Forbidden You don't have permission to access this resource. error SSL

Forbidden
You don't have permission to access this resource.



I have this error because of a bad SSL configuration of my subdomain https://example.example.fr/:

when I deactivate SSL & Let's Encrypt in the isp config subdomain I get the error that appears, I would like it to take into account the ssl of my main domain name example.fr.

I would like to point out that in my main domain name the SSL is configured with a certificate created by Cloudflare in ISP config (the SSL key and the SSL certificate)

I was told that configuring SSL in my main domain name was sufficient for the rest of my subdomains using *.example.fr

I also want to mention that in the root of my domain name I have a ssl folder and there are I don't know how many duplicate triple .crt .key .bundle files

why isp config keeps creating new files without taking into account the previous ones?

 

I assure you in my main domain name, I imported a Cloudflare SSL that I integrated into ispconfig, and I unchecked the let encrypt box and the SSL of my main domain name is functional, I don't understand ...
what is the use of the ssl domain box (*.example.com, www.example.com, example.com....) if it does not propagate on my vhost subdomains?


So can you give me an example of ssl configuration on isp config please knowing that I use cloudflare I don't want there to be a conflict, for a main domain name with its vhost subdomain
so I disable ssl on cloudflare then.
I also manage the DNS of my domain names and subdomains on Cloudflare

I have problems with ssl redirection, all my subdomains are always redirected to the same vhost subdomain I think it must be a configuration problem that I must have.

 

So if I understood correctly, can you tell me if this is correct?
FYI I create vhost subdomains and not subdomains (I created cnames in my Cloudflare DNS to activate the subdomain I may be making a mistake)


if I use the ssl let's encrypt isp config:

Primary domain name

auto under domain: www
ssl: check box
lets encrypt: checkbox
ssl tab: I leave everything empty (the ssl domain drop-down list: what do I leave?)

for subdomains

auto under domain: www
ssl: check box
lets encrypt: checkbox
ssl tab: I leave everything empty (the ssl domain drop-down list: what do I leave?)




if I use cloudflare self-signed ssl:

Primary domain name

auto under domain: www
ssl: checked
lets encrypt: box unchecked
ssl tab: I put the ssl key and ssl certificate from cloudflare (the ssl domain drop-down list: what do I leave?)


for subdomains

auto under domain: www
ssl: check box
lets encrypt: box unchecked
ssl tab: I put the ssl key and ssl certificate from cloudflare (the ssl domain drop-down list: what do I leave?)

 

Perfect, thank you for the clarification, it’s much clearer for me,

I had one last question about cloudflare self-signed ssl certificates for my vhost subdomains

if I created an ssl certificate for primary domain name on cloudflare *.example.fr, example.fr (2 hosts)

for each vhost subdomain I have to recreate a new cloudflare self-signed ssl certificate or can I use the same one?

 

Hello, as mentioned above I had duplicate SSLs, I wanted to delete the ones I don't use but unfortunately I deleted the wrong one, Apache is therefore stopped and I have an error in the virtual host of the domain name, which says that the ssl files or point the file no longer exists, I tried to comment out the ssl part of the file but the error is still present, the problem is that I don't have no more access to isp config, I do not want to create a let's encrypts certificate, I would like to specify that I absolutely want to use my self-signed certificates from cloudflare that I had entered on isp config,

I tried to deactivate the file but it doesn't work

sudo a2dissite 100-blog.example.fr.vhost
ERROR: Site 100-blog.example.fr.vhost does not exist!
sudo a2dissite 100-blog.example.fr.vhost.conf
ERROR: Site 100-blog.example.fr.vhost does not exist!

I would like to point out that the files do not end in .conf in this directory but I tested by adding it

how can I do it?

 

thank you very much I was able to reinstall the ssl properly on the other hand I try to reinstall the symbolic links in sites enabled to reactivate the site and the subdomains but I have this error

sudo a2ensite example.fr.vhost
ERROR: Site example.fr.vhost does not exist!

yet the sites are present in the directory sites availables

 

So I resynchronized my websites, it activated my site with the subdomains, it worked 5 minutes then 5 minutes later

Forbidden
You don't have permission to access this resource.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

when I go to /var/www/clients/client2/ I no longer have any folders, I only have blog.exemple.fr and exemple.fr (white arrow on red background), isp config had to remove access I understand what's going on

 

I checked all the logs, there is nothing at all, no system errors,

in /var/www/clients/client2/ I have the 2 symbolic links blog.example.fr and example.fr on the other hand the web2 folder does not have inside, when I do /var/www/clients /client2/web2/ I have my site with all the content

I think the error comes from isp config not properly integrating the web2 folder into /var/www/clients/client2/,
my ftp connection also does not work for the site

 

crontab -e in file I have no line
#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log

same error as last time I do an ispconfig_update.sh --force?

I have the impression that isp config is still a little complicated to manage

here is what I got with crontab -e
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
00 1,13 * * * <FULL PATH TO>/scw-backup.sh > /dev/null 2>&1


#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command

 

/usr/local/ispconfig/server/server.sh
07.09.2023-16:07 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
07.09.2023-16:07 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished server.php.

here is what I have,

I would like to point out that I have deleted the sites in sites enabled because the ssl error is going around in circles to access isp config,

Apache ended up stopping and on the other hand the content of my site disappeared in web2

However, I followed your recommendations and I recreated the ssl via isp config to save the ssl.

If I completely delete the entire website via isp config and redo everything from the beginning, is that a solution?