Fail to open ISPConfig site: firefox 8182

Sounds like you are pressing Y "yes" instead of N "no" during step 7 and 8 of ssl certificate creation which encrypt's the private key. You will always be asked for a password whenever you want to restart your ispconfig system if the private key is encrypted.

 

There is no step 7 in the key regen that Falko posted unless I'm missing something. I think I did select that option originally yes, but now I need to undo it which is what I thought the instructions on page 1 were for.

 

It doesn't make any difference. I'm still being prompted for a password on restart of ISPconfig. Are we SURE that recreating the SSL cert will change the option to not ask for a password on startup of ISPconfig?

 

From the install instructions:

I think that they are sure.

 

I'm not getting to any of those steps when I change the cert. I'm only getting prompted for the typical cert stuff (ie. country code, state, etc).

 

Is this what you did?
http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4
Maybe you made a typo somewhere.

 

I've done this 5 times. I'm POSITIVE I did not typo. Here's my exact entry (with my password changed):

openssl genrsa -des3 -passout pass:xxxxxxx -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
openssl req -new -passin pass:xxxxxxx -passout pass:xxxxxxx -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
openssl req -x509 -passin pass:xxxxxxx -passout pass:xxxxxxx -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
openssl rsa -passin pass:xxxxxxx -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

 

if greenhornet has

Code:

chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

wouldnt he have to at least

Code:

chmod 600 /root/ispconfig/httpd/conf/ssl.key/server.key

before he tried to create a new cert so it could be rewrote ?

 

Did you run the commands one-by-one instead of all at once? Did you accept all default values?

 

running them individually solved the problem. Earlier posts did not specify that as being necessary so I did not assume it was. Thanks guys!

 

[SSL] Browser reports error

Hi guys,

First, let me once again say that I love your software and your support!

I have a small problem with generating the ISPConfig SSL certificate..
Generating the certificate itself works just fine and when I direct my browser to https://mydomain.net:81 the browser presents me with an error stating that the certificate is not signed by an official CA etc. This is normal because the certificate is self-signed. But then the browser presents me with a second error, now stating that the domain of the certificate does not match the domain I tried to access. It says the domain the certificate is assigned to is "" (blank). Is there a way to fix this? I already tried re-generating the certificate using the commands specified earlier in this thread.

**EDIT:**
Ok, I (partially) managed to solve the problem. It seems that the 'Common name' is the one that I should fill in properly in order to correct the error. Sorry if this is obvious to you guys But, when I tried to connect to my mailuser login and I got the same error.
That is, if I connected to https://www.mydomain.net:81 I got no error stating that my domains do not match, but if I connected to https://www.mydomain.net:81/mailuser I did get an error stating the domains do not match.

I found out that if I change the common name to mydomain.net (without the www) and I direct my browser to http://mydomain.net:81/mailuser it all goes well. I suppose the problem lies in the fact that I initially chose my FQDN to be mydomain.net instead of www.mydomain.net thus making ISPConfig 'internally' redirect requests to http://mydomain.net:81/mailuser instead of http://www.mydomain.net:81/mailuser. Does this sound sensible? Anyway, I think I'm happy the way it is now So thanks again for the great howto's and ISPConfig!

Greets, Steven
- The Netherlands

 

Courier SSL certificate

Hi
*See post above..*
Just a small question about the courier SSL certificate.. (I hope this is the right thread to post this.) As you can see from my post above I managed to re-generate the SSL certificates for ISPConfig. Thanks to the 'perfect setup' howto for ubuntu 7.10 I also managed to do this for the postfix SSL certificate, which was also giving me an error about non-matching domains. It all works very smoothly now, except for the Courier pop3-ssl server. Since that SSL certificate is auto-generated by courier upon installation I don't know how to modify it in order to get matching domains. In fact, all I want to do is change the 'Common name' setting of the certificate. To do this I suppose I need to regenerate the certificate for courier. Does anyone know a way to do this without messing up anything?

**EDIT:**
Ok, I also managed to solve this one. Sorry for these self-answered posts, but I'm posting them anyway in case someone else is having the same problem. In order to get the Courier pop3 SSL certificate working I did the following:

(WARNING! This worked for me, I am not sure it will work for everyone. I am running an Ubuntu 7.10 'perfect server', installed using the Perfect Server Howto found here. If you are running something else, at least check the paths before trying this. Also, I am not aware of any nasty side-effects. For me there don't seem to be any.)

- First edit the file '/etc/courier/pop3d.cnf' This contains the defaults used by mkpop3dcert (the tool used by courier to create a self-signed certificate).

Code:

# vim /etc/courier/pop3d.cnf

- Then re-generate the .pem file using mkpop3dcert. (Perhaps it is wise to backup the original first..)

Code:

# cd /usr/lib/courier
# cp pop3d.pem pop3d.pem-orig
# mkpop3dcert

(As you can see I did not add './' to the mkpop3dcert command. It seems to be in my path..)
- Next we copy the new .pem to the dir used by courier. (I also backup the original first..)

Code:

# cp /etc/courier/pop3d.pem /etc/courier/pop3d.pem-orig
# cp /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem

- And make sure the permissions are correct.

Code:

# chmod 600 /etc/courier/pop3d.pem

- Finally reload the courier ssl server.

Code:

# /etc/init.d/courier-pop-ssl force-reload

Greets, Steven

 

Cannot log in! Could not connect to MySQL server

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key


I did this and I could get in ISPConfig and login with admin to.

Then I JUST RESTARTED the pc and i can no longer login!! It shows this errors on the page:

Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '127.0.0.1' (4) in /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php on line 77

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 40

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 40

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 41

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 41

Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php:77) in /home/admispconfig/ispconfig/web/login/login.php on line 60



I tried to restart ISPConfig but it says this:

root@linuxsrv:~# /etc/init.d/ispconfig_server restart
Shutting down ISPConfig system...
/root/ispconfig/httpd/bin/apachectl stop: httpd stopped
ISPConfig system stopped!
Starting ISPConfig system...
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
Could not connect to MySQL server!ISPConfig system is now up and running!


WHAT CAN I DO? Please help me.

Thank you.

 

Still cannot login in ISPConfig

root@linuxsrv:~# /etc/init.d/mysql start
* Starting MySQL database server mysqld [ OK ]

I did that but it remains the same. :S

I still cannot login in ISPConfig. The first time i logged in everything went fine. I just shutdown my system and then i turned it on and the ISPConfig simply doesn't allow any login.

Here are the errors again when i try to log in:

Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '127.0.0.1' (4) in /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php on line 77

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 40

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 40

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 41

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 41

Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php:77) in /home/admispconfig/ispconfig/web/login/login.php on line 60

What is going on? :S
Please help me.
Thank you

 

What's the name of the MySQL user you're using in /home/admispconfig/ispconfig/lib/config.inc.php? Should be root.

 

Excellent thread.
Thanks to everyone for questions and answers, (I cant believe I read the whole thing, even most of the error codes)!
This reminds me of the nightmare I went thru last year with expired certs. I wished I was here back then.

 

I guess this happens a lot of times That people have got special chars in their passwords which will cause that.

Thanks again Falko

 

That's not possible because 446 is not the default port.