Hi, I am trying to create an SSL certificate for a domain I am hosting and everytime I enter the certificate sent to me from Commodo and click save under ISPCONFIG it causes httpd to stop and I cannot restart it. This is from the error_log: [Tue Jun 16 15:01:02 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Jun 16 15:01:04 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Jun 16 15:01:05 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Jun 16 15:01:06 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory [Tue Jun 16 15:01:08 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Jun 16 15:02:55 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) Once I delete the SSL certificate for the domain, httpd restarts instantly and we are all okay again. I can confirm the following files are created in the SSL data directory once I input the certificate file received from Commodo and upload the bundle. www_domain.com.ca-bundle www_domain.com.csr www_domain.com.crt www_domain.com.key www_domain.com.key.org Any advice on how to get this working will be appreciated as the site is due to go live immediately. The domain is on its own dedicated, routable IP address. Thanks in advance Matt
There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.
Hi Till, No that is not the case. I uploaded the bundle through FTP to the SSL directory of the website as per the instructions on the Comodo webpage and added the apache directives. https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=264&nav=0,96,1 Please advise. Matt
Hi Falko, output is [punto@web ~]# httpd -t Syntax OK Httpd started once I deleted the created certificate. I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome. One other thing I noticed (happened the first time httpd crashed, but not the second) was the vhosts.conf file was completely deleted (when I removed the certificate and apache crashed) and I needed to restore it from the most recent snapshot file. I did not try creating the cert request or adding the certificate file directly on the shell, it was all done through the ISPCONFIG web interface. Thanks Matt
Thanks Falko, not sure why I didnt check the website's error log rather than the system's. Okay here is what appeared in the log at time of trying to save the certificate from Comodo [Mon Jun 15 21:40:39 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:40:39 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k ey:key values mismatch [Mon Jun 15 21:40:43 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:40:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k ey:key values mismatch [Mon Jun 15 21:41:40 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:41:40 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k ey:key values mismatch [Mon Jun 15 21:42:43 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:42:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k ey:key values mismatch [Mon Jun 15 21:43:15 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:43:15 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Mon Jun 15 21:44:00 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:44:00 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:func(128):reason(116) [Mon Jun 15 21:44:01 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:44:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Mon Jun 15 21:46:23 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:46:23 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Mon Jun 15 21:47:32 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:47:32 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Mon Jun 15 21:47:35 2009] [error] Unable to configure RSA server private key [Mon Jun 15 21:47:35 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 14:59:50 2009] [error] Unable to configure RSA server private key [Tue Jun 16 14:59:50 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 14:59:52 2009] [error] Unable to configure RSA server private key [Tue Jun 16 14:59:52 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 14:59:58 2009] [error] Unable to configure RSA server private key [Tue Jun 16 14:59:58 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 14:59:59 2009] [error] Unable to configure RSA server private key [Tue Jun 16 14:59:59 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:00:01 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:00:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:01:03 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:01:03 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:01:04 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:01:04 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:01:05 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:01:05 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:01:06 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:01:06 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:01:09 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:01:09 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h [Tue Jun 16 15:02:56 2009] [error] Unable to configure RSA server private key [Tue Jun 16 15:02:56 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc h Thanks Matt
Looks as if you uploaded a certificate that was not based on the csr that was created by ispconfig. This results in a mismatch of the ssl key and apache is not able to start anymore. To avoid this, take the csr (certificate signing request) that was created by ispconfig and let it sign from your ssl company and then copy the new cert that you get back into the certificate field in ispconfig and select save as action and click on save.
