Hey, today i changed the fqdn and hostname of my masterserver. The old fqdn was ssl certificated over startssl class 1 cert. I turnt ssl for the domain off and the http to https rewrite also, but it trys instead. Also apache2 gives me much errors since the new config for the old Domain in ispconfig. Code: [Thu Oct 20 17:02:22.304517 2016] [ssl:error] [pid 27406] AH02567: Unable to configure certificate master.domain.tld:8080:0 for stapling [Thu Oct 20 17:02:22.304671 2016] [suexec:notice] [pid 27406] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Thu Oct 20 17:02:22.372252 2016] [auth_digest:notice] [pid 27428] AH01757: generating secret for digest authentication ... [Thu Oct 20 17:02:22.376560 2016] [:notice] [pid 27432] FastCGI: process manager initialized (pid 27432) [ 2016-10-20 17:02:22.3797 27434/7f435773d740 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '27428', 'web_server_type' => 'apache', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' } [ 2016-10-20 17:02:22.3865 27437/7f013a318740 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.27428/generation-0/request [ 2016-10-20 17:02:22.4022 27442/7f3b0931a780 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.27428/generation-0/logging [ 2016-10-20 17:02:22.4024 27434/7f435773d740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started! [Thu Oct 20 17:02:22.446269 2016] [:error] [pid 27428] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'. [Thu Oct 20 17:02:22.446378 2016] [:error] [pid 27428] python_init: Python executable found '/usr/bin/python'. [Thu Oct 20 17:02:22.446385 2016] [:error] [pid 27428] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. [Thu Oct 20 17:02:22.446413 2016] [:notice] [pid 27428] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads. [Thu Oct 20 17:02:22.446418 2016] [:notice] [pid 27428] mod_python: using mutex_directory /tmp [Thu Oct 20 17:02:22.461198 2016] [ssl:warn] [pid 27428] AH01909: master.domain.tld:8080:0 server certificate does NOT include an ID which matches the server name [Thu Oct 20 17:02:22.461326 2016] [ssl:error] [pid 27428] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=example.com,C=DE / issuer: CN=StartCom Class 1 DV Server CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL / serial: 20623BF19BD3C8E56BB5718340A155BD / notbefore: Oct 12 13:39:17 2016 GMT / notafter: Oct 12 13:39:17 2019 GMT] it would be nice if someone can help me out of this disaster
Seems as if you installed the old ssl cert also in /usr/local/ispconfig/interface/ssl/ for the ispconfig interface. You should replace that SSL cert with a new one as the old ssl cert does not contain the new server name.
Never do anything when im tired..*facepalm for myself*. Can i use their my ssl cert from startssl class 1? Or should i use a simple self signed? That from startssl created for the fqdn. //edit the ssl request in ispserver.csr the ssl cert in ispserver.crt the ssl key in ispserver.key right? //edit2 works fine So i want, that the old domain dont have https anymore and the cert should be deleted. I deleted the ssl cert over the domain/ssl option and deactived the http to https rewrite rule. Why its still rewrite to https?
Okay, i checked the site with 3 different computer and one android handy, their is all the same http to https issue. So it can only be a not written configuration. But: Nothing in domain.tld.vhost Nothing in .htaccess file Nothing in a config in /etc/apache2/conf-available/ What else can create that issue? //edit If i try to connect to http://domain.tld its rewrite to https://domain.tld and its not a save certificate. Its give me the reason that the certificate is only valid for https://example.com that show as example for my new domain with the new ssl certificate. So it only can be a Configuration-File, which also used by ispconfig cauz domain.tld and example.com 2 different clients in ispconfig //edit actually my /var/log/apache2/error.log: Code: [Thu Oct 20 21:11:32.348324 2016] [ssl:error] [pid 30617] AH02567: Unable to configure certificate master.hostnet-systems.de:8080:0 for stapling [Thu Oct 20 21:11:32.348494 2016] [suexec:notice] [pid 30617] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Thu Oct 20 21:11:32.400085 2016] [auth_digest:notice] [pid 30639] AH01757: generating secret for digest authentication ... [Thu Oct 20 21:11:32.403467 2016] [:notice] [pid 30643] FastCGI: process manager initialized (pid 30643) [ 2016-10-20 21:11:32.4064 30645/7f891e6bd740 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '30639', 'web_server_type' => 'apache', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' } [ 