I was trying to install an SSL certificate on the Admin Panel Login to avoid the HTTPS invalid certificate / not safe browser message, selected the site in the ISPConfig 3 GUI and checked SSL and Let's Encrypt, hit save and the server crashed. Apache failed to start and threw the error: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfi Feb 09 22:14:52 commoncollective apachectl[25811]: AH00526: Syntax error on line 62 of /etc/apache2/sites-enabled/000-ispconfig.vhost: Feb 09 22:14:52 commoncollective apachectl[25811]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Feb 09 22:14:52 commoncollective apachectl[25811]: Action 'start' failed. I found some form post saying to run ispconfig_update.sh and update and I've done that a few times. Now I can access ISPConfig admin via normal http ://192.168.*.*:8080 but not on https: //192.168.*.*:8080 ... I know it seems minimal at this point, but I really want to figure out why I can't access ISPConfig's admin via https anymore. Debian 9 Apache ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1dev ##### VERSION CHECK ##### [INFO] php (cli) version is 7.0.33-0+deb9u1 ##### PORT CHECK ##### [WARN] Port 143 (IMAP server) seems NOT to be listening [WARN] Port 993 (IMAP server SSL) seems NOT to be listening [WARN] Port 110 (POP3 server) seems NOT to be listening [WARN] Port 995 (POP3 server SSL) seems NOT to be listening [WARN] Port 25 (SMTP server) seems NOT to be listening [WARN] Port 465 (SMTP server SSL) seems NOT to be listening [WARN] Port 21 (FTP server) seems NOT to be listening [WARN] Port 25 (SMTP server) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 31255) [WARN] I could not determine which mail server is running. [WARN] I could not determine which pop3 server is running. [WARN] I could not determine which imap server is running. [WARN] I could not determine which ftp server is running. ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10023 (697/postgrey) [localhost]:10024 (30673/amavisd-new) [localhost]:10025 (1088/perl) [localhost]:10026 (30673/amavisd-new) [localhost]:11211 (867/memcached) ***.***.***.***:53 (30813/named) [localhost]:53 (30813/named) [anywhere]:22 (928/sshd) [localhost]:953 (30813/named) *:*:*:*::*:10023 (697/postgrey) *:*:*:*::*:10024 (30673/amavisd-new) *:*:*:*::*:10026 (30673/amavisd-new) *:*:*:*::*:3306 (30419/mysqld) *:*:*:*::*:80 (31255/apache2) *:*:*:*::*:8080 (31255/apache2) *:*:*:*::*:8081 (31255/apache2) *:*:*:*::*:53 (30813/named) *:*:*:*::*:22 (928/sshd) *:*:*:*::*:953 (30813/named) *:*:*:*::*:443 (31255/apache2) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-pureftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pureftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0
I was able to get it back by: cd /usr/local/ispconfig/interface/ssl none of the certificate files located in that folder had any data, so I ran: rm * ispconfig_update.sh and now I have my ispconfig https ://192.168.*.* back.
ORIGINAL PROBLEM WAS SOLVED! Now I have a new question... Q: So far, I have the following domains working with separate SSL's: first.example .com second.example .com madeup .com But anytime I go to https ://example .com it takes me to https ://madeup .com. They are on the same server, and share the same IP address, but I've read mixed comments on if that matters or not, and I don't see why the other two subdomains would have working and unique certificates while being on the same server. So basically, I'm confused. Anyone have any ideas? Also, sorry for the new question. I couldn't find a way to delete this thread, and I didn't want to spam the forum creating another thread.
https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ If web server can not show the url website, it shows first website in alphabetical order. Reasons are invalid certificate, mixed * and ip-address in website address settings, etc. Lots of threads about this in forum.
Thanks Taleman! I had looked at many threads here and none of them fixed the problem I was having. But your list, mixed with random bits of info helped me figure it out. For some reason I couldn't retrieve a valid certificate using the ISPConfig control panel, so I ran certbot and it fixed my issue.