Fail to open ISPConfig site: firefox 8182

Discussion in 'Installation/Configuration' started by BigB, Jul 21, 2005.

  1. daveb

    daveb Member

    Sounds like you are pressing Y "yes" instead of N "no" during step 7 and 8 of ssl certificate creation which encrypt's the private key. You will always be asked for a password whenever you want to restart your ispconfig system if the private key is encrypted.
     
  2. greenhornet

    greenhornet New Member


    There is no step 7 in the key regen that Falko posted unless I'm missing something. I think I did select that option originally yes, but now I need to undo it which is what I thought the instructions on page 1 were for.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. greenhornet

    greenhornet New Member

  5. edge

    edge Active Member Moderator

    From the install instructions:
    [​IMG]

    I think that they are sure.
     
  6. greenhornet

    greenhornet New Member

    I'm not getting to any of those steps when I change the cert. I'm only getting prompted for the typical cert stuff (ie. country code, state, etc).
     
  7. falko

    falko Super Moderator Howtoforge Staff

  8. greenhornet

    greenhornet New Member

    I've done this 5 times. I'm POSITIVE I did not typo. Here's my exact entry (with my password changed):

    openssl genrsa -des3 -passout pass:xxxxxxx -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
    openssl req -new -passin pass:xxxxxxx -passout pass:xxxxxxx -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
    openssl req -x509 -passin pass:xxxxxxx -passout pass:xxxxxxx -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
    openssl rsa -passin pass:xxxxxxx -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
    chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key
     
  9. daveb

    daveb Member

    if greenhornet has
    Code:
    chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key
    wouldnt he have to at least
    Code:
    chmod 600 /root/ispconfig/httpd/conf/ssl.key/server.key
    before he tried to create a new cert so it could be rewrote ?
     
  10. falko

    falko Super Moderator Howtoforge Staff

    Did you run the commands one-by-one instead of all at once? Did you accept all default values?
     
  11. greenhornet

    greenhornet New Member

    running them individually solved the problem. Earlier posts did not specify that as being necessary so I did not assume it was. Thanks guys!
     
  12. steven_twente

    steven_twente New Member

    [SSL] Browser reports error

    Hi guys,

    First, let me once again say that I love your software and your support! :)

    I have a small problem with generating the ISPConfig SSL certificate..
    Generating the certificate itself works just fine and when I direct my browser to https://mydomain.net:81 the browser presents me with an error stating that the certificate is not signed by an official CA etc. This is normal because the certificate is self-signed. But then the browser presents me with a second error, now stating that the domain of the certificate does not match the domain I tried to access. It says the domain the certificate is assigned to is "" (blank). Is there a way to fix this? I already tried re-generating the certificate using the commands specified earlier in this thread.

    **EDIT:**
    Ok, I (partially) managed to solve the problem. It seems that the 'Common name' is the one that I should fill in properly in order to correct the error. Sorry if this is obvious to you guys :p But, when I tried to connect to my mailuser login and I got the same error.
    That is, if I connected to https://www.mydomain.net:81 I got no error stating that my domains do not match, but if I connected to https://www.mydomain.net:81/mailuser I did get an error stating the domains do not match.

    I found out that if I change the common name to mydomain.net (without the www) and I direct my browser to http://mydomain.net:81/mailuser it all goes well. I suppose the problem lies in the fact that I initially chose my FQDN to be mydomain.net instead of www.mydomain.net thus making ISPConfig 'internally' redirect requests to http://mydomain.net:81/mailuser instead of http://www.mydomain.net:81/mailuser. Does this sound sensible? Anyway, I think I'm happy the way it is now :) So thanks again for the great howto's and ISPConfig!

    Greets, Steven
    - The Netherlands
     
    Last edited: Dec 9, 2007
  13. steven_twente

    steven_twente New Member

    Courier SSL certificate

    Hi :)
    *See post above..*
    Just a small question about the courier SSL certificate.. (I hope this is the right thread to post this.) As you can see from my post above I managed to re-generate the SSL certificates for ISPConfig. Thanks to the 'perfect setup' howto for ubuntu 7.10 I also managed to do this for the postfix SSL certificate, which was also giving me an error about non-matching domains. It all works very smoothly now, except for the Courier pop3-ssl server. Since that SSL certificate is auto-generated by courier upon installation I don't know how to modify it in order to get matching domains. In fact, all I want to do is change the 'Common name' setting of the certificate. To do this I suppose I need to regenerate the certificate for courier. Does anyone know a way to do this without messing up anything?

