All, I have install per your Perfect Ubuntu 12.10 server howto and am having an issue with getting my certificate to work properly. I've entered the ip address and am not using a wildcard and I have verifed that the certs are in-fact in the /var/www/sitename/ssl directory. SSL is checked on the proper page but when browsing to https://mysite.com I get a 701 error and the apache2 error log reads : Code: client denied by server configuration: /var/www/ I can get to the non https site just fine but can't get the server configured to pull files from the proper location. I've tried deleting the domain and re-creating it with no luck. It also seems that the virtual host file in /var/www/apache2/sites-enabled makes no mention of port 443 or ssl. Thanks for your help!
Please remove the ssl cert that you copied to the ssl folder manually and then create a nwe ssl cert in ispconfig on the ssl tab of the website, wait a few minutes and test again. If the site works with the self signed ssl cert, replace the ssl cert and key file in the ssl folder with the cert and key of your other ssl cert and restart apache.
Thanks till. Late last night (before your post) I found a solution that works but I wanted to get your opinion. It's very different than the one you mentioned. I added a clause to the mysite.com.vhost file in /etc/apache2/sites-available and it looks like this: Code: <Directory /var/www/mysite.com> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/mysite/web ServerName mysite.com ServerAlias www.mysite.com ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/mysite.com/error.log Alias /error/ "/var/www/mysite.com/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/mysite.com/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web1 client0 </IfModule> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html <IfModule mod_fcgid.c> IdleTimeout 300 ProcessLifeTime 3600 # MaxProcessCount 1000 DefaultMinClassProcessCount 0 DefaultMaxClassProcessCount 100 IPCConnectTimeout 3 IPCCommTimeout 360 BusyTimeout 300 </IfModule> <Directory /var/www/mysite.com/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1 client0 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client0/web1/webdav> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client0/web1/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/mysite.com/web ServerName mysite.com ServerAlias www.mysite.com ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/mysite.com/error.log Alias /error/ "/var/www/mysite.com/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/mysite.com/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web1 client0 </IfModule> # Clear PHP settings of this website <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html <IfModule mod_fcgid.c> IdleTimeout 300 ProcessLifeTime 3600 # MaxProcessCount 1000 DefaultMinClassProcessCount 0 DefaultMaxClassProcessCount 100 IPCConnectTimeout 3 IPCCommTimeout 360 BusyTimeout 300 </IfModule> <Directory /var/www/mysite.com/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1 client0 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client0/web1/webdav> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client0/web1/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> SSLEngine on SSLCertificateFile /var/www/clients/client0/web1/ssl/mysite.com.crt SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/mysite.com.key SSLCACertificateFile /var/www/clients/client0/web1/ssl/mysite.com.bundle </VirtualHost> Paying particular attention to the section starting <VirtualHost *:443> I know wildcards are less than ideal as it seems to apply to all my sites now (producing the browser warning of course) but it works properly for the site I need. The other sites don't use ssl anyway so I'm not concerned. Thoughts?
Never edit a vhost file manually as all manual settings that you do in that file will get removed automatically anyway. If you use * or the Ip depends on your apache version, the IP works always, * works only on latest apache versions and enables ssl for sni only which is not understood by older internet explorer versions. Please do what I described above, ispconfig will then create the ssl vhost automatically, it has not created it before because either one of your manually copied ssl certs were wrong or had a wrong name, so apache was not able to strat with the ssl certs you provided and ispconfig had to do a rollback and remove the ssl vhost again.
