Hello, on my ispconfig3 server isnt working SSL for website (hosted). Everytime I got this browser error - net::ERR_SSL_PROTOCOL_ERROR I tried just create seft-signed certificate... It look like ispconfig havent created directives in apache vhost or I dont know... Can anyone help me?
What's the output of Code: ls -la in the web site's ssl/ directory? What values did you fill in on the web site's SSL tab in ISPConfig?
Output ls -la of SSL website folder: root@myserver:/var/www/intranet.domain.cz/ssl# dir intranet.domain.cz.crt intranet.domain.cz.key intranet.domain.cz.csr intranet.domain.cz.key.org VHOST I cant find apache directivities for port 443. Is it ok? And I havent added any IP address in ispconfig - I used "*" option for websites. But my server have set one public IP address and websites are working fine on port 80 (http).
@above: Make sure in the first tab you have SSL is checked. Also, the Port 443 directives are down below the port 80 virtual host in the file. Then, when I used cat *d3d* | grep VirtualHost it returned this which shows the port 80 vhost above the port 443. Not sure if I'm understanding this right so correct me if I'm wrong.
Thank you very much. I havent checked SSL in website settings (like on your screen). Now is SSL working. Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)? What happend if some customer activate SSL from his website on same server (same public IP)?
Yes, make backups of the SSL files generated by ISPConfig in the ssl folder, and then place your cert, csr and key in the ssl folder and rename them to the files names of the original SSL files generated by ISPConfig. Restart Apache afterwards. You can enable SNI under Sstem > Server Config on the Web tab. If you use SNI, you can run multiple SSL web sites on one IP (but be aware that not all browsers support this, for example, IE on WinXP has no SNI support; all other browsers are fine). If you don't use SNI, you must have one IP per SSL web site.
Thank you ... you are saver. I have enabled SNI, but SSL Cert. is set for domain1.tld and if I tried https://domain2.tld and that domain use SSL Cerf. from domain1.tld. I tried Chrome and Opera. On server is set only one SSL Cert. Is it ok or SNI isnt working?
I tried like you described - for both domains is SSL enabled and both have SSL Cert. Problem is second domain which using SSL cert from first domain - isnt working like you described. Is possible check if is SNI working? Is necessary select for domains IP address from roll menu or I can use option "*" (I´m using option "*" for all of my websites). I mean for SNI and SSL working right.
Can you check in the ssl folder of both websites that they use their own certificates, and that both APache vhost files reference these certs?
Already checked - both sites have in ssl directory own certificates and both have set these certificate in vhost. Do you want screens of vhosts and folders?
Yes, that would be great (BTW: you don't have to create screnshots - you can simply copy&paste from PuTTY).
Domain 1 SSL folder: Code: root@server:/var/www/domain1.cz/ssl# dir domain1.crt domain1.cz.key domain1.key.org domain1.csr domain1.cz.key.bak domain1.cz.key.org.bak Domain 2 SSL folder: Code: root@server:/var/www/domain2.cz/ssl# dir domain2.crt domain2.csr domain2.key domain2.key.org If i try https://domain2 -> I get SSL cert. from domain1 For domain1 works SSL cerft. from domain1 (right)
Domain 1 Code: <Directory /var/www/domain1.cz> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/domain1.cz/web ServerName domain1.cz ServerAlias www.domain1.cz ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/domain1.cz/error.log Alias /error/ "/var/www/domain1.cz/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/domain1.cz/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client3/web82/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client3/web82/tmp php_admin_value session.save_path /var/www/clients/client3/web82/tmp # PHPIniDir /var/www/conf/web82 php_admin_value open_basedir /var/www/clients/client3/web82/web:/var/www/clients/client3/web82/tmp:/var/www/domain1.cz/web:/srv/www/domain1.cz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyad$ # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web82 client3 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client3/web82/webdav> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client3/web82/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/domain1.cz/web ServerName domain1.cz ServerAlias www.domain1.cz ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/domain1.cz/error.log Alias /error/ "/var/www/domain1.cz/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /var/www/clients/client3/web82/ssl/domain1.cz.crt SSLCertificateKeyFile /var/www/clients/client3/web82/ssl/domain1.cz.key </IfModule> <Directory /var/www/domain1.cz/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client3/web82/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client3/web82/tmp php_admin_value session.save_path /var/www/clients/client3/web82/tmp # PHPIniDir /var/www/conf/web82 php_admin_value open_basedir /var/www/clients/client3/web82/web:/var/www/clients/client3/web82/tmp:/var/www/domain1.cz/web:/srv/www/domain1.cz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyad$ # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web82 client3 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client3/web82/webdav> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client3/web82/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> Domain2 Code: <Directory /var/www/domain2.cz> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/domain2.cz/web ServerName domain2.cz ServerAlias www.domain2.cz ServerAlias webmail.domain2.cz ServerAlias www.aliasfordomain.cz aliasfordomain.cz ServerAlias posta.domain2.cz ServerAlias phpmyadmin.domain2.cz ServerAlias mysql.domain2.cz ServerAlias admin.domain2.cz ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/domain2.cz/error.log Alias /error/ "/var/www/domain2.cz/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/domain2.cz/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client2/web2/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client2/web2/tmp php_admin_value session.save_path /var/www/clients/client2/web2/tmp # PHPIniDir /var/www/conf/web2 # PHPIniDir /var/www/conf/web2 php_admin_value open_basedir /var/www/clients/client2/web2/web:/var/www/clients/client2/web2/tmp:/var/www/domain2.cz/web:/srv/www/domain2.cz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin RewriteEngine on RewriteCond %{HTTP_HOST} ^aliasfordomain.cz$ [NC] RewriteRule ^/(.