2016-10-20 21:11:32.4122 30648/7f6bd3a55740 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.30639/generation-0/request [ 2016-10-20 21:11:32.4279 30656/7fb641323780 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.30639/generation-0/logging [ 2016-10-20 21:11:32.4282 30645/7f891e6bd740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started! [Thu Oct 20 21:11:32.476197 2016] [:error] [pid 30639] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'. [Thu Oct 20 21:11:32.476351 2016] [:error] [pid 30639] python_init: Python executable found '/usr/bin/python'. [Thu Oct 20 21:11:32.476363 2016] [:error] [pid 30639] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. [Thu Oct 20 21:11:32.476407 2016] [:notice] [pid 30639] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads. [Thu Oct 20 21:11:32.476416 2016] [:notice] [pid 30639] mod_python: using mutex_directory /tmp [Thu Oct 20 21:11:32.492214 2016] [ssl:warn] [pid 30639] AH01909: master.hostnet-systems.de:8080:0 server certificate does NOT include an ID which matches the server name [Thu Oct 20 21:11:32.492301 2016] [ssl:error] [pid 30639] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=hostnet-systems.de,C=DE / issuer: CN=StartCom Class 1 DV Server CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL / serial: 3C9F26D512A4AA5F2415F642315F3CB2 / notbefore: Oct 20 13:38:56 2016 GMT / notafter: Oct 20 13:38:56 2019 GMT]
If that's the case then you find the not written config as vhost.err file in the apache sites-available directory. Check the access.log of the website to see if the request is logged there. If it is not logged in the access.log of this website then apache ahs routed the request to another site. Find that site and you will find where the redirect is happening. Btw. Redirects can happen also by the cms that you installed in a site. if you e.g. use WordPress and have set the cms url in wordpress to https, then it will redirect from http to https as well inside WordPress.
Change somtehing in the website, e.g. enable cgi or change the quota and press save. This will reqrite the config and produce a .err file again if it can not be written.
Slowly i lose my mind. I turnt on cgi and waited for execute. When it was done, no .err vHost was created. But why i become still this errors in apache2/error.log: Code: [Sun Oct 23 09:32:17.548110 2016] [ssl:warn] [pid 15368] AH01909: master.hostnet-systems.de:8080:0 server certificate does NOT include an ID which matches the server name [Sun Oct 23 09:32:17.548198 2016] [ssl:error] [pid 15368] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=hostnet-systems.de,C=DE / issuer: CN=StartCom Class 1 DV Server CA,OU=StartCom Certification Authority,O=StartCom Ltd.,C=IL / serial: 3C9F26D512A4AA5F2415F642315F3CB2 / notbefore: Oct 20 13:38:56 2016 GMT / notafter: Oct 20 13:38:56 2019 GMT] [Sun Oct 23 09:32:17.548220 2016] [ssl:error] [pid 15368] AH02567: Unable to configure certificate master.hostnet-systems.de:8080:0 for stapling [Sun Oct 23 09:32:17.555262 2016] [mpm_prefork:notice] [pid 15368] AH00163: Apache/2.4.10 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.9 Phusion_Passenger/4.0.53 mod_python/3.3.1 Python/2.7.9 OpenSSL/1.0.1t configured -- resuming normal operations [Sun Oct 23 09:32:17.534280 2016] [:error] [pid 15368] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'. [Sun Oct 23 09:32:17.534399 2016] [:error] [pid 15368] python_init: Python executable found '/usr/bin/python'. [Sun Oct 23 09:32:17.534406 2016] [:error] [pid 15368] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. and domain.tld try still to load the ssl cert from the new domain.
The error message in apache is not from a website, it is from the ispconfig vhost. Please see post #2 where to find that ssl cert that you have to replace to get rid of that error in the log file.
I already have Input my New Class 1 cert for the New Domain. Or should i create self Signed for isp and put the class 1 only over webscript for the New Domain? Typed from smartphone , sry for that english
This is about the ispconfig vhost, not a website. You can not input the ssl cert for the ispconfig vhost anywhere as it just exists in a file and you have to replace that file. In post #2, I descrobed where the ssl certficate any key file is located. Replace the content of the ky file with your new ssl key and then replace the content of the ssl certificate file with the new certificate and then restat apache. Ensure that you do bot rename the files, just replace their content. You don not have to create a self signed cert.