ISPConfig does not create TLS virtualhosts for second domain

Discussion in 'Installation/Configuration' started by Tom Ribbens, Sep 21, 2016.

  1. Tom Ribbens

    Tom Ribbens New Member

    Hi all,
    I want to run multiple SSL/TLS sites on a single IP. I know my setup supports this, as I have changed the config files already, so that my ISPConfig is on panel dot example dot com, and my primary website on www dot example dot com, each with its own SSL certificate. This works without a problem. Now, I want to add another domain, also using SSL, so I check that box on the ISPConfig configuration for that page. However, when I go to that domain, I get certificate warnings, and if I ignore them, I get my ISPConfig panel. When I go check the configuration file for my newest domain, I can see there is simply no VirtualHost directive for port 443 in there. So lacking that, it's obvious why it wouldn't work, and why it shows my panel instead.

    How can I get ISPConfig to generate the <VirtualHost *:443> section in that domain?

    PS: I couldn't post this because it says I shouldn't post links, even though I used example dot com everywhere. That's why it's spelled out like this.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Enable the ssl cehckbox in the website settings of domain 2.
    2) go to the ssl tab of domain 2, enter the details for the ssl cert (the first smaller fields), select "create certificate" as action at the end of the ssl form and press save. It takes about 1-2 minutes then to create the ssl cert.

    the virtualhost part for port 443 is only added after you created a cert, when there is no cert or an invalid cert that causes apache fail to start, the virtualhost section is not added as your apache server would go down otherwise.
     
  3. Tom Ribbens

    Tom Ribbens New Member

    Thanks! That did the trick. I forgot that part, because I have installed the Let's Encrypt plugin, and had checked that box, so I assumed it would get its cert that way.

    It would be nice if ISPConfig would actually tell a user when things are wrong. This is the second time that I try to configure something, which doesn't work immediately, when I simply forgot to add a little part of the configuration. The other time was adding a DNS zone, forgetting the A records for the NS servers. It simply created the zone files with an .err extension, indicating its logic determined it was faulty, but not giving me a proper error message.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Letsencrypt will create the ssl cert automatically without using the ssl tab, but this requires that the domain and all subdomains are setup correctly in ds before as letsenycrpt tries to reach the domain and all subdomains of the site on your server and downloads a token from the site that it created locally, if one of the domains or subdomains is not reachable, then the cert creation will fail.

    That's all logged by ispconfig, you can see it in the system log in the monitor. The amount of details depends on the log level that you can chose under system > server config.
     

Share This Page