New Install mod_ssl won't listen on port 443

Discussion in 'Installation/Configuration' started by dpicella, Apr 27, 2009.

  1. dpicella

    dpicella New Member

    I just installed ISPConfig 3 and I can't get mod_ssl to listen on port 443

    As far as I can tell Apache should listen to my VirtualHost directives on port 443.

    I'm getting "failure to connect"

    I have a dedicated IP and the csr and key files are in place. It should work. I've restarted the server and rebooted the machine. Here is the apache config section for the domain.

    Code:
    <IfModule mod_ssl.c>
###########################################################
# SSL Vhost
###########################################################

<VirtualHost 208.166.54.19:443>
      DocumentRoot /var/www/majella.us/web

    ServerName majella.us
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/majella.us/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    SSLEngine on
    SSLCertificateFile /var/www/clients/client1/web2/ssl/majella.us.crt
    SSLCertificateKeyFile /var/www/clients/client1/web2/ssl/majella.us.key

        <Directory /var/www/majella.us/web>
        Options FollowSymLinks
        AllowOverride Indexes AuthConfig Limit
        Order allow,deny
        Allow from all

        # ssi enabled
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
        Options +Includes
    </Directory>
    <Directory /var/www/clients/client1/web2/web>
        Options FollowSymLinks
        AllowOverride Indexes AuthConfig Limit
        Order allow,deny
        Allow from all

        # ssi enabled
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
        Options +Includes
    </Directory>

    # cgi enabled
        <Directory /var/www/clients/client1/web2/cgi-bin>
      Order allow,deny
      Allow from all
    </Directory>
    ScriptAlias  /cgi-bin/ /var/www/clients/client1/web2/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    # ssi enabled
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]"
    php_admin_value upload_tmp_dir /var/www/clients/client1/web2/tmp
    php_admin_value session.save_path /var/www/clients/client1/web2/tmp
    #php_admin_value open_basedir /var/www/clients/client1/web2:/usr/share/php5


</VirtualHost>
</IfModule>
     
    dpicella, Apr 27, 2009
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the output of:

    netstat -tap
     
    till, Apr 27, 2009
    #2
  3. dpicella

    dpicella New Member

    ISPConfig 3 won't listen on 443 netstat -tap

    Here is the output - Cheers!
    Code:
    Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 *:imaps                     *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:pop3s                     *:*                         LISTEN      2176/dovecot        
tcp        0      0 localhost.localdomain:10024 *:*                         LISTEN      2250/amavisd (maste 
tcp        0      0 localhost.localdomain:10025 *:*                         LISTEN      2338/master         
tcp        0      0 *:mysql                     *:*                         LISTEN      2153/mysqld         
tcp        0      0 *:pop3                      *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:imap                      *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:sunrpc                    *:*                         LISTEN      1701/rpcbind        
tcp        0      0 *:48080                     *:*                         LISTEN      1714/rpc.statd      
tcp        0      0 *:ftp                       *:*                         LISTEN      2370/pure-ftpd (SER 
tcp        0      0 mail.jprehost.com:domain    *:*                         LISTEN      1979/named          
tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      1979/named          
tcp        0      0 *:ssh                       *:*                         LISTEN      2029/sshd           
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      2466/cupsd          
tcp        0      0 *:smtp                      *:*                         LISTEN      2338/master         
tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      1979/named          
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46467 ESTABLISHED 2153/mysqld         
tcp        0      0 localhost.localdomain:54467 localhost.localdomain:mysql ESTABLISHED 2368/amavisd (ch8-a 
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46463 TIME_WAIT   -                   
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46468 ESTABLISHED 2153/mysqld         
tcp        0      0 localhost.localdomain:46466 localhost.localdomain:mysql ESTABLISHED 11967/smtpd         
tcp        0      0 localhost.localdomain:46464 localhost.localdomain:mysql TIME_WAIT   -                   
tcp        0      0 localhost.localdomain:46468 localhost.localdomain:mysql ESTABLISHED 11967/smtpd         
tcp        0      0 localhost.localdomain:46467 localhost.localdomain:mysql ESTABLISHED 11967/smtpd         
tcp        0      0 localhost.localdomain:40004 localhost.localdomain:mysql ESTABLISHED 2369/amavisd (ch7-a 
tcp        0      0 localhost.localdomain:46465 localhost.localdomain:mysql TIME_WAIT   -                   
tcp        0     48 mail.jprehost.com:ssh       44.101.152.151.duarte:24543 ESTABLISHED 11977/0             
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:40004 ESTABLISHED 2153/mysqld         
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46466 ESTABLISHED 2153/mysqld         
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:54467 ESTABLISHED 2153/mysqld         
tcp        0      0 *:imaps                     *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:pop3s                     *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:pop3                      *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:imap                      *:*                         LISTEN      2176/dovecot        
tcp        0      0 *:sunrpc                    *:*                         LISTEN      1701/rpcbind        
tcp        0      0 *:webcache                  *:*                         LISTEN      2726/httpd          
tcp        0      0 *:http                      *:*                         LISTEN      2726/httpd          
tcp        0      0 *:ftp                       *:*                         LISTEN      2370/pure-ftpd (SER 
tcp        0      0 *:ssh                       *:*                         LISTEN      2029/sshd           
tcp        0      0 *:smtp                      *:*                         LISTEN      2338/master         
tcp        0      0 localhost6.localdomain:rndc *:*                         LISTEN      1979/named          
tcp        0      0 mail.jprehost.com:http      rate-limited-proxy-20:35841 TIME_WAIT   -
     
    dpicella, Apr 27, 2009
    #3
  4. dpicella

    dpicella New Member

    netstat -tap for the newbie

    Can't say I have much experience with this command, but the first thing I notice is that *:http is on the list but *:https is not. Assuming that is the problem, I don't know how to fix it. I Googled for it, but that wasn't much help. Seems like netstat can do a lot of really useful things!

    Can't wait to find out what the heck is going on here.
     
    dpicella, Apr 27, 2009
    #4
  5. falko

    falko Super Moderator Howtoforge Staff

    Which distribution are you using?
    Which tutorial (URL) did you use to set the server up?
     
    falko, Apr 27, 2009
    #5
  6. dpicella

    dpicella New Member

    ISPConfig Software Version Info

    Software

    Fedora release 10 (cambridge)
    ISPConfig 3.0.1.1

    yum packages all up to date

    FYI ... I had the same problem with ISPConfig 2 and never did get the SSL certificates to work - "connection refused" ... although ISPConfig 2 did correctly use its SSL certificate on port 81 when it was installed.

    Cheers! Thank you in advance for your help!
     
    dpicella, Apr 27, 2009
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Apr 28, 2009
    #7
  8. dpicella

    dpicella New Member

    not listenting because mod_ssl was not installed

    till,

    I did some investigation and found that it was "mod_ssl" that was not installed.

    After I installed it ... everything worked.

    I feel a bit stupid that the answer was that simple, but it was!

    Thank you!

    # yum install mod_ssl
     
    dpicella, Apr 29, 2009
    #8

Share This Page