Hello, When I try to generate a SSL cert the section "SSL Request" still empty ? Configuration VMware 15 Ubuntu 20.04.2 LTS (Focal Fossa)) ISPConfig 3.2.5 Fresh install
How are you generating it? I tried to figure out what might be happening, and can not quite get it. Are you creating certificate for a website? You are not using Let's Encrypt cerrtificate but instead want to use self signed or purchased certificate? Have you read page 133 of ISPConfig 3.1 Manual?
Hello @Taleman, I can't use Let's Encrypt on a VMware install because the domain that I use do not exist (something like server1.example.com) So I try to create one self signed certificate, the "SSL Key" & "SSL Certificate" fields are filed, but the "SSL Request" remain empty. The only solution I found it's to create one self signed certificate on my old virtual machine on ubuntu 18.04 with ISPConfig 3.1 and copy paste all fields. I try to build a complete new install with the tutorial "Perfect Server Automated ISPConfig 3 Installation on Debian 10 and Ubuntu 20.04" usign the command "wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades" and I still have the same issue. I have another virtual machine where I have updated ubuntu 18.04 to 20.04 and ISPConfig 3.1 to 3.2 and I do not have this issue with it, but another one. The Job Queue is stuck . But before that issue, it was possible to create a self signed certificate. My knowledge about unix is limited, I have some DOS base from my Amiga time, but I'm not familiar with all unix terms
Hello @till, what can I do to fix it ? Because if "SSL Request" remain empty, the website is not reachable at all from Chrome & Firefox. I do not have the possibility to bypass the message : "Your connection is not private. Attackers might be trying to steal your information ... bla bla bla"
The SSL CSR field is not used nor needed to serve SSL encrypted data to the client browser. If you have issues with serving the website SSL encrypted, then your issue is not related to the CSR field being empty. The only thing that does not work at the moment is to create a CSR request inside ISPConfig to Buy a third-party SSL cert. SSL itself works fine and is unaffected, so you can still use SSL with Let's encrypt and you can still create a self-signed SSL cert in ISPConfig and you can also use any third-party SSL cert, you just have to generate the CSR and key outside of ISPConfig.
Here you can read what a CSR is: https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html for the actual SSL connection, a CSR is not used at all. For the connection, you just need the SSL key and SSL crt.
Ok the CSR was not the issue. But I found something strange. If I add 2 websites, the first mywebsite.tld and the second mywebsite.dev Then I create 2 SSL certificate with same informations for the fields State, Locality ... When I try to reach each domain I do not have the same message With *.tld I can bypass the warning message but I do not have this option with *.dev ?
As your message shows, your dev site uses HSTS; if you want to connect to it using an invalid certificate, you will have to disable HSTS and get your browser to forget that HSTS was formerly in use (search for your specific browser to find how to do so).
@Jesse Norell both websites have exactly the same configuration in ISPConfig. The only difference it's the extension. So why .dev use HSTS and not .tld ?
If you didn't use ispconfig to set that header, it could be the website itself sending that, or a .htacess file.
It might depend on the TLD that the domain uses. If I remember correctly that I've read some time ago that some TLDs are treated differently by browsers.
You could have used HSTS on the site/domain in the past and your browser will remember that for as long as the HSTS header told it to (potentially years); search for how to clear that (eg. "Firefox forget HSTS").
Not really, see here: https://get.dev/ I'll cite from Wikipedia: "The .dev top-level domain is incorporated on the HSTS preload list, requiring HTTPS on all .dev domains without individual HSTS enlistment.".
@till thanks for the intel. I wasted two days trying to solve this problem thinking that I had wrongly installed ISPConfig lol