Hello! I have two problems. Not sure if these problems are related. First is strange situation with SNI and Comodo PositiveSSL certificates. I managed to configure one https site with Comodo certificate and It's working, but other two are not working. They get wrong certificate - servers and not their own. Error: SSL_ERROR_BAD_CERT_DOMAIN. Actually they don't have <VirtualHost *:443> section on sites-enabled vhost file at all. SNI is enabled on Control Panel and SSL for sites is active. I followed Ispconfig manual when adding certificates (Create cert and then change SSL cert and boundle. Save certificate). Other problem is that apache don't start after changing to Comodo signed certificate for Ispconfig Control panel on port 8080. Changed successfully with self-signed certificate (000-ispconfig.vhost). But with Comodo wild cert is not working (I can use this cert for more then one site with SNI, right?). For SSLCACertificateFile I used boundle from Comodo mail attachment. # SSL Configuration http error_log: System info: ISPConfig version is 3.1.1p1 centos-release-7-2.1511.el7.centos.2.10.x86_64 Apache/2.4.6 (CentOS) Probably something is misconfigured. I'm looking forward to read your advices and suggestions.
Either: a) SSL is not enabled in the website. b) You did not enter the correct SSL cert AND key into the appropriate fields on the SSL tab. c) You did not select "Save certificate" in the action field before you pressed save.
Till, thank you for your answer. For a) and c) I have tryed few times (delete, create cert. Enable/disable site SNI). Not working. For b) I have pasted comodosite.crt --> SSL Certificate field and comodoboundle (COMODORSADomainValidationSecureServerCA.crt + COMODORSAAddTrustCA.crt + AddTrustExternalCARoot.crt) --> SSL Boundle field. Clicked SSL Action: Save certificate and then Save. I did not change SSL Key and SSL Request fields.
One problem (ISPConfig Control Panel SSL) solved with using just cert and private key, without boundle. SNI problem with other 3 sites (tryed with another one) is still unresolved. Not working with or without boundle certs.
Resolved. It was certificate issue at the end. I checked privat and public keys on https://www.sslshopper.com/csr-decoder.html You can do it also in shell. Thank you, Till.
