I have made a new server using centos 7 and ispconfig 3.0.5.4p5 the hostname is thor2.tlsystems.co.uk and the website im having a problem with is www.tlsystems.co.uk. i have copied the old *.crt, *.csr, *.key and *.ca-bundle from old server to new server when i try and log in, the webbrowser states its a self signed cert with a warning. based on the manual page 5.4. i use the control panel, so i deleted all certs from ispconfig and deleted whats left. I re ran and saved new cert in ispconfig ssl page. copied and pasted contents sent from comodo. and it still states self signed..hmm. the support rep says i have to folllow this to make it right https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/37 so before i do, i have to ask what is the right way for this. as my hostname is similar to website name
Then thats your problem, you get the ssl default vhost of the operating system then and not the website, thats why your ssl cert can not match. Change the hostname to a different subdomain. Dont fllow the instructions from comodo, they are for servers with just one website and without a controlpanel. Following these on your server will just break it.
If it is a web site created with ispconfig3 you have to generate the certificate with the code of the SSL Request that generate ispconfig3. then comodo will generate you the SSL Certificate and the SSL Bundle in the case of StarSSL they generate you the SSL Certificate, SSL Bundle and SSL Key
Thanks for the reply till. Do you mean change the hostname of the server from thor2.tlsystems.co.uk to another domain name like myhosting.Co.uk ???
Hi, I ran mntui and changed hostname, edited /etc/hosts, potfix and /etc/hostname changing hostname from thor2.tlsystems.co.uk to thor2.tlsystems.uk now, apache wont start. I did rename it back and rebooted machine, could not access ispconfig site. so, i have changed it back to new hostname. i ran systemctl -l status httpd.service it outputs httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled) Active: failed (Result: exit-code) since Thu 2015-03-12 01:48:54 GMT; 22s ago Process: 6748 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Process: 6746 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 6746 (code=exited, status=1/FAILURE) Mar 12 01:48:54 thor2.tlsystems.uk httpd[6746]: [Thu Mar 12 01:48:54.387213 2015] [alias:warn] [pid 6746] AH00671: The ScriptAlias directive in /etc/httpd/conf.d/mailman.conf at line 6 will probably never match because it overlaps an earlier ScriptAlias. Mar 12 01:48:54 thor2.tlsystems.uk httpd[6746]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:355 Mar 12 01:48:54 thor2.tlsystems.uk httpd[6746]: AH00526: Syntax error on line 56 of /etc/httpd/conf/sites-enabled/000-ispconfig.vhost: Mar 12 01:48:54 thor2.tlsystems.uk httpd[6746]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Mar 12 01:48:54 thor2.tlsystems.uk systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Mar 12 01:48:54 thor2.tlsystems.uk systemd[1]: Failed to start The Apache HTTP Server. Mar 12 01:48:54 thor2.tlsystems.uk systemd[1]: Unit httpd.service entered failed state. dave
Well, Let's Encrypt should be officially released mid-year and it would be great if ISPC could also support it... no more hassling with ssl cert providers and stuff.
News from the Let's Encrypt front: https://letsencrypt.org/2015/06/04/isrg-ca-certs.html Does that mean, that it should work now?
@till It would be a dream to have support for ACME protocol (letsencrypt.org) in an upcoming ISPConfig release. No more plain http sites, and no more "remember to renew the certificate"!