*)$ http://domain2.cz/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^www.aliasfordomain.cz$ [NC] RewriteRule ^/(.*)$ http://domain2.cz/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^posta.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://mail.domain2.cz/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^phpmyadmin.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://einstein.domain2.cz:8080/phpmyadmin/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^mysql.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://einstein.domain2.cz:8080/phpmyadmin/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^admin.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://emc2.domain2.cz:8080/$1 [R=301,L] # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web2 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web2/webdav> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web2/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/domain2.cz/web ServerName domain2.cz ServerAlias www.domain2.cz ServerAlias webmail.domain2.cz ServerAlias www.aliasfordomain.cz aliasfordomain.cz ServerAlias posta.domain2.cz ServerAlias phpmyadmin.domain2.cz ServerAlias mysql.domain2.cz ServerAlias admin.domain2.cz ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/domain2.cz/error.log Alias /error/ "/var/www/domain2.cz/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /var/www/clients/client2/web2/ssl/domain2.cz.crt SSLCertificateKeyFile /var/www/clients/client2/web2/ssl/domain2.cz.key </IfModule> <Directory /var/www/domain2.cz/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client2/web2/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client2/web2/tmp php_admin_value session.save_path /var/www/clients/client2/web2/tmp # PHPIniDir /var/www/conf/web2 php_admin_value open_basedir /var/www/clients/client2/web2/web:/var/www/clients/client2/web2/tmp:/var/www/domain2.cz/web:/srv/www/domain2.cz/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin RewriteEngine on RewriteCond %{HTTP_HOST} ^aliasfordomain.cz$ [NC] RewriteRule ^/(.*)$ http://domain2.cz/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^www.aliasfordomain.cz$ [NC] RewriteRule ^/(.*)$ http://domain2.cz/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^posta.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://mail.domain2.cz/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^phpmyadmin.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://einstein.domain2.cz:8080/phpmyadmin/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^mysql.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://einstein.domain2.cz:8080/phpmyadmin/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^admin.domain2.cz$ [NC] RewriteRule ^/(.*)$ http://emc2.domain2.cz:8080/$1 [R=301,L] # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web2 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web2/webdav> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web2/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost>
Could be the same IP address? In ispconfig - have I checked "HTTP NameVirtualHost" option with adding IP address? Will be working if I add IP to ispconfig and assign to these two vhosts - other vhosts with "*" option (using the same IP address)?
Thank you very much. I discovered this in log: Code: [Mon May 21 23:07:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Mon May 21 23:14:01 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Mon May 21 23:14:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Mon May 21 23:46:01 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Mon May 21 23:46:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Mon May 21 23:47:01 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Mon May 21 23:47:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:54:01 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:54:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:54:05 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:54:06 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:54:08 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:54:09 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:55:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:55:03 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:55:05 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 11:55:06 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 12:13:01 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 12:13:02 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 12:15:01 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Tue May 22 12:15:03 2012] [warn] _default_ VirtualHost overlap on port 443, the first has precedence Do you think, that add IP address help? And three easy more questions for you (hope last): 1) In log: Code: May 24 04:31:44 server postfix/smtpd[20857]: warning: 127.0.0.1: address not listed for hostname localhost.localdomain May 24 04:32:02 server postfix/smtpd[20857]: warning: 127.0.0.1: address not listed for hostname localhost.localdomain I have in /etc/hosts (IP is changed and real is working ) Code: ::1 localhost.localdomain localhost 127.0.0.1 localhost.localdomain localhost # Auto-generated hostname. Please do not remove this comment. 256.256.256.256 server.mydomain.cz server 2) That is date which is showing server after DATE command: Thu May 24 10:00:33 CEST 2012 - that is ok, but ispconfig is whowing time TWO hours less than is on server time - is in ispconfig possible set timezone? 3) CRON error report: Code: /etc/cron.daily/pve: parse error in '/etc/pve/datacenter.cfg' - 'keyboard': value 'en' does not have a value in the enumeration 'pt, tr, ja, es, no, is, fr-ca, fr, pt-br, da, fr-ch, sl, de-ch, en-gb, it, en-us, fr-be, hu, pl, nl, mk, fi, lt, sv, de' I cant find file /etc/pve/datacenter.cfg for edit value keyboard - where I cant find it? Thank you!!!
