After Upgrading ISPConfig from 3.1.15 to 3.2 the "SSLCertificateChainFile" parameter is missing from the apache client vhosts. System is Running on Ubuntu 18.04 with Apache Webserver. Does anyone have the same issue? You can test via https://www.ssllabs.com/ssltest/
Thank you for the quick response. My vhost.conf.master is the same as in the ISPConfig-3.2.tar.gz 0d9c0fbac7bac0f706ffbbe6a83e9685 /usr/local/ispconfig/server/conf/vhost.conf.master 0d9c0fbac7bac0f706ffbbe6a83e9685 ./ispconfig3_install/server/conf/vhost.conf.master SSL is enabled and the bundle file is present in the folder. I've added the "SSLCertificateChainFile" parameter config to all .vhost files manually.
You should not do that, as changes will be overwritten the next time you change the config through ISPConfig. Is SSL enabled and is there a bundle cert present?
Yes SSL is enabled an the bundle cert is present. I know that it will be overwritten, but it is at least a workaround for this issue.
Ah, SSLCertificateChainFile became obsolete, so we don't add it to vhosts for apache 2.4.8 or newer: https://httpd.apache.org/docs/current/mod/mod_ssl.html It's not need either - what is the problem you have when it's missing? and is your apache up to date?
I'm running the most recent Version of Apache2 on Ubunut 18.04 # apache2 -v Server version: Apache/2.4.29 (Ubuntu) Server built: 2020-08-12T21:33:2 You can test on https://www.ssllabs.com/ssltest/ Without the option you'll get an "Incomplete Certificate Chain" error, and the grade will be capped to "B". After adding the option, you will receive an "A+" rating. If you remove "SSLCertificateChainFile", the bundle cert has to be included in the site cert. " SSLCertificateChainFile is deprecated SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file. "
I have no errors without SSLCertificateChainFile in my vhost, A+ on ssllabs.com/ssltest. Can't test for your domain because I don't have it Running Apache/2.4.38 Have you checked that the SSL cert is correctly set up in the SSL tab?
The Certficates are from "Let's Encrypt" But your tip got the solution for me, I had to recreate the certificates by disabling and reenabling SSL on der admin site. Is there a way to Bulk Update the certs?
You could disable Let's Encrypt/SSL for all sites through the database, run a resync under Tools -> Resync -> Websites, then enable it again, and run a resync again.