ok its the 3 rd time i get this i reinstall linux + ispconfig from scratch 3 times to see if this happen again and it does. Well everything is fine i but when i trying out the certificate buttons on website SSL creation in some point apache stop working ... my questions are : there is a sequence to use the ISP interface to create the certificates without messing with him ? i can recover the instalation so i not have to reinstall the linux itself ? well i have tryed something i saw somewhere in forum without sucess : root@tarik01:~# a2dissite petrolube.com.br.vhost Site petrolube.com.br.vhost already disabled i have disable all domains and apache stills not start ... well any clues ?
1) Select a IP address in the website settings. 2) Enable the ssl checkbox in the site settings. 3) Enter the details of the ssl cert, select create certificate as action. The most likely resaon for your problem is a broken ssl certificate. This can happen if you enter chars in the ssl fields that cant be interpreted by openssl when the ssl cert is created. Post the errors that you get on the shell and in the apache error and ssl log when you restart apache. There is no need to reinstall Linux or reinstall ispconfig. Reinstalling ispconfig when you created already some items like websites etc can mess up your setup, so its not recommended to do that.
when starting apache: root@tarik01:~# /etc/init.d/apache2 restart Restarting web server: apache2Action 'start' failed. The Apache error log may have more information. failed! root@tarik01:~# th eapace log is : Code: [Sun Mar 25 18:22:33 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:22:33 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:22:33 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:22:58 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:22:58 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:22:59 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:22:59 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd ocs [Sun Mar 25 18:23:02 2012] [notice] caught SIGTERM, shutting down [Sun Mar 25 18:23:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sun Mar 25 18:23:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!? [Sun Mar 25 18:23:03 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Sun Mar 25 18:23:03 2012] [notice] Digest: generating secret for digest authentication ... [Sun Mar 25 18:23:03 2012] [notice] Digest: done [Sun Mar 25 18:23:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sun Mar 25 18:23:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!? [Sun Mar 25 18:23:03 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin -Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operation s [Sun Mar 25 18:23:07 2012] [notice] caught SIGTERM, shutting down Let me ask i cant use self signed SSL to all virtual servers ? they mess up ? If i have only 5 ips in rackspace for each server, there is a diferent solution to have more then one certificate in one IP ? i am reinstalling anyway because this is one of my tests ... i will try now the cluster confg, sorry i feel very newby right now i left computers and linux back in 1999 is hard to get in shape again ...
well today that happens again .... Code: [Thu Mar 29 06:42:15 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:15 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:17 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:17 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:18 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:18 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:19 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:19 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:34 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:34 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:54 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:42:54 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:43:02 2012] [notice] caught SIGTERM, shutting down [Thu Mar 29 06:43:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Mar 29 06:43:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!? [Thu Mar 29 06:43:03 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Thu Mar 29 06:43:03 2012] [notice] Digest: generating secret for digest authentication ... [Thu Mar 29 06:43:03 2012] [notice] Digest: done [Thu Mar 29 06:43:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Mar 29 06:43:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!? [Thu Mar 29 06:43:03 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations [Thu Mar 29 06:43:06 2012] [notice] caught SIGTERM, shutting down [Thu Mar 29 06:43:07 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Mar 29 06:43:07 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!? [Thu Mar 29 06:43:07 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Thu Mar 29 06:43:07 2012] [notice] Digest: generating secret for digest authentication ... [Thu Mar 29 06:43:07 2012] [notice] Digest: done [Thu Mar 29 06:43:07 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Mar 29 06:43:07 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!? [Thu Mar 29 06:43:07 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations [Thu Mar 29 06:43:09 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:43:09 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 29 06:43:10 2012] [notice] caught SIGTERM, shutting down [Thu Mar 29 06:50:11 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) root@tarik01:~# omg what *** i doing wrong ????
root@tarik01:/etc/apache2# grep -Ri SSLCertificateFile * sites-available/ispconfig.vhost: SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt sites-available/default-ssl: # SSLCertificateFile directive is needed. sites-available/default-ssl: SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem sites-available/default-ssl: # the referenced file can be the same as SSLCertificateFile sites-enabled/000-ispconfig.vhost: SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt root@tarik01:/etc/apache2#
i already format this server because i panic, but i pretty sure this will happen again so we will continue on that ...
i have the samoe problem here is the apache.log Code: [Tue Jun 04 17:24:03 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 04 17:24:03 2013] [warn] RSA server certificate CommonName (CN) `Nikolay Konstantinov' does NOT match server name!? [Tue Jun 04 17:24:03 2013] [notice] Apache/2.2.22 (Ubuntu) DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.7 PHP/5.4.9-4ubuntu2 mod_python/3.3.1 Python/2.7.4 mod_ruby/1.2.6 Ruby/1.8.7(2012-02-08) mod_ssl/2.2.22 OpenSSL/1.0.1c configured -- resuming normal operations PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cgi/conf.d/ming.ini on line 1 in Unknown on line 0 the /usr/local/ispconfig/interface/ssl/ispserver.crt and /etc/ssl/certs/ssl-cert-snakeoil.pem exists
I'm having the same issue that xicoloco was having. I ran the grep on /etc/apache2 and verified that all crt files listed in the output do exist. In this case, what would be the next thing I check?
After some more digging I was able to figure out the issue. Turns out that when the original Private key was generated back in the day, SHA1 was used for the signature algorithm, but we were generating the new cert using SHA2 (its what the CA was set to use by default). Not sure why Apache would exit without throwing an error message about this, but thats what happens. I ended up using openssl commands found Here to confirm that the private key and cert did not match, and that the new cert generated with SHA1 did match.
