(Comodo) Cert problems: SNI working just for one site.

Discussion in 'Installation/Configuration' started by Edo-K, May 16, 2017.

  1. Edo-K

    Edo-K New Member

    I have two problems. Not sure if these problems are related. First is strange situation with SNI and Comodo PositiveSSL certificates. I managed to configure one https site with Comodo certificate and It's working, but other two are not working. They get wrong certificate - servers and not their own. Error: SSL_ERROR_BAD_CERT_DOMAIN.
    Actually they don't have <VirtualHost *:443> section on sites-enabled vhost file at all.
    SNI is enabled on Control Panel and SSL for sites is active. I followed Ispconfig manual when adding certificates (Create cert and then change SSL cert and boundle. Save certificate).
    Other problem is that apache don't start after changing to Comodo signed certificate for Ispconfig Control panel on port 8080. Changed successfully with self-signed certificate (000-ispconfig.vhost). But with Comodo wild cert is not working (I can use this cert for more then one site with SNI, right?).
    For SSLCACertificateFile I used boundle from Comodo mail attachment.

    # SSL Configuration
    http error_log:
    System info:
    ISPConfig version is 3.1.1p1
    Apache/2.4.6 (CentOS)

    Probably something is misconfigured.
    I'm looking forward to read your advices and suggestions.
  2. till

    till Super Moderator Staff Member ISPConfig Developer


    a) SSL is not enabled in the website.
    b) You did not enter the correct SSL cert AND key into the appropriate fields on the SSL tab.
    c) You did not select "Save certificate" in the action field before you pressed save.
  3. Edo-K

    Edo-K New Member

    Till, thank you for your answer.

    For a) and c) I have tryed few times (delete, create cert. Enable/disable site SNI). Not working.
    For b) I have pasted comodosite.crt --> SSL Certificate field and comodoboundle (COMODORSADomainValidationSecureServerCA.crt + COMODORSAAddTrustCA.crt + AddTrustExternalCARoot.crt) --> SSL Boundle field. Clicked SSL Action: Save certificate and then Save.

    I did not change SSL Key and SSL Request fields.



  4. Edo-K

    Edo-K New Member

    One problem (ISPConfig Control Panel SSL) solved with using just cert and private key, without boundle.
    SNI problem with other 3 sites (tryed with another one) is still unresolved. Not working with or without boundle certs.
  5. Edo-K

    Edo-K New Member

Share This Page