Hi Th0m I have forced an update and generated a new cert and also restarted the VPS but still getting the same error
Hi Th0m I have tried from my work pc on firefox and got the below error An error occurred during a connection to server1.dutyhosts.net:8080. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
No, I followed all the recommended settings apart from those mentioned here which i followed as advised. Currently, if I access the ISPConfig URL via HTTP it says "The requested URL was not found on this server." is there any way I can get it working via this link just to restore access?
I tried your dutyhosts URL, it http loads apache default page but httpS:// loads dutyhosts TK phpBB. Set in site Redirect tab "rewriete http to https".
Yeah the main ISPConfig is setup on > https://server1.dutyhosts.net:8080/ Not sure how i can do the rewrite as i cant currently access ISPConfig to do anything I tried adding the below to 000-default.conf but got an exited error on apache restart. Code: <VirtualHost *:80> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile <path to crt file> SSLCertificateKeyFile <path to private key file> </VirtualHost>
I think something is not right with your install as accessing with http on port 8080 should show you that it is a HTTPS port and you should use https. Did the panel work before, or have you never been able to access it?
Hi Th0m Yeah the panel worked perfectly before. It does seem to be related to just the panel as i can access any other links on the domain.
Hi Th0m, Sure .. Code: root@server1:~# ls -la /usr/local/ispconfig/interface/ssl total 36 drwxr-s--- 2 root root 4096 Jan 26 18:08 . drwxr-s--- 9 ispconfig ispconfig 4096 Jan 23 14:13 .. -rwxr-x--- 1 root root 45 Jan 26 18:09 empty.dir -rwxr-x--- 1 root root 2171 Jan 26 18:08 ispserver.crt -rwxr-x--- 1 root root 1769 Jan 26 18:08 ispserver.csr -rwxr-x--- 1 root root 3243 Jan 26 18:08 ispserver.key -rwxr-x--- 1 root root 3311 Jan 26 18:07 ispserver.key.secure -rwxr-x--- 1 root root 5414 Jan 26 18:08 ispserver.pem
Sure .. Code: ###################################################### # This virtual host contains the configuration # for the ISPConfig controlpanel ###################################################### Listen 8080 NameVirtualHost *:8080 <VirtualHost _default_:8080> ServerAdmin webmaster@localhost Alias /mail /var/www/ispconfig/mail <Directory /var/www/ispconfig/> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> <Directory /usr/local/ispconfig/interface/web/> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> <IfModule mod_fcgid.c> DocumentRoot /var/www/ispconfig/ SuexecUserGroup ispconfig ispconfig <Directory /var/www/ispconfig/> Options -Indexes +FollowSymLinks +MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo <FilesMatch "\.php$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php Require all granted </Directory> IPCCommTimeout 7200 MaxRequestLen 15728640 </IfModule> <IfModule mpm_itk_module> DocumentRoot /usr/local/ispconfig/interface/web/ AssignUserId ispconfig ispconfig AddType application/x-httpd-php .php <Directory /usr/local/ispconfig/interface/web> # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp" Options +FollowSymLinks AllowOverride None Require all granted php_value magic_quotes_gpc 0 </Directory> </IfModule> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off <IfModule mod_security2.c> SecRuleEngine Off </IfModule> # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder On <IfModule mod_headers.c> # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'" Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" Header set X-Content-Type-Options: nosniff Header set X-Frame-Options: SAMEORIGIN Header set X-XSS-Protection: "1; mode=block" Header always edit Set-Cookie (.*) "$1; HTTPOnly" Header always edit Set-Cookie (.*) "$1; Secure" <IfVersion >= 2.4.7> Header setifempty Strict-Transport-Security "max-age=15768000" </IfVersion> <IfVersion < 2.4.7> Header set Strict-Transport-Security "max-age=15768000" </IfVersion> RequestHeader unset Proxy early </IfModule> SSLUseStapling On SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors Off </VirtualHost>
Alright, so we now know SSL is enabled and there is a SSL cert in place..... Can you verify those files are not empty? (in the ssl folder of ISPConfig)?