I followed all of the steps here very carefully, save one. I went through the ispconfig installation with "standard" rather than "expert" mode. I'm hoping that this is the solution to the problem I'm having. Everything in the How To went very smoothly. At the end. Since this is a test environment, the system has a hostname, but is setup as localhost.localdomain. After the completion of the install, I went to "https://my_ip_address:81", and got this message (firefox 1.5) "Could not establish an encrypted connection because certificate presented by 'my_ip_address' is invalid or corrupted. Error code: -8182 ... Any input to this would be greatly appreciated. I'm sure I followed every step here quite carefully (with the noted exception above). This is my first server install, so I was really quite pleased with the progress I had made until this.
You have a corrupt SSL certificate. Create a new one as outlined here: http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4
fallko~ Thank you for the reply. That certainly helped. The keys now show up in the directory where they should have showed before (although for some reason I don't recall doing the steps you outlined as part of the how-to)... Now, whether I use https://my_ip_address:81 or http , I get "The connection was refused when attempting to contact my_ip_address:81" the box is alive, and it can be ping-ed... the logs don't have any strange entries in them, so according to the installation and setup, everything "looks" as though it went fine. I appreciate your feedback.
Falko~ I went back through all of my notes on the installation and found one deviation that I made - it seems relatively minor, but I'm wondering if this has anything to do with the problem of not being able to connect... When installing ispconfig, i didn't choose "expert" mode. So, apache2 sees the doc root in /var/www , while ispconfig sees it in its default, which I believe is /home/www ... /home/www is empty, and /var/www contains: apache2-default sharedip webalizer Could this be the problem ?
Falko~ ok... more good news. If I access the site by ip address (port 80), I get a directory listing as above (apache2-default sharedip webalizer). If I select apache2-default, I get the expected Apache default index.html . If I select sharedip, I get this: "SharedIP" This IP address is shared. For access to the web site which you look for, enter its address instead of its IP. For questions or problems please contact the server administrator. -------------------------------------- powered by ISPConfig So, apparently I can see the server and at least get to the default page(s)... It feels like a config problem to me.
I am stuck in the same position. I have done a re-install, but still get stuck in the same position. If I use lynx to view ispconfig on the ispconfig machine, I get want I want to see.
The original certificate was generated during the ISPConfig installation. I guess you entered wrong values there. Please post the output of Code: netstat -tap Also make sure that no firewall blocks port 81.
Then I guess it's a firewall problem. Make sure your firewall doesn't block port 81. Is your ISPConfig system inside a LAN, and you're trying to access it from the outside? Then the problem could be that some providers block port 81.
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdo:mysql *:* LISTEN 7901/mysqld tcp 0 0 *:ftp *:* LISTEN 14588/proftpd: (acc tcp 0 0 216.215.55.21:domain *:* LISTEN 14574/named tcp 0 0 localhost.locald:domain *:* LISTEN 14574/named tcp 0 0 localhost.localdoma:953 *:* LISTEN 14574/named tcp 0 0 *:smtp *:* LISTEN 14544/master tcp6 0 0 *:imaps *:* LISTEN 9520/couriertcpd tcp6 0 0 *op3s *:* LISTEN 9423/couriertcpd tcp6 0 0 *op3 *:* LISTEN 9360/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 9465/couriertcpd tcp6 0 0 *:www *:* LISTEN 22114/apache2 tcp6 0 0 *:ssh *:* LISTEN 6915/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 14574/named tcp6 0 0 *:https *:* LISTEN 22114/apache2 tcp6 0 352 ::ffff:216.215.55.2:ssh ::ffff:209.208.34:50709 ESTABLISHED21892/sshd: gymsmoke
[email protected]:/etc/apache2/sites-available# /etc/init.d/ispconfig_server start Starting ISPConfig system... /root/ispconfig/httpd/bin/apachectl startssl: httpd started FreshClam is already running! ISPConfig system is now up and running! Ok... ispconfig is up and running... here is the re-do of netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdo:mysql *:* LISTEN 7901/mysqld tcp 0 0 *:ftp *:* LISTEN 3550/proftpd: (acce tcp 0 0 216.215.55.21:domain *:* LISTEN 3536/named tcp 0 0 localhost.locald:domain *:* LISTEN 3536/named tcp 0 0 localhost.localdoma:953 *:* LISTEN 3536/named tcp 0 0 *:smtp *:* LISTEN 3506/master tcp6 0 0 *:imaps *:* LISTEN 9520/couriertcpd tcp6 0 0 *op3s *:* LISTEN 9423/couriertcpd tcp6 0 0 *op3 *:* LISTEN 9360/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 9465/couriertcpd tcp6 0 0 *:www *:* LISTEN 3409/apache2 tcp6 0 0 *:ssh *:* LISTEN 6915/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 3536/named tcp6 0 0 *:https *:* LISTEN 3409/apache2 tcp6 0 448 ::ffff:216.215.55.2:ssh ::ffff:209.208.34:50709 ESTABLISHED21892/sshd: gymsmok Using Firefox 1.5 on Ubuntu 5.10, I go to https://216.215.55.21:81 , and get this: Unable to connect Firefox can't establish a connection to the server at 216.215.55.21:81. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. There is no firewall on the box running ispconfig I;m running firestarter locally and have allowed incoming connections from this box.
I tried the other suggestion of using lynx on the local machine to access the page as: [email protected]:/etc/apache2/sites-available# lynx https://216.215.55.21:81 Looking up 216.215.55.21:81 Making HTTPS connection to 216.215.55.21:81 Alert!: Unable to connect to remote host. lynx: Can't access startfile https://216.215.55.21:81/ And again as: [email protected]:/etc/apache2/sites-available# lynx https://127.0.0.1:81 Looking up 127.0.0.1:81 Making HTTPS connection to 127.0.0.1:81 Alert!: Unable to connect to remote host. lynx: Can't access startfile https://127.0.0.1:81/ I hope this doesn't sound too n00b-ish, but, as i said in an earlier post, this machine is setup as localhost.localdomain ... Does ispconfig need to have a public domain in order for it to work at all?
It seems as if ISPConfig doesn't start for some reason. Can you find errors in /root/ispconfig/httpd/logs?
Yes, there are... error_log: [Wed Mar 29 05:23:58 2006] [warn] pid file /root/ispconfig/httpd/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? [Wed Mar 29 05:23:58 2006] [error] mod_ssl: Init: (localhost.localdomain:81) Unable to configure RSA server private key (OpenSSL library error follows) [Wed Mar 29 05:23:58 2006] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch ssl_engine_log: [29/Mar/2006 05:23:57 07298] [info] Server: Apache/1.3.34, Interface: mod_ssl/2.8.25, Library: OpenSSL/0.9.8a [29/Mar/2006 05:23:57 07298] [info] Init: 1st startup round (still not detached) [29/Mar/2006 05:23:57 07298] [info] Init: Initializing OpenSSL library [29/Mar/2006 05:23:57 07298] [info] Init: Loading certificate & private key of SSL-aware server localhost.localdomain:81 [29/Mar/2006 05:23:57 07298] [info] Init: Seeding PRNG with 136 bytes of entropy [29/Mar/2006 05:23:57 07298] [info] Init: Generating temporary RSA private keys (512/1024 bits) [29/Mar/2006 05:23:58 07298] [info] Init: Configuring temporary DH parameters (512/1024 bits) [29/Mar/2006 05:23:58 07299] [info] Init: 2nd startup round (already detached) [29/Mar/2006 05:23:58 07299] [info] Init: Reinitializing OpenSSL library [29/Mar/2006 05:23:58 07299] [info] Init: Seeding PRNG with 136 bytes of entropy [29/Mar/2006 05:23:58 07299] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [29/Mar/2006 05:23:58 07299] [info] Init: Configuring temporary DH parameters (512/1024 bits) [29/Mar/2006 05:23:58 07299] [info] Init: Initializing (virtual) servers for SSL [29/Mar/2006 05:23:58 07299] [info] Init: Configuring server localhost.localdomain:81 for SSL protocol [29/Mar/2006 05:23:58 07299] [warn] Init: (localhost.localdomain:81) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [29/Mar/2006 05:23:58 07299] [warn] Init: (localhost.localdomain:81) RSA server certificate CommonName (CN) `gymsmoke' does NOT match server name!? [29/Mar/2006 05:23:58 07299] [error] Init: (localhost.localdomain:81) Unable to configure RSA server private key (OpenSSL library error follows) [29/Mar/2006 05:23:58 07299] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Obviously, I borked something up generating the keys... But I didn't see anything here that indicated an error on generating them...
I guess you entered something wrong when you created the new certificate. Create another one and accept the default values.
falko~ Okay. Here's what I did... [email protected]:/# openssl genrsa -des3 -passout pass:xXxXxX -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024 Generating RSA private key, 1024 bit long modulus ..................++++++ .........................................................++++++ e is 65537 (0x10001) [email protected]:/# [email protected]:/# openssl req -new -passin pass:xXxXxX -passout pass:xXxXxX -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [email protected]:/# [email protected]:/# openssl req -x509 -passin pass:xXxXxX -passout pass:xXxXxX -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365 [email protected]:/# [email protected]:/# openssl rsa -passin pass:xXxXxX -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key writing RSA key [email protected]:/# [email protected]:/# chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key [email protected]:/# [email protected]:/root/ispconfig/httpd/logs# cat /dev/null > ./error_log [email protected]:/root/ispconfig/httpd/logs# cat /dev/null > ./ssl_engine_log [email protected]:/root/ispconfig/httpd/logs# /etc/init.d/ispconfig_server restart Shutting down ISPConfig system... /root/ispconfig/httpd/bin/apachectl stop: httpd stopped ISPConfig system stopped! Starting ISPConfig system... /root/ispconfig/httpd/bin/apachectl startssl: httpd started ISPConfig system is now up and running! [email protected]:/root/ispconfig/httpd/logs# more error_log [Wed Mar 29 12:21:37 2006] [notice] caught SIGTERM, shutting down [Wed Mar 29 12:21:44 2006] [notice] Apache/1.3.34 (Unix) PHP/5.1.2 mod_ssl/2.8.25 OpenSSL/0.9.8a configured -- resuming normal operations [Wed Mar 29 12:21:44 2006] [notice] Accept mutex: sysvsem (Default: sysvsem) [email protected]:/root/ispconfig/httpd/logs# more ssl_engine_log [29/Mar/2006 12:21:43 13272] [info] Server: Apache/1.3.34, Interface: mod_ssl/2.8.25, Library: OpenSSL/0.9.8a [29/Mar/2006 12:21:43 13272] [info] Init: 1st startup round (still not detached) [29/Mar/2006 12:21:43 13272] [info] Init: Initializing OpenSSL library [29/Mar/2006 12:21:43 13272] [info] Init: Loading certificate & private key of SSL-aware server localhost.localdomain:81 [29/Mar/2006 12:21:43 13272] [info] Init: Seeding PRNG with 136 bytes of entropy [29/Mar/2006 12:21:43 13272] [info] Init: Generating temporary RSA private keys (512/1024 bits) [29/Mar/2006 12:21:43 13272] [info] Init: Configuring temporary DH parameters (512/1024 bits) [29/Mar/2006 12:21:44 13273] [info] Init: 2nd startup round (already detached) [29/Mar/2006 12:21:44 13273] [info] Init: Reinitializing OpenSSL library [29/Mar/2006 12:21:44 13273] [info] Init: Seeding PRNG with 136 bytes of entropy [29/Mar/2006 12:21:44 13273] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [29/Mar/2006 12:21:44 13273] [info] Init: Configuring temporary DH parameters (512/1024 bits) [29/Mar/2006 12:21:44 13273] [info] Init: Initializing (virtual) servers for SSL [29/Mar/2006 12:21:44 13273] [info] Init: Configuring server localhost.localdomain:81 for SSL protocol [29/Mar/2006 12:21:44 13273] [warn] Init: (localhost.localdomain:81) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [email protected]:/# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdo:mysql *:* LISTEN 7098/mysqld tcp 0 0 *:81 *:* LISTEN 13273/ispconfig_htt tcp 0 0 *:ftp *:* LISTEN 13448/proftpd: (acc tcp 0 0 216.215.55.21:domain *:* LISTEN 13434/named tcp 0 0 localhost.locald:domain *:* LISTEN 13434/named tcp 0 0 localhost.localdoma:953 *:* LISTEN 13434/named tcp 0 0 *:smtp *:* LISTEN 13404/master tcp6 0 0 *:imaps *:* LISTEN 7008/couriertcpd tcp6 0 0 *op3s *:* LISTEN 7043/couriertcpd tcp6 0 0 *op3 *:* LISTEN 7023/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 6988/couriertcpd tcp6 0 0 *:www *:* LISTEN 13309/apache2 tcp6 0 0 *:ssh *:* LISTEN 7238/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 13434/named tcp6 0 0 *:https *:* LISTEN 13309/apache2 tcp6 0 0 ::ffff:216.215.55.2:ssh ::ffff:209.208.34:50022 ESTABLISHED7537/sshd: gymsmoke lynx https://216.215.55.21:81 SSL error:Can't find common name in certificate-Continue? (y) y [login_logo.png] Here you can log in: Username: ____________________ Password: ____________________ Login (a message comes up saying "Location URL is not absolute") and then an Invalid username... (I don't know what to use here to login initially) ... Looks like I'm a step closer, since Lynx (local machine) can access this. I still get "Operation timed out when attempting to contact 216.215.55.21" from the remote laptop... Howerver - Woot!!! After asking me 3 or 4 times to accept a certificate (I tried permanent, but Firefox 1.5 on Ubuntu wouldn't allow that so I took "for this session")... I got the ispconfig Login Screen!!!!! How do I login initially? And, even more importantly, how to I set the certificates up so they are more applicable than just having all "blanks" and defaults?
Username admin, password: admin. By using other values during the certificate creation. The "Common Name" is your URL (e.g. www.example.com), not your name.
I'm becoming more convinced that this really needs a public domain to act properly. The certs are a little out of whack, but, after logging in, I notice that the status icons and graphics don't show up, and when selecting 'log out' I get this error: Unable to connect Firefox can't establish a connection to the server at localhost.localdomain:81. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Also, from anywhere within ISPConfig, if you click the select-able links (which check the local system), they all give a 404 error, along with an error that "localhost.localdomain" cannot be reached. Can you please tell me if this needs to be installed in a publicly registered domain in order to test it? I'm getting a little frustrated wasting my time with this. If it has to be tested in a "live" environment, I need to know it so that I can make arrangements to try it out, or just dump it from the server and only test the Ubuntu server characteristics/packages
You will have to use another domain as localhost. The problem with localhost.localdomain is, that it alwyas point to the local computer. This means if your firefox runs on another pc, localhost for firefox is its own pc, not your server.