Hello, ISPConfig 3 last update on Debian. I went to ISPConfig panel, select a site, select ssl and created a certificate, sent the certificate request to a website and they gave me the certificate. I fill in ISPConfig form wiht the received certificate and bundle. Apache 2 crashes. None of my site is running... please help. Already tried to reboot the server. /etc/init.d/apache2 restart : NameVirtualHost XX.XX.XXX.XX:80 has no VirtualHosts NameVirtualHost XX.XX.XXX.XX:443 has no VirtualHosts Action 'start' failed. Please let me know what to do. Thanks
Here are some revelant information in my /var/log/apache2/error.log file: [Thu Mar 17 14:01:21 2016] [error] python_init: Python version mismatch, expected '2.7.2+', found '2.7.3'. [Thu Mar 17 14:01:21 2016] [error] python_init: Python executable found '/usr/bin/python'. [Thu Mar 17 14:01:21 2016] [error] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-linux2:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. [Thu Mar 17 14:01:21 2016] [error] (2)No such file or directory: Init: Can't open server certificate file /var/www/clients/client0/web2/ssl/mysite.com.crt The file /var/www/clients/client0/web2/ssl/mysite.com.crt does exist.
Please post the output of: ls -la /var/www/clients/client0/web2/ssl/ and you pasted the complete ssl cert into the cert field of ispconfig, including the lines that start with ---- at the beginning and end of the cert?
ls -la /var/www/clients/client0/web2/ssl/: drwxr-xr-x 2 root root 4096 Mar 17 14:01 . drwxr-xr-x 10 root root 4096 May 28 2015 .. -rw-r--r-- 1 root root 2082 Mar 17 14:01 XX.net.bundle -rw-r--r-- 1 root root 2082 Mar 17 14:01 XX.net.bundle.err -rw-r--r-- 1 root root 1314 Mar 17 14:01 XX.net.crt -rw-r--r-- 1 root root 1314 Mar 17 14:01 XX.net.crt.bak -rw-r--r-- 1 root root 1314 Mar 17 14:01 XX.net.crt.err -rw-r--r-- 1 root root 1110 Mar 17 14:01 XX.net.csr -rw-r--r-- 1 root root 1110 Mar 17 14:01 XX.net.csr.bak -rw-r--r-- 1 root root 1110 Mar 17 14:01 XX.net.csr.err -r-------- 1 root root 1679 Mar 17 14:01 XX.net.key -r-------- 1 root root 1679 Mar 17 14:01 XX.net.key~ -r-------- 1 root root 1679 Mar 17 14:01 XX.net.key.bak -r-------- 1 root root 1679 Mar 17 14:01 XX.net.key.err -r-------- 1 root root 1751 Mar 17 14:01 XX.net.key.org -r-------- 1 root root 1751 Mar 17 14:01 XX.net.key.org.bak -r-------- 1 root root 1751 Mar 17 14:01 XX.net.key.org.err No, I did not included the lines starting with --- but I have left the one already existing in the ISPConfig form. Anyway at this time I would be happy to undo, I do not mind having ssl unabled. But I have no access to ISPConfig panel. Thanks
You could remove the vhost file from /etc/apache2/sites-enabled , restart webserver, go to ISPConfig and uncheck SSL for that domain. Then you can enable that site again by either going to Tools and make a resync or just create a symlink again from sites-available to sites-enabled or just using a2ensite command and restart your webserver.
Warm thanks to Till and Ztk. I found out my crt file (the one I have downloaded from the certifier) was different from the one situated in /var/www/clients/client0/web2/ssl/. I "manually" copied the crt file to the server. I write "manually" because I obviously could not do that using ISPConfig ssl tab. Then I could start apache2. All is back again. It seems that configuring ssl on a domain can easily brake apache2 and affect the rest of domains. Any suggestion to avoid this or a tutorial recommendation would be welcome. I was following this one: http://blog.giuseppeurso.net/free-ssl-certificate-to-ispconfig-website-with-startssl-how-to/ Thanks
That's normally not possible as ispconfig has an automated config rollback. I can only guess, either you use an old ispconfig version (the current one is 3.0.5.4p8) that does not has the rollback feature yet or you have the automatic config check disabled under System > server config > web.
I do use the last version: 3.0.5.4p8 System -> Server config -> Web -> "Test apache configuration on restart" is checked Nevertheless, I am not an expert. What I actually did just before apache2 crash was in Sites -> mysite.com -> ssl -> ssl action, I select "create certificate" because I thought it would create a certificate using the data above. Maybe the right certificate was already created and it created a new one that somehow mismatch the expected one. I can see the following in /var/log/ispconfig/httpd/mysite.com/error.log : [Thu Mar 17 16:53:01 2016] [error] Unable to configure RSA server private key [Thu Mar 17 16:53:01 2016] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatchIf you would like to investigate this in details, please feel free to ask me any needed information. Thanks