Hello. Fresh installation of ISPConfig 3.1 on CentOS 7.4 (x64) based on this tutorial: https://www.howtoforge.com/tutorial...l-php-pureftpd-postfix-dovecot-and-ispconfig/ . Then i made let's ecnrypt installation with this: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ . In the end - ISPConfig panel is secured by correct certificate (sadly without fullchain, but i will try to fix this by myself). The problem is, that website with same web address as ISPC control panel (that was made to generate certificates by letsencrypt) do not use correct certificate in the browser. It is strange because, same files are working well with ISPC itself. Also the vhost got correct location and files specified by ISPC like SSLCertificateFile /var/www/clients/client0/web2/ssl/domain.pl-le.crt SSLCertificateKeyFile /var/www/clients/client0/web2/ssl/domain.pl-le.key SSLCertificateChainFile /var/www/clients/client0/web2/ssl/domain.pl-le.bundle (those files are links ofcs). All of them i can read with cat. I was thinking that it may be problem with PHP (i used PHP-FPM v7.3 or 5.6), so i tested default version working as FastCGI like ISPC itself, but same result. Can anyone give me some hints how to resolve this. It's fresh install, without any customizations inside ISPCF. Some /var/log/ispconfig/httpd/domain.pl/error.log: [Thu Jan 24 20:12:59.546045 2019] [ssl:error] [pid 19872] AH02235: Unable to configure server certificate for stapling [Thu Jan 24 20:12:59.546319 2019] [ssl:error] [pid 19872] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=serve r.itos.pl,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / issuer: [email protected],CN=server.itos.pl,OU=SomeOrganizationalUnit,O=Some Organization,L=SomeCity,ST=SomeState,C=-- / serial: 5790 / notbefore: Jan 23 14:53:05 2019 GMT / notafter: Jan 23 14:53:05 2020 GMT] [Thu Jan 24 20:12:59.546327 2019] [ssl:error] [pid 19872] AH02235: Unable to configure server certificate for stapling
Run the commands: hostname hostname -f they may not return domain.pl. What they should return is a subdomain like server1.domain.pl. Another possibility is that you can try to switch between * and the IP address in the website.
Thank You for reply so fast. In fact, the domain that using the server is some.domain.pl (i'm not sure if it's important, but it may be). # hostname some.domain.pl # hostname -f some.domain.pl And this is how i configure it, i like when services use correct domain name that is the same as DNS used, so when someone check email transfer, he always see that my postfix, amavis etc. use correct domain name. Also it's the same as PTR record (revdns). So everything, everywhere use correct naming. But maybe this is wrong, and i should change it? I tried changing IP into * but it didn't help. Also i found another error with ISPC, that looks just like little problem with services checking. In the Monitor section, there is error, when i click for more info, it says some services are off: Services Status: POP3-Serwer: Offline IMAP-Serwer: Offline while # systemctl status dovecot ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2019-01-24 21:25:36 CET; 2min 33s ago
Ok, it started to work for me. I do not remember, if it wasn't me who made this problem, but this is very possible. I had broken /etc/httpd/conf.d/ssl.conf . I fixed this by configuring: Code: SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA and SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/ispserver.crt Now everything is working fine. Thank You for trying to help Till, and sorry for wasting Your time.
