Hi all - My GoDaddy SSL expired and I cant seem to make the renewal work. When I browse to the site, the old certificate is still presented! Here's what I did: Downloaded the new Certificate and Bundle from GoDaddy (*.zip) Unzipped the archive with 7-Zip Opened the Certificate and Bundle in Notepad++ Copied each into the respective place on ISPconfig Chose "save certificate" Still get the old (expired) certificate when I browse to the site. THX
Did you use the same CSR for the ssl cert renewal that you used for the original ssl cert? If not, then the key and cert might not match. To see why the ssl cert does not get saved, you can use the debug mode: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
I deleted the SSL completely form the site and disabled SSL for the site and crashed the entire server - including ISPconfig! Recovered by reverting snapshot
Here is what I see: CONFIGURATION ERROR 2017-07-20 10:38 : * Restarting web server apache2 ...fail! * The apache2 configtest failed. Output of config test was: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:72 AH00526: Syntax error on line 179 of /etc/apache2/sites-enabled/100-owncloud.mydomain.com.vhost: Listen not allowed here Action 'configtest' failed. The Apache error log may have more information. Also, the directory has *.err on many of the files: root@azweb3:/var/www/owncloud.mydomain.com/ssl# ls -lahtr total 72K -rw-r--r-- 1 root root 1.2K Jul 16 2014 owncloud.mydomain.com.csr.bak -rw-r--r-- 1 root root 1.4K Jul 16 2014 owncloud.mydomain.com.crt.bak drwxr-xr-x 11 root root 4.0K Aug 30 2016 .. -r-------- 1 root root 1.8K Jan 9 2017 owncloud.mydomain.com.key.org.bak -r-------- 1 root root 1.7K Jan 9 2017 owncloud.mydomain.com.key.bak -r-------- 1 root root 1.8K Jul 20 10:41 owncloud.mydomain.com.key.org.err -r-------- 1 root root 1.7K Jul 20 10:41 owncloud.mydomain.com.key.err -rw-r--r-- 1 root root 1.2K Jul 20 10:41 owncloud.mydomain.com.csr.err -rw-r--r-- 1 root root 2.0K Jul 20 10:41 owncloud.mydomain.com.crt.err -r-------- 1 root root 1.8K Jul 20 10:41 owncloud.mydomain.com.key.org -r-------- 1 root root 1.7K Jul 20 10:41 owncloud.mydomain.com.key -rw-r--r-- 1 root root 1.2K Jul 20 10:41 owncloud.mydomain.com.csr -rw-r--r-- 1 root root 2.0K Jul 20 10:41 owncloud.mydomain.com.crt -rw-r--r-- 1 root root 4.8K Jul 20 10:41 owncloud.mydomain.com.bundle.err -rw-r--r-- 1 root root 4.8K Jul 20 10:41 owncloud.mydomain.com.bundle drwxr-xr-x 2 root root 4.0K Jul 20 10:42 . root@azweb3:/var/www/owncloud.mydomain.com/ssl#
The .err files indicate a fatal error in the apache config that caused Apache restart to fail. I guess you put something wrong into the apache directives field of the site owncloud.mydomain.com. According to the Apache error message there was a listen statement added there but listen might not be used within vhosts, so you can not add that into the apache directives field.
I am still having trouble with this. I have cleared the apache directives, and no longer have *.err files in SSL, but now I see this in the log: [Sun Jul 23 09:47:47.511224 2017] [fcgid:warn] [pid 2728] [client 97.115.192.2:52352] mod_fcgid: stderr: ddr":"97.115.192.2","app":"PHP","message":"session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (\\/var\\/www\\/clients\\/client3\\/web4\\/tmp) at \\/var\\/www\\/clients\\/client3\\/web4\\/web\\/lib\\/private\\/session\\/internal.php#77","level":3,"time":"2017-07-23T16:47:47+00:00","method":"GET","url":"\\/status.php"}
Most likely you switched PHP mode of this site. delete all sess_* files in the tmp directory of that website-
Thanks so much. Now we have this: [Mon Jul 24 06:06:03.154613 2017] [ssl:emerg] [pid 21899] AH02238: Unable to configure RSA server private key [Mon Jul 24 06:06:03.154726 2017] [ssl:emerg] [pid 21899] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatchPerviously, I had done the following: SSL Action > Delete Certificate > Save SSL Action > Create Certificate > Save Re-key SSL with GoDaddy Paste re-keyed certificate > SSL Action > Save Certificate
[Mon Jul 24 06:45:02.290364 2017] [ssl:error] [pid 24390] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=[email protected],CN=owncloud.mysite.com,OU=Cloud,O=mysite,L=Flagstaff,ST=Arizona,C=US / issuer: emailAddress=[email protected],CN=owncloud.mysite.com,OU=Cloud,O=mysite,L=Flagstaff,ST=Arizona,C=US / serial: E8FEB3322B5E1C6C / notbefore: Jul 23 16:56:02 2017 GMT / notafter: Jul 21 16:56:02 2027 GMT] [Mon Jul 24 06:45:02.290392 2017] [ssl:error] [pid 24390] AH02235: Unable to configure server certificate for stapling
This means that the new SSL cert was not issued with the CSR that was used before, this causes that the SSL cert key is not valid for the new SSL cert and therefore, apache can not open it, so ISPConfig will undo the SSL change as apache would stop working otherwise. When you sed a different CSR for this new SSL cert, then you have to put the new SSL key into the SSL key field as well.
So when I choose: Delete Certificate > Save The SSL Key remains. How do I delete that so I can start over with a new key?
Working now. Apparently the part I missed all the while was the need to manually empty the key field and then save. My subscription to HowtoForge is invaluable. Thank You!