I have a range of IP addresses, and use on of them for the ispconfig admin server. That is working just fine. Most websites share another IP, but one site is in a different IP, and I've installed a ssl certificate for that site. The trouble is that even though the certificate seems to have installed correctly, I can't get https to work with it. For an https:// attempt, I get "Firefox can't establish a connection to the server at ..." but it works just fine for http:// I've amended the ispconfig admin server to only listen in its own IP, so in httpd.conf it says # # Port: The port to which the standalone server listens. For # ports < 1023, you will need httpd to be run as root initially. # #Port 443 ## ## SSL Support ## ## When we also provide SSL we have to listen to the ## standard HTTP port (see above) and to the HTTPS port ## #<IfDefine SSL> Listen 80.68.87.88:443 #</IfDefine> and that seems to be working. What could be wrong?
A bit more info. This is the interaction between the browser and the server. +++GET 53+++ CONNECT / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Proxy-Connection: keep-alive Host: www.stovesareus.co.uk +++SSL 53:+++ SSL Pass-Thru: CONNECT https://www.stovesareus.co.uk:443/ SSL Pass-Thru Failed! +++CLOSE 53+++
hosting:~# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:mysql *:* LISTEN 2 7838/mysqld tcp 0 0 *:sunrpc *:* LISTEN 2 923/portmap tcp 0 0 hosting.hairydog.co:www *:* LISTEN 2 0168/apache2 tcp 0 0 hairydog.dh.bytemar:www *:* LISTEN 2 0168/apache2 tcp 0 0 .:www *:* LISTEN 2 0168/apache2 tcp 0 0 .:www *:* LISTEN 2 0168/apache2 tcp 0 0 localhost:www *:* LISTEN 2 0168/apache2 tcp 0 0 .:domain *:* LISTEN 2 4801/named tcp 0 0 .:domain *:* LISTEN 2 4801/named tcp 0 0 .:domain *:* LISTEN 2 4801/named tcp 0 0 www.hdog.co.uk:domain *:* LISTEN 2 4801/named tcp 0 0 hosting.hairydog:domain *:* LISTEN 2 4801/named tcp 0 0 hairydog.dh.byte:domain *:* LISTEN 2 4801/named tcp 0 0 localhost:domain *:* LISTEN 2 4801/named tcp 0 0 *:ftp *:* LISTEN 2 4275/proftpd: (acc tcp 0 0 localhost:953 *:* LISTEN 2 4801/named tcp 0 0 *:smtp *:* LISTEN 2 4516/master tcp 0 0 *:633 *:* LISTEN 3 419/rpc.statd tcp 0 0 .:https *:* LISTEN 1 9884/ispconfig_htt tcp 0 0 .:www user-5447f7c4.wfd9:1777 TIME_WAIT - tcp 0 0 .:www user-5447f7c4.wfd9:1776 TIME_WAIT - [snip more of the same] tcp 0 0 .:www user-5447f7c4.wfd9:1774 TIME_WAIT - tcp 0 0 .:www crawl-66-249-66-1:33827 ESTABLISHED2 3381/apache2 tcp 0 0 hairydog.dh.bytemar:www FLPP-p-144-134-125:1559 TIME_WAIT - tcp 0 0 hairydog.dh.bytemar:www FLPP-p-144-134-125:1557 TIME_WAIT - tcp 0 0 .:www host86-130-109-51.:3673 TIME_WAIT - tcp 0 0 .:www host86-130-109-51.:3672 TIME_WAIT - [snip more of the same] tcp 0 0 .:www host86-130-109-51.:3662 TIME_WAIT - tcp 0 0 .:smtp iport.americangree:4006 TIME_WAIT - tcp 0 0 .:www host86-130-109-51.:3699 TIME_WAIT - [snip more of the same] tcp 0 0 .:www host86-130-109-51.:3686 TIME_WAIT - tcp6 0 0 *:imaps *:* LISTEN 3 161/couriertcpd tcp6 0 0 *op3s *:* LISTEN 3 182/couriertcpd tcp6 0 0 *op3 *:* LISTEN 3 169/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 3 148/couriertcpd tcp6 0 0 *:ssh *:* LISTEN 3 415/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 2 4801/named tcp6 0 0 *:smtp *:* LISTEN 2 4516/master tcp6 0 3680 hairydog.dh.bytemar:ssh fluffy.hairydog.c:48527 ESTABLISHED2 4948/0 tcp6 Doesn't seem to be a port 443 in there. No errors I can see in /var/log/apache2/error.log. Where is the ssl-error log? ("Perfect Setup" build of Debian 3.1)
I think I've found the problem! I added Listen 80.68.87.86:443 in ports.conf and restarted Apache2. Seems to have done the trick.
