My webmail client (squirrelMail) is working perfect, but I would like to run it over https. The url for the web mail client is webmail.domain.com. I had a SSL certificate built by a Certificate Authority (godaddy) for this URL. In ISPConfig, I enabled SSL for this site. I also copied the certificate into the SSL Certificate box and saved the certificate. I opened port 443 on my firewall. But when I go the website httpS://webmail.domain.com, the browser hits me with a pop saying, "webmail.domain.com has sent an incorrect or unexpected message." I did a little research and I found I have to copy the certificate, intermediate certificate and key file onto the server and edit the ssl.conf file to point the SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile variables to the correct path. I looked in the /root/ispconfig/httpd/conf directory and didn't find a ssl.conf file. I did a search for ssl.conf and found two (/etc/apache2/mods-available/ssl.conf, /etc/apache2/mods-enabled/ssl.conf). In both of these files there is no sections for any of these variables. Should I create a ssl.conf and put in the /root/ispconfig/httpd/conf or edit one or both of the existing ssl.conf? Or is there a way this can be handled through the ISPConfig control panel? Thanks in advance for any help.
If you're using ISPConfig on top of your system, all you have to do is walk through the steps mentioned here: http://www.howtoforge.com/faq/14_49_en.html. Make sure that apache2 has been started afterwards.
Thanks but I did that as described. That is how it is currently set up. I took a look at this post. http://www.howtoforge.com/forums/showthread.php?t=16183&page=3 I took a look at my vhosts_ispconfig.conf file and noticed I don't have a NameVirtualHost XXX.XXX.XXX.XXX:443 or VirtualHost XXX.XXX.XXX.XXX:443 even though I have the SSL box checked in the ISP Site Control Panel. I have restarted the web-server service since I checked this box. I tried to edit this file and add the appropriate information, but when I restart the service the changes are erased. Thanks again for any help.
Is mod_ssl enabled? Please run Code: a2enmod ssl and restart Apache. Are there any errors in Apache's error log? What's the output of Code: ls -la /etc/apache2/vhosts ?
Thanks for the reply. When I ran the "a2enmod ssl" it replied back with "This module is already enable!". Here is what the "ls -la /etc/apache2/vhosts" output looks like: user@server:~$ sudo ls -la /etc/apache2/vhosts total 20 drwxr-xr-x 2 root root 4096 2008-01-28 09:13 . drwxr-xr-x 8 root root 4096 2008-01-08 11:02 .. -rw-r--r-- 1 root root 2559 2008-01-29 15:22 Vhosts_ispconfig.conf -rw-r--r-- 1 root root 2559 2008-01-29 15:22 Vhosts_ispconfig.conf~ -rw-r--r-- 1 root root 2559 2008-01-28 09:13 Vhosts_ispconfig.conf.backup Thanks again for the help.
You could just upload the SSLCertificateChainFile gd_intermediate_bundle.cer from godaddy to your ssl folder. Then add this to your apache directives within ispconfig control panel for site. Code: SSLCertificateChainFile /var/www/web?/ssl/gd_intermediate_bundle.cer You might have to restart apache afterwards.
Thanks for the reply. I copied the gd_intermediate_bundle.crt file into the /var/www/webXX/ssl directory. I then copied the other cert into the SSL Certificate textbox and selected the save certificate. I then add "SLCertificateChainFile /var/www/webXX/ssl/gd_intermediate_bundle.crt" line to the Apache Directives (Optional): I saved these settings and restarted the web-server and I still get the same error when I go to the https site. Thanks again.
What are the outputs of Code: netstat -tap and Code: httpd -t ? What's in your Vhosts_ispconfig.conf?
Thanks for the reply. When I enter in the command "netstat -tap" here is the output I get: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 4807/mysqld tcp 0 0 *:www *:* LISTEN 5263/apache2 tcp 0 0 *:81 *:* LISTEN 5219/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 9161/proftpd: (acce tcp 0 0 server.domain.:domain *:* LISTEN 5408/named tcp 0 0 localhost.locald:domain *:* LISTEN 5408/named tcp 0 0 *:smtp *:* LISTEN 9213/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 5408/named tcp 0 0 *:https *:* LISTEN 5263/apache2 tcp6 0 0 *:imaps *:* LISTEN 4920/couriertcpd tcp6 0 0 *op3s *:* LISTEN 4956/couriertcpd tcp6 0 0 *op3 *:* LISTEN 4933/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 4900/couriertcpd tcp6 0 0 *:domain *:* LISTEN 5408/named tcp6 0 0 *:ssh *:* LISTEN 4713/sshd tcp6 0 0 *:smtp *:* LISTEN 9213/master tcp6 0 0 ip6-localhost:953 *:* LISTEN 5408/named tcp6 0 2160 server.domain.com:ssh ::ffff:192.168.25:54729 ESTABLISHED21652/sshd: User Here is the output for the "httpd -t" command: Syntax OK Here my Vhosts_ispconfig.conf file: ################################### # # ISPConfig vHost Configuration File # Version 1.0 # ################################### # NameVirtualHost XXX.XXX.XXX.XXX:80 <VirtualHost XXX.XXX.XXX.XXX:80> ServerName localhost ServerAdmin root@localhost DocumentRoot /var/www/sharedip </VirtualHost> # # # ###################################### # Vhost: webmail.domain.com:80 ###################################### # # <VirtualHost XXX.XXX.XXX.XXX:80> SSLCertificateChainFile /var/www/web15/ssl/gd_intermediate_bundle.crt ServerName webmail.domain.com:80 ServerAdmin [email protected] DocumentRoot /var/www/webXX/web DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Defa$ ErrorLog /var/www/webXX/log/error.log AddType application/x-httpd-php .php .php3 .php4 .php5 <Files *.php> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php3> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php4> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php5> SetOutputFilter PHP SetInputFilter PHP </Files> php_admin_flag safe_mode Off Alias /error/ "/var/www/webXX/web/error/" ErrorDocument 400 /error/invalidSyntax.html ErrorDocument 401 /error/authorizationRequired.html ErrorDocument 403 /error/forbidden.html ErrorDocument 404 /error/fileNotFound.html ErrorDocument 405 /error/methodNotAllowed.html ErrorDocument 500 /error/internalServerError.html ErrorDocument 503 /error/overloaded.html AliasMatch ^/~([^/]+)(/(.*))? /var/www/webXX/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? /var/www/webXX/user/$1/web/$3 </VirtualHost> # # # That's all that is in my Vhosts_ispconfig.conf file there is nothing in there for 443. This is with adding the SLCertificateChainFile /var/www/webXX/ssl/gd_intermediate_bundle.crt" line to the Apache Directives (Optional) textbox in the ISPConfig control panel. Also shouldn't there be commands "SSLEngine on SSLCertificateFile /var/www/webXX/ssl/www.yourdomain.com.crt SSLCertificateKeyFile /var/www/webXX/ssl/www.yourdomain.com.key" in there as well? Thanks again for all the help.
just a thought, did you create the ssl csr or self signed crt for the site using the ispconfig control panel before you had godaddy sign the csr? if not you might need to create the ssl crt using the control panel so that it adds the proper lines to the Vhosts_ispconfig.conf then replace the crt and key with in the ssl dir with what godaddy built for you.
Thanks, that work like a charm! I create a self signed cert and it did add the virtual host :443 and the appropriate lines. I then placed the godaddy signed cert in the SSL Certificate textbox and selected save certificate. Thanks to everyone who helped out.
