ssl cert problem

Discussion in 'Installation/Configuration' started by chief, Mar 11, 2015.

  1. chief

    chief Member HowtoForge Supporter

    I have made a new server using centos 7 and ispconfig
    the hostname is and the website im having a problem with is
    i have copied the old *.crt, *.csr, *.key and *.ca-bundle from old server to new server
    when i try and log in, the webbrowser states its a self signed cert with a warning.
    based on the manual page 5.4. i use the control panel, so i deleted all certs from ispconfig and deleted whats left.
    I re ran and saved new cert in ispconfig ssl page.
    copied and pasted contents sent from comodo.
    and it still states self signed..hmm. the support rep says i have to folllow this to make it right
    so before i do, i have to ask what is the right way for this.
    as my hostname is similar to website name
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Then thats your problem, you get the ssl default vhost of the operating system then and not the website, thats why your ssl cert can not match. Change the hostname to a different subdomain.

    Dont fllow the instructions from comodo, they are for servers with just one website and without a controlpanel. Following these on your server will just break it.
  3. S0ft

    S0ft Member HowtoForge Supporter

    If it is a web site created with ispconfig3 you have to generate the certificate
    with the code of the SSL Request that generate ispconfig3.
    then comodo will generate you the SSL Certificate and the SSL Bundle

    in the case of StarSSL they generate you the SSL Certificate, SSL Bundle and SSL Key

    Attached Files:

  4. chief

    chief Member HowtoForge Supporter

    Thanks for the reply till.
    Do you mean change the hostname of the server from to another domain name like ???
    Last edited: Mar 11, 2015
  5. chief

    chief Member HowtoForge Supporter

    I ran mntui and changed hostname, edited /etc/hosts, potfix and /etc/hostname changing hostname from to
    now, apache wont start.
    I did rename it back and rebooted machine, could not access ispconfig site.
    so, i have changed it back to new hostname.
    i ran systemctl -l status httpd.service
    it outputs

    httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
    Active: failed (Result: exit-code) since Thu 2015-03-12 01:48:54 GMT; 22s ago
    Process: 6748 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
    Process: 6746 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
    Main PID: 6746 (code=exited, status=1/FAILURE)

    Mar 12 01:48:54 httpd[6746]: [Thu Mar 12 01:48:54.387213 2015] [alias:warn] [pid 6746] AH00671: The ScriptAlias directive in /etc/httpd/conf.d/mailman.conf at line 6 will probably never match because it overlaps an earlier ScriptAlias.
    Mar 12 01:48:54 httpd[6746]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:355
    Mar 12 01:48:54 httpd[6746]: AH00526: Syntax error on line 56 of /etc/httpd/conf/sites-enabled/000-ispconfig.vhost:
    Mar 12 01:48:54 httpd[6746]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
    Mar 12 01:48:54 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Mar 12 01:48:54 systemd[1]: Failed to start The Apache HTTP Server.
    Mar 12 01:48:54 systemd[1]: Unit httpd.service entered failed state.

    Last edited: Mar 12, 2015
  6. chief

    chief Member HowtoForge Supporter

    scrub that.
    i sorted it
  7. sjau

    sjau Local Meanie Moderator

    Well, Let's Encrypt should be officially released mid-year and it would be great if ISPC could also support it... no more hassling with ssl cert providers and stuff.
  8. sjau

    sjau Local Meanie Moderator

  9. NdK

    NdK Member

    @till It would be a dream to have support for ACME protocol ( in an upcoming ISPConfig release. No more plain http sites, and no more "remember to renew the certificate"!
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats aready on the roadmap and listed in the bugtracker.

Share This Page