Good day everyone, I have a problem with installing an SSL certificate bought from Comodo for one of my clients (ISPConfig 3.0.4.6, Debian Squeeze 64-bit, Perfect Setup). I'm doing it with the client's credentials - and it turns out that a client can crash apache for the whole server! Anyway, this is what I did. First I checked the "SSL" mark, created a certificate, and sent CSR to Comodo. When the certificate was ready, I pasted the certifcate and SSL Bundle (as received from Comodo) to the corresponding fields, with the SSL action "Save certificate". Then after a little time apache just crashes (and it can't be manually restarted), with the following error log: Code: root@server2:/var/log/apache2# tail -f error.log [Thu Mar 21 17:58:03 2013] [notice] Digest: generating secret for digest authentication ... [Thu Mar 21 17:58:03 2013] [notice] Digest: done [Thu Mar 21 17:58:03 2013] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.4.12-1~dotdeb.1 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations [Thu Mar 21 17:58:51 2013] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /etc/apache2/htdocs [Thu Mar 21 17:59:02 2013] [notice] caught SIGTERM, shutting down [Thu Mar 21 17:59:03 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Thu Mar 21 17:59:03 2013] [notice] Digest: generating secret for digest authentication ... [Thu Mar 21 17:59:03 2013] [notice] Digest: done [Thu Mar 21 17:59:03 2013] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.4.12-1~dotdeb.1 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations [Thu Mar 21 18:02:01 2013] [notice] caught SIGTERM, shutting down Please kindly help!
The problem is now solved. It originally arose because Comodo issued their certificate based upon a slightly different spelling of the company's name - accordingly, the original CSR and the .key file didn't match with the issued certificate. I asked Comodo to re-issue the certificate, and now everything works like a charm. But still there is a matter that I touched upon previously - it looks like any client can totally hang apache for the whole server if the wrong data is pasted in the SSL fields from inside the ISPConfig client's panel.
