the domain concerned (gd_bundle.crt and yourname.crt) 6. add the apache directive in the domain concerned: SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt [replace the above # with the domain number] 7. Restart http (i.e. service httpd restart) and you will get your SSL site running in the domain concerned. Enjoy.. Createch
I'm running ispconfig 3.0.1.3 on Ubuntu 9.04 and can't seem to locate the config.lib.php or openssl.cnf.master files. The /root directory is empty. ispconfig is up an running so I know its located somewhere. A find / -name '*config.lib*' command yeilds nothing. What am I doing wrong?
ISPconfig 3 2048bit SSL certificate instructions Apparently, the configuration system changed from ISPconfig v2 to v3. Config for v3 is located in /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php. Here are complete config instructions for ISPconfig v3 http://how2forge.com/forums/showthread.php?p=214955 This worked perfectly for a godaddy premium SSL certificate. Paul
Enom & ispconfig & rapidssl I am having an ONGOING problem with SSL for the ISPConfig 2 admin panel. I have already wasted 2 certificates working on the 2nd for the ISPConfig admin panel. I cannot change my CSR once I submit it so please let me know if you have the answer to my problem if you are reading this. I do not care if https://www.mysite.com works at all. The SSL box can be uncheckmarked for that web for all i care if possible. My goal is to have the ISPConfig admin panel SSL cert for my web1 domain work so it doesnt give a "warning" in browsers when people try to access the panel or webmail at https://www.myispconfigsite.com:81 I know how to generate the certificate in /root/ispconfig/httpd/conf Question1: I have to pick a certificate type to submit the CSR to rapidssl. Here are my choices. Apache2 Apache+ApacheSSL Apache+OpenSSL Apache+MOD SSL Apache+Raven Apache+SSLeay Which should I choose? Question2: Does SSL have to be enabled on the web I wish to have the admin panel accessed by? I simply want my RapidSSL certificate to work with my favorite domain/web so when people access ISPConfig at https://www.myispconfigpanel.com:81 It will be valid! I've been feeling like pulling my hair out so let me know if you can answer my questions. It's driving me CRAZY! They have detailed instructions for CPanel, Plesk, and other panels but there is no instructions anywhere whatsoever for ISPConfig. Simply put, out of THESE options: Apache2 Apache+ApacheSSL Apache+OpenSSL Apache+MOD SSL Apache+Raven Apache+SSLeay Which should I choose for the https://www.myispconfigpanel.com:81 certificate I will generate in /root/ispconfig/httpd/conf/ ? Thanks very much to anyone who can answer that question
How I made it Hi, first post, after years using ISPConfig! I made it in that way: 01 - Login to ISPConfig Control Panel and under the SSL website, generate a SSL Cert. 02 - Loging to your server command terminal (SSH) and cd to the website where you want the SSL (replace # with the website ID): Command Code: cd /var/www/web#/ssl 03 - Now manaually generate the 2048-Bit Cert (replace example.com with your domain): Generate KEY with the command Code: openssl genrsa –des3 –out www.example.com.key 2048 Generate CSR with the command Code: openssl req –new –key www.example.com.key –out www.example.com.csr Rename KEY with the command Code: mv www.example.com.key www.example.com.key.org Unencrypt KEY with the command Code: openssl rsa –in www.example.com.key.org –out www.example.com.key 04 - You should have at least three files listed: Code: www.example.com.csr www.example.com.key www.example.com.key.org 05 - Now copy and paste the CSR to the GoDaddy website: Send the cat command to display the CSR Code: cat www.example.com.csr Now paste the output of www.example.com.csr into the GoDaddy website to send you CSR to Godaddy for signing. 06 - After signing has been completed, you will see a donwload button in the GoDaddy website. Unzip the two files, most likely the will look like this: Code: gd_bundle.crt www.example.com.crt Upload these two file in to the ssl directory of your website, for example: /var/www/web#/ssl 07 - Go back to your ISPConfig Control Panel in the website where you are installating the SSL Cert, in the Apache Directives section, enter the following: Code: SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt And save the changes. 08 - Under the Management tab in your ISPConfig panel, go to Server > Services and restart the Web Server. 09 - Done. Now test your website: https://www.example.com 10 - If www.example.com is also your ISPConfig domain, make it work to the 81 port too: Edit the httpd.conf file Code: vim /root/ispconfig/httpd/conf/httpd.conf Point to the new CRT file Code: SSLCertificateFile /var/www/web#/ssl/www.example.com.crt #SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/server.crt Point to the new KEY file Code: SSLCertificateKeyFile /var/www/web#/ssl/www.example.com.key #SSLCertificateKeyFile /root/ispconfig/httpd/conf/ssl.key/server.key Point to the CRT bundle file Code: SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt #SSLCertificateChainFile /root/ispconfig/httpd/conf/ssl.crt/ca.crt Regards, Haldor Omar
When I go to check the SSL box for the domain to install SSL, I'm getting the following: Code: An SSL certificate does already exist for this IP.
The problem I listed above still exists, but I was able to get the certificate created on GoDaddy. It's downloaded. However if I go to my https://www.domain.com, I'm getting the self-signed certificate for the server (https://server.serverdomain.com). Any thoughts?
I used the following (for a different CP, but it worked) to get SSL to work: http://isp-control.net/forum/thread-4696-post-85117.html#pid85117 There are some limitations between TSL and SSL on different browsers, but it's working well enough for us.
