2 Questions (1 SSL Related and 1 dns forward related)

Discussion in 'Installation/Configuration' started by phamels, Nov 18, 2005.

  1. phamels

    phamels Member

    Hello,

    I've been using ISPConfig since 2.08 and it's been working great ever since :D

    I have 2 questions tough, one is about setting up SSL.
    Everything is working perfect. I'm creating a new domain: domain.tld
    This domain is bound to an unused and freshly added ip. This ip will be used entirely for this domain since it's going to use SSL.
    When I activate SSL from the webinterface and create the certificate, I see a certificate coming up in de web_userxx/ssl dir.
    When i try to connect to https://www.domain.tld using lynx, i get the following errors:
    SSL error:self signed certificate-Continue? (y)
    i continue...
    SSL error:host(www.domain.tld)!=cert(localhost.localdomain)-Continue? (y)
    i continue...

    Then I see the page located in /var/www/index.html

    This isn't very right, right ? :)
    It seems there's a problem with creating the Certficate or something, don't really know much about SSL except I have to set it up lol :D


    Next issue, can i forward a domain so i have domain1.tld and domain2.tld acting as 1 domain, for example: www.domain2.tld should point to www.domain1.tld, blah.domain2.tld should also point to blah.domain1.tld...
    Is this possible ? also with SSL activated ?

    Thanks in advance !

    PS: I'm using Fedora Core 4 and ISPConfig 2.1.1
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Does www.domain.tld point to the correct IP address? Can you see an SSL vhost for www.domain.tld in your Vhosts_ispconfig.conf?


    Yes, you can create the new domains as Co-Domains in the existing web. You can also work with the Forward feature of Co-Domains.
    But please make sure the DNS records for the new domains are correct.

    Only if you have a wildcard SSL certificate. Normally an SSL certificate is for one FQDN only, any other combination will issue an error.
     
  3. phamels

    phamels Member

    No, it doesn't seem to create an SSL entry, there's an entry for regular http but none for SSL.
    Should I create on manually ?
    If so, will there be any problems regarding updates?


    Thanx !
     
  4. falko

    falko Super Moderator Howtoforge Staff

    No! :eek:
    Are there warnings/errors in /home/admispconfig/ispconfig/ispconfig.log?
     
  5. phamels

    phamels Member

    ok :)

    The following comes up in ispconfig.log when i enable SSL:

    Code:
    19.11.2005 - 17:19:52 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 270: Connected successfully
    19.11.2005 - 17:19:52 => INFO - USER:webxx_user:x:100xx:100xx:Firstname Lastname:/home/www/webxx:/bin/false
    19.11.2005 - 17:19:30 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 851: setquota -u webxx_user 0 0 0 0 -a &> /dev/null
    19.11.2005 - 17:19:30 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /home/www/webxx/.forward
    19.11.2005 - 17:19:30 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 136: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
    19.11.2005 - 17:19:30 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 283: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
    19.11.2005 - 17:19:30 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 288: postmap hash:/etc/postfix/virtusertable
    19.11.2005 - 17:19:30 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1191: cp -fr /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf~
    19.11.2005 - 17:19:31 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1825: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf~
    19.11.2005 - 17:19:42 => INFO - Signalfile Set: insert
    
    Doesn't seem like there's any warnings coming up...
    It's like it's completly ignoring the SSL checkbox.
    No entries seem to come up in the vhost config...
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Restart ISPConfig:
    Code:
    /etc/init.d/ispconfig_server restart
    and try again.
     
  7. phamels

    phamels Member

    Code:
    .oO(root@hosting ~)Oo. /etc/init.d/ispconfig_server restart
    Shutting down ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl stop: httpd stopped
    ISPConfig system stopped!
    Starting ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl startssl: httpd started
    ISPConfig system is now up and running!
    
    Then i went to the control panel, disabled SSL, enabled SSL again...
    deleted the old certificate, recreated a new one.
    Tried lynx again, seems to work now.

    Code:
    SSL error:self signed certificate-Continue? (y)
    
    The self signed error is probably cause it's not an "official certificate".
    How do I make it "official" and will it cost me ?

    Thanx allot falko !
    Keep up the great work, enjoy using your system with such great support !
     
  8. phamels

    phamels Member

    DNS Greeting me with all sorts of domains :)

    Oh, on the way, i also found a different problem regarding dns.
    My dns server seems to greet me with al sorts of domains when I do a query.
    Any hints for this ?

    Thanks !
     
  9. falko

    falko Super Moderator Howtoforge Staff

    It will cost you! You can buy a certificate from www.instantssl.com, for example. You give them the content of the "SSL Request" field on the SSL tab in ISPConfig, then they give you back an "official" certificate which you paste into the "SSL Certificate" field (replacing the certificate that's already in there). As Action choose "Save certificate".

    What exactly did you do, and what was the result?
     
  10. phamels

    phamels Member

    just performing an 'nslookup'.
    It just keeps greeting me with different domains that are hosted on that server... :)

    Had the same thing going on with the mail server so i adjusted the conf that it only greets me with one pre-set hostname such as hostingserver.domain.tld
     
  11. falko

    falko Super Moderator Howtoforge Staff

    Can you post the exact command you ran and its output as well?
     
  12. phamels

    phamels Member

    Guess i forgot all about this post lol,
    Everyth!ing seems to be working fine now, thanks for the help !
     

Share This Page