System: Clean install of latest ISPConfig3 according to Perfect server install on Centos 7.6. Centos 7.6 latest with all updates. After my last update I restarted the server since it required a new kernel. And to my surprise None of the vhosts on apache started. My apache is version 2.4.6 latest for Centos 7.6 There is nothing starting on ispconfiog, not even ISPconfig. No other site starts ... nothing on ispconfig responds. I notice and error on the apache log since all other logs are not even writing anything. Apache starts with no problems ... systemctl doe snot report anything important. But an error keeps on popping up on http logs. Code: [ssl:error] [pid 21307] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress [email protected],CN=mydomain.com,OU=IT Dep,O=mydomain,L=London,ST=Lo [Tue Jun 11 19:56:20.636684 2019] [ssl:error] [pid 21307] AH02235: Unable to configure server certificate for stapling My gut feeling tells me this is the problem since no ssll works now on my server and my certificates are all self-generated upon install. I even choosen to use a password to protect them on install. According to : https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html Code: If mod_ssl logs error AH02217 AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate! In order to support OCSP Stapling when a particular server certificate is used, the certificate chain for that certificate must be configured. If it was not configured as part of enabling SSL, the AH02217 error will be issued when stapling is enabled, and an OCSP response will not be provided for clients using the certificate. Refer to the SSLCertificateChainFile and SSLCertificateFile for instructions for configuring the certificate chain. And I see not SSLCertificateChainFile on the ISPCONfig apache Vhost config file, only Code: SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt Anyone has any idea how can I solve this issue ? Anyone had the same problem ? Regards
Solved! It had Nothing to do with apache SSL config. The error and warnings are actually only affecting browsers with no SNI implementation. no worries. All works fine. The problem was the new implementation I made on startup to load iptables rules from a previously running fail2ban database. That did not load the correct iptables and was actually blocking por 80 and port 8086 that I use for ISPConfig. All ok.