    **EDIT:**
    Ok, I also managed to solve this one. :) Sorry for these self-answered posts, but I'm posting them anyway in case someone else is having the same problem. In order to get the Courier pop3 SSL certificate working I did the following:

    (WARNING! This worked for me, I am not sure it will work for everyone. I am running an Ubuntu 7.10 'perfect server', installed using the Perfect Server Howto found here. If you are running something else, at least check the paths before trying this. Also, I am not aware of any nasty side-effects. For me there don't seem to be any.)

    - First edit the file '/etc/courier/pop3d.cnf' This contains the defaults used by mkpop3dcert (the tool used by courier to create a self-signed certificate).
    Code:
    # vim /etc/courier/pop3d.cnf
    - Then re-generate the .pem file using mkpop3dcert. (Perhaps it is wise to backup the original first..)
    Code:
    # cd /usr/lib/courier
    # cp pop3d.pem pop3d.pem-orig
    # mkpop3dcert
    (As you can see I did not add './' to the mkpop3dcert command. It seems to be in my path..)
    - Next we copy the new .pem to the dir used by courier. (I also backup the original first..)
    Code:
    # cp /etc/courier/pop3d.pem /etc/courier/pop3d.pem-orig
    # cp /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem
    - And make sure the permissions are correct.
    Code:
    # chmod 600 /etc/courier/pop3d.pem
    - Finally reload the courier ssl server.
    Code:
    # /etc/init.d/courier-pop-ssl force-reload
    Greets, Steven
     
    Last edited: Dec 9, 2007
  14. ubuntulinux

    ubuntulinux New Member

    Cannot log in! Could not connect to MySQL server

    openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
    openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
    openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
    openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
    chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key


    I did this and I could get in ISPConfig and login with admin to.

    Then I JUST RESTARTED the pc and i can no longer login!! It shows this errors on the page:


    Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '127.0.0.1' (4) in /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php on line 77

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 40

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 40

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 41

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 41

    Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php:77) in /home/admispconfig/ispconfig/web/login/login.php on line 60



    I tried to restart ISPConfig but it says this:


    root@linuxsrv:~# /etc/init.d/ispconfig_server restart
    Shutting down ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl stop: httpd stopped
    ISPConfig system stopped!
    Starting ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl startssl: httpd started
    Could not connect to MySQL server!ISPConfig system is now up and running!


    WHAT CAN I DO? Please help me.

    Thank you.
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Please start the mysql server:

    /etc/init.d/mysql start

    or

    /etc/init.d/mysqld start
     
  16. ubuntulinux

    ubuntulinux New Member

    Still cannot login in ISPConfig

    root@linuxsrv:~# /etc/init.d/mysql start
    * Starting MySQL database server mysqld [ OK ]

    I did that but it remains the same. :S

    I still cannot login in ISPConfig. The first time i logged in everything went fine. I just shutdown my system and then i turned it on and the ISPConfig simply doesn't allow any login.

    Here are the errors again when i try to log in:


    Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '127.0.0.1' (4) in /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php on line 77

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 40

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 40

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 41

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 41

    Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php:77) in /home/admispconfig/ispconfig/web/login/login.php on line 60

    What is going on? :S
    Please help me.
    Thank you
     
  17. falko

    falko Super Moderator Howtoforge Staff

    What's the name of the MySQL user you're using in /home/admispconfig/ispconfig/lib/config.inc.php? Should be root.
     
  18. matey

    matey New Member

    Excellent thread. :cool:
    Thanks to everyone for questions and answers, (I cant believe I read the whole thing, even most of the error codes)!
    This reminds me of the nightmare I went thru last year with expired certs. I wished I was here back then.:)
     
  19. odcheck

    odcheck New Member

    I guess this happens a lot of times :) That people have got special chars in their passwords which will cause that.

    Thanks again Falko
     
  20. falko

    falko Super Moderator Howtoforge Staff

    That's not possible because 446 is not the default port.
     

Share This Page