Can someone help please? When i create SSL certificate for any site in ISPconfig, https doesnt work, i'm getting "error 12263" in browser With openssl query i'm getting [root@server1 /home/rh]# openssl s_client -connect www.mydomain.org:443 CONNECTED(00000003) 24822:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:478: I have more Ip adresses and this error apears also when ispconfig_server is off, so it looks like some apache issue. I'm using Fedora6 with apache 2.2.3-5
bit more information In /etc/httpd/conf/vhostsVhosts_ispconfig.conf Ispconfig adds for SSL sites something like: <IfModule mod_ssl.c> <VirtualHost 82.xxx.xx.xx:443> <Directory "/var/www/web6/web/pub"> Options +Indexes </Directory> ServerName www.xxxx.org:443 But with httpd -l i see just Compiled in modules: core.c prefork.c http_core.c mod_so.c can i change soething to make ispconfig use /usr/lib/httpd/modules/mod_ssl.so or do i have to recompile apache someway?
httpd -l lists only the compiled in modules and not the dynamically loaded modules, mod_ssl is dynamically loaded. Also the "<IfModule mod_ssl.c>" definition is always correct, it never contains a path. Please post the output of: netstat -tap
netstat -tap tcp 0 0 *:899 *:* LISTEN 1989/rpc.statd tcp 0 0 *:mysql *:* LISTEN 2272/mysqld tcp 0 0 *:sunrpc *:* LISTEN 1964/portmap tcp 0 0 38.mydomain.cz:domain *:* LISTEN 2881/named tcp 0 0 mail2.mydomain.cz:domain *:* LISTEN 2881/named tcp 0 0 server2.mydomain.cz:domain *:* LISTEN 2881/named tcp 0 0 admin.mydomain.cz:domain *:* LISTEN 2881/named tcp 0 0 localhost.localdomai:domain *:* LISTEN 2881/named tcp 0 0 *:smtp *:* LISTEN 2837/master tcp 0 0 *:https *:* LISTEN 2724/ispconfig_http tcp 0 0 *:imaps *:* LISTEN 2304/dovecot tcp 0 0 *op3s *:* LISTEN 2304/dovecot tcp 0 0 *op3 *:* LISTEN 2304/dovecot tcp 0 0 *:imap *:* LISTEN 2304/dovecot tcp 0 0 *:http *:* LISTEN 2753/httpd tcp 0 0 *:ftp *:* LISTEN 2909/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 2152/sshd tcp 0 1776 server2.mydomain.cz:ssh duck.u-turnmeptconference ESTABLISHED 2195/0 btw>there is no file mod_ssl.c in the system, and when i install yum install mod_ssl then ispconfig doesnt start and system apache use completely different certificates then defined..
Did you configure ISPConfig to listen on port 443? In that case your virtual hosts can't use SSL anymore because port 443 is already in use.
SOLVED - when edit /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf manually Hurrah more https sites on port 443 works under this conditions (assuming i use 82.xxx.xxx.47 for ISPconfig apache and 82.xxx.xxx.36 for virtual host under system apache) 1. In /root/ispconfig/httpd/conf/https.conf must be: BindAddress 82.xxx.xxx.47 #Port (uncommented or Port 80) <IfDefine SSL> Listen 82.xxx.xxx.47:443 </IfDefine> 2. There must by mod_ssl installed in /etc/https/conf.d/ssl.conf must be uncommented line #Listen 443 3. In /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf must be added directive "Listen 82.xxx.xxx.36:443" (ip adress of the web) so it looks like: <IfModule mod_ssl.c> Listen 82.xxx.xxx.xxx:443 <VirtualHost 82.xxx.xxx.36:443> <Directory "/var/www/web6/web/pub"> Options +Indexes </Directory> Then i can use more SSL certificates. ================= Two Questions: .) 1.Can i force Ispconfig to add "Listen 82.xxx.xxx.xxx:443" directive automaticaly to Vhosts_ispconfig.conf when i create SSL certificate ?? Otherwise this directive dissapear with ANY CHANGE of Any site Or ho to add it into "Apache Directives" window in page properties, which doesnt work?? 2.What do i have to add into /root/ispconfig/httpd/conf/https.conf to make ispconfig work on both 80 & 443 ports ? Or is it restricted somehow to work only on 443 port? (assuming i have reserved IP only for ispconfig apache instance) Radim
Question 1 solved completely .) Eh, i'm dummy all what is needed is write listen directive for each IP adress into /etc/httpd/conf.d/ssl.conf like Listen 82.xxx.xxx.36:443 Listen 82.xxx.xxx.37:443
Put Code: Listen <IP Address>:80 Listen <IP Address>:443 into /root/ispconfig/httpd/conf/httpd.conf and remove Code: Listen 81 . Then restart ISPConfig.
