I Installed the system using the Perfect Server Debian Wheezy making a couple adjustments for Jessie (testing). When I set it up initially, I used a self-signed SSL certificate for the server functions. I now have an SSL class 1 from StartSSL and I would like it to replace the self-signed. I followed the directions https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl but afterward I get an Incomplete chain and Pure-FTP will not start. (Changing SSL certificates is easy on client sites, I wish there was a similar easy way to change the server's main certificate.) What did I do wrong? StartSSL gives these directions for Apache https://www.startssl.com/?app=21 but when I try to track doen the listed config files they don't exist or have been altered by ISPConfig3. What should I do? Thanks. Code: root@abacus:~# cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** IP-address(es) (as per ifconfig): ***.***.***.*** [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.0.5.4p5 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.6.4-4 ##### PORT CHECK ##### [WARN] Port 465 (SMTP server SSL) seems NOT to be listening [WARN] Port 21 (FTP server) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this. [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this . ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 2313) [INFO] I found the following mail server(s): Postfix (PID 2860) [INFO] I found the following pop3 server(s): Dovecot (PID 2492) [INFO] I found the following imap server(s): Dovecot (PID 2492) [WARN] I could not determine which ftp server is running. ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:41516 (1358/rpc.mountd) [anywhere]:110 (2492/dovecot) [anywhere]:143 (2492/dovecot) [anywhere]:111 (1128/rpcbind) [anywhere]:44241 (1358/rpc.mountd) [localhost]:7634 (1453/hddtemp) ***.***.***.***:53 (1234/named) [localhost]:53 (1234/named) [anywhere]:22 (1239/sshd) [localhost]:631 (2668/cupsd) [anywhere]:55639 (-) [anywhere]:31416 (11930/boinc) [anywhere]:25 (2860/master) [localhost]:953 (1234/named) [anywhere]:1017 (1293/rpc.rquotad) [anywhere]:17500 (4979/dropbox) [anywhere]:17501 (4973/dropbox) [anywhere]:445 (2526/smbd) [anywhere]:17502 (4982/dropbox) [anywhere]:17503 (4976/dropbox) [anywhere]:993 (2492/dovecot) [anywhere]:2049 (-) [anywhere]:55778 (1358/rpc.mountd) [anywhere]:45858 (1148/rpc.statd) [anywhere]:995 (2492/dovecot) [localhost]:10024 (2895/amavisd-new) [localhost]:10025 (2860/master) [anywhere]:3306 (2052/mysqld) [anywhere]:139 (2526/smbd) [localhost]:11211 (1248/memcached) [localhost]10 (2492/dovecot) [localhost]43 (2492/dovecot) [localhost]11 (1128/rpcbind) *:*:*:*::*:8080 (2313/apache2) *:*:*:*::*:80 (2313/apache2) *:*:*:*::*:43088 (-) *:*:*:*::*:8081 (2313/apache2) *:*:*:*::*:53 (1234/named) *:*:*:*::*:22 (1239/sshd) *:*:*:*::*:631 (2668/cupsd) *:*:*:*::*:25 (2860/master) *:*:*:*::*:953 (1234/named) *:*:*:*::*:443 (2313/apache2) *:*:*:*::*:445 (2526/smbd) *:*:*:*::*:993 (2492/dovecot) *:*:*:*::*:2049 (-) *:*:*:*::*:995 (2492/dovecot) *:*:*:*::*:38439 (1358/rpc.mountd) *:*:*:*::*:10024 (2895/amavisd-new) *:*:*:*::*:47242 (1358/rpc.mountd) [localhost]39 (2526/smbd) *:*:*:*::*:36747 (1358/rpc.mountd) *:*:*:*::*:59691 (1148/rpc.statd) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@abacus:~#
my all OpenSSL, RapidSSL certificates me work etc new certificates unless you have given me StartSSL not work or client mode
Do not use these instructions. The complete instructions are in this guide: https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl there are no additional steps requried. If your chain cert is corrupted, then you migh had a type in one of the commands. I used this guide a few weeeks ag for a customer so I'am sure that it is complete.