Fail to open ISPConfig site: firefox 8182

It complains about my certificate being invalid, how can I fix this?

IE doesnt open at all

My setup using debian and the howto at http://www.falkotimme.com/howtos/perfect_setup_debian_sarge/

worked great until now...

Help please

 

Is ISPConfig running? Execute

Code:

netstat -tap

and look if ISPConfig is running on port 81. If not, restart ISPConfig:

Code:

/etc/init.d/ispconfig_server restart

BTW, you did try to connect on port 81, didn't you (it's https://url_of_your_server:81)?

It's also possible that the firewall on your desktop is blocking access to port 81. Shut down your firewall and try again.

 

yes it is running, however the certificates the setup generated seem to be faulty, is there a way to restart that part of the setup or an other way to re-generate those certificates?

 

Try this:

Code:

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

Restart ISPConfig afterwards.

 

Well, firefox at least gives me the option now. It still says, "This certificate is not in the trusted root database." Is that normal?

 

How to remove SSL from port 81.

I have the SSL working for port 81, admin console, no problem. However, I want to have a cert on port 80 (192.168.0.195:80) but I can't because there already is a cert for that IP. How to remove the https: access and use http: ?

 

Is there a step-by-step description of how to install a bought certificate into a working ISPConfig setup?

I'm thinking about the certificate for the Admin login, not the public server.

 

http://www.instantssl.com/ssl-certificate-support/ssl-certificate-index.html

The "Certificate Signing Request" is /root/ispconfig/httpd/conf/ssl.csr/server.csr, the certificate is /root/ispconfig/httpd/conf/ssl.crt/server.crt.

 

Thank you. I really appreciate your quick and helpful replies.

If paid-for software was as well supported as ISPConfig, life would be so much easier!

 

Hmm. I've hit a snag. When I paste in the csr, I get:

"UK is an Invalid Country - do you mean GB?"

The answer to that question is "Yes" but there is nowhere for me to put that. So I guess I need to generate the csr again, properly this time.

Suppose I need to do all that "openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024" and so on mentioned above.

I'm not sure what I am supposed to put in place of "yourpassword" for that.

Trial and error with certificates seems to be getting me just errors!

 

You can make up a new password and replace yourpassword with it.

 

And it doesn't matter if that doesn't match any other passwords? Will I need it later (after the certificate is issued?) or can I forget it?

 

You should write it down! I think you need it if you want to change the certificate for some reason (i.e. change of company name or stuff like that) before it expires. I think your CA (e.g. instantssl.com) wants to see that password then, but I'm not quite sure.

 

I now have a second IP assigned, and I have added it in /etc/network/interfaces by adding a section that says:

auto eth0:1
iface eth0:1 inet static
address 80.bb.cc.ddd
netmask 255.255.255.255
pointopoint 80.bb.cc.1
gateway 80.bb.cc.1

(Originally, I used auto eth0 and that seemed to give an error.) After a network restart, I seem to be able to ping the new IP.

I did that, but after I'd restarted the Apache server using 'apachectl restart' it only gave a blank window when I tried to go to the control panel.

Can you give specific details about what needs to be changed in these files?

Is it necessary to have it listen to multiple IPs if the server only has one IP? I can't work out where to control which IP the apache2 server is listening on. There seem to be so many configuration files for it! Even if I found where, I know how to make it listen on all (*) or on specific IPs, but how do I exclude one IP?

 

You can use the Listen directive. For example, you can write

Code:

Listen 127.0.0.1:80
Listen <your public ip>:80

You see, it's allowed to have multiple Listen directives.

In /root/ispconfig/httpd/conf/httpd.conf you have to replace all occurences of port 81 with the new port number, the same goes for /home/admispconfig/ispconfig/lib/config.inc.php.

 

I'm not really clear about where the Listen directives need to go. There seem to be several possible places for it in Apache2. But that's to control where Apache2 listens to normal website connections.

The other two files refer to the Apache1 ISPConfig admin server, don't they? I need to be able to specify a different IP for that as well as changing the port. Do I need to actually specify a port number if I want it to use the standard https port?

 

Run

Code:

httpd -V

and you'll see which file is the Apache2 configuration file. Many distributions split this file up, so you might see some "Include" lines in the main configuration file. You might have to search these included files also for the Listen directive.

Yes.

Yes.

 

When I try to recreate certificate I receive this error in shell:

shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory