Sorry for misplaced in wrong forum (ISPConfig 2), please delete ther and reply here! It's for ISPConfig 3, thanks. Just installed the SSL Class 1 Certificate and followed the Guide: http://www.howtoforge.com/securing-y...-from-startssl and get an Apache Error: Apache failed to start Code: [Wed Dec 11 20:52:44 2013] [notice] caught SIGTERM, shutting down [Wed Dec 11 20:52:46 2013] [error] Init: Unable to read server certificate from file /usr/local/ispconfig/interface/ssl/ispserver.crt [Wed Dec 11 20:52:46 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Dec 11 20:52:46 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Dec 11 21:03:31 2013] [error] Init: Unable to read server certificate from file /usr/local/ispconfig/interface/ssl/ispserver.crt [Wed Dec 11 21:03:31 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Dec 11 21:03:31 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Dec 11 21:05:45 2013] [error] Init: Unable to read server certificate from file /usr/local/ispconfig/interface/ssl/ispserver.crt [Wed Dec 11 21:05:45 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Dec 11 21:05:45 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error What I could do now? Thanks. _________
***BUMP****!!!! I really need to know what to do next because my Mail servers are not working any more as of now! Was "update" ISPConfig and get the same result! How to revert back completely as withyout SSL Cert? Thanks.
The ssl format of a ssl cert or key file that you installed is wrong or broken. Recreate a new self signed ssl certificate as decribed in the first part of the startssl guide and restart apache. If it works, then redo the other steps of the guide.
Also: Do I need to recreate a new Cert via StartSSL or could I redownload the existing one and use again? Thanks.
No, the issue is not related to ispconfig directly. The guide that you used contains instruction on how to create the sl cert.
If you recreate a self signed ssl cert, then you have to sign it again at startssl to get a new signed ssl cert. Off course, you can try to compare the certs first, maybe you find your issue that way without creating a new ssl cert.
OK, was thinking is part of ISPConfig because while the process for to create the SSL Cert is just starting below the ISPConfig Logo. Ok will do that and see I get the Apache back working and my Mail Servers for sure!! Thanks.
OK, seems to be that Apache is working again: Code: [Thu Dec 12 15:41:10 2013] [warn] The Alias directive in /etc/apache2/conf.d/squirrelmail.conf at line 3 will probably never match because it overlaps an earlier Alias. [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:443 has no VirtualHosts [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:80 has no VirtualHosts [Thu Dec 12 15:41:10 2013] [warn] The Alias directive in /etc/apache2/conf.d/squirrelmail.conf at line 3 will probably never match because it overlaps an earlier Alias. [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:443 has no VirtualHosts [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:80 has no VirtualHosts Restarting web server: apache2. Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -A -u 1000 -H -E -b -D -4 -Y 1 -B Update finished. Or did you see anything wrong? Thanks.
Thats right, the initial certificate is created by ispconfig. But thats not related to the startssl issue that you are having now. You can create a new ssl cert with ispconfig, but therefor you would have to reinstall the server and I guess that not what you want, especially as its not nescessary.
As I run: Code: ls -l /usr/local/ispconfig/interface/ssl/ i get the following: Code: total 52 -rwxr-x--- 1 ispconfig ispconfig 2760 May 7 2008 ca.pem.1 -rwxr-x--- 1 ispconfig ispconfig 2187 Dec 12 15:40 ispserver.crt -rwxr-x--- 1 ispconfig ispconfig 2171 Dec 11 16:10 ispserver.crt_bak -rwxr-x--- 1 ispconfig ispconfig 1850 Dec 12 15:40 ispserver.csr -rwxr-x--- 1 ispconfig ispconfig 3247 Dec 12 15:40 ispserver.key -rwxr-x--- 1 ispconfig ispconfig 3311 Dec 12 15:38 ispserver.key.secure -rwxr-x--- 1 ispconfig ispconfig 10824 Dec 11 20:49 ispserver.pem -rwxr-x--- 1 ispconfig ispconfig 2760 May 7 2008 startssl.ca.crt -rwxr-x--- 1 ispconfig ispconfig 4972 Dec 11 20:49 startssl.chain.class1.server.crt -rwxr-x--- 1 ispconfig ispconfig 2212 Apr 18 2010 startssl.sub.class1.server.ca.crt root@server:/tmp/ispconfig3_install/install/ispconfig3_install/install/ispconfig3_install/install# There still the Certs from StartSSL in, do I need to delete them? Thanks.
