SSL Issues , new install, Ubuntu 16.04

Discussion in 'Installation/Configuration' started by DexDeadly, Apr 3, 2017.

  1. DexDeadly

    DexDeadly New Member

    Hello All,

    So after a good 2 days of going through the install process I finally have ISPConfig3 running. I believe so atleast. This is a fresh install of ubuntu 16.04 from FDCServers.net. I installed the LAMP stack and then decided to give ISPConfig a shot as I wanted a nice panel and this seemed great. So I get this when I try to to go to https:// myip :8080 my question might be dumb but I do not currently have any domain pointing to it. I plan to point my simplysyncedllc[dot]com domain at this box using google domains. Currently that domain has its name servers pointed to Bluehost. I'd like to use the google domains name servers and point to this new box.

    This is the error the page is getting when I try to access it via https:// myip :8080 NET::ERR_CERT_AUTHORITY_INVALID

    Please let me know what I may be missing here. Thanks :)
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is nothing missing, what this message tells you is that the SSL cert is a so called self-signed SSL cert. Click on accept and login to ISPConfig.
     
  3. DexDeadly

    DexDeadly New Member

    Hello till, thanks for the quick reply. I can get past it and login but is this ok? I'd like to run SSL sites so my wonder is if this is going to happen for every site I try to run SSL on?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    yes. To login without such an error, you 1) have to use a domain name and not IP to login and 2) get an officially signed SSL cert for the port 8080 vhost that ISPConfig uses. You can get such a cert e.g. from lets encrypt: https://www.howtoforge.com/community/threads/securing-your-server-with-lets-encrypt.75554/

    This is not related to hosted websites.
     
  5. DexDeadly

    DexDeadly New Member

    so I just need to point my domain at my box, let the DNS propegate and then once that happens get an officially signed SSL for it. I'll follow that guide. Thanks for the assist!
     
  6. DexDeadly

    DexDeadly New Member

    Ok, so I pointed my domain to my box. I setup a site within ispconfig was well for my domain. Now when I try to go to my domain, simplysyncedllc.com:8080 I still get a NET::ERR_CERT_AUTHORITY_INVALID. Going directly to my actual domain
     
    Last edited: Apr 3, 2017
  7. DexDeadly

    DexDeadly New Member

    So I've tried to run whats in the https://www.howtoforge.com/community/threads/securing-your-server-with-lets-encrypt.75554/ page you provided. I completely redid the installation following the perfect guide. However when I tried to follow that page I get to the cat line and this is my output

    cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem
    cat: /usr/local/ispconfig/interface/ssl/ispserver.key: No such file or directory
    cat: /usr/local/ispconfig/interface/ssl/ispserver.crt: No such file or directory

    I tried to run the ln commands without -s so that I can see what might be occuring and when I do that I gam getting

    ln: failed to access '/etc/letsencrypt/live/webhost.simplysyncedllc.com/privkey.pem': No such file or directory

    I thought trying to run the ispconfig_update.sh would help but it did not. It looks as though I can still access my page I have up which is an error at the moment but it is still accessible and apache is running. The error the admin page is now giving me is
    ERR_SSL_PROTOCOL_ERROR

    Any help again is greatly appreciated!
     
  8. DexDeadly

    DexDeadly New Member

    ok so I found that in my /etc/letsencrypt/live folder I did not have webhost.simplysyncedllc.com . This is the name of my webbox but the only one in there was simplysyncedllc.com which I believe was created from when I added the site via the page. So I tried to use that and now I have keys in the files but I still get the ERR_SSL_PROTOCOL_ERROR when I try to access the admin page. I'm trying by using the simplysyncedllc.com:8080 and with the ip:8080 both start with https: so its forwarding. Sorry for the amount of questions I feel I'm missing something small.
     
  9. DexDeadly

    DexDeadly New Member

    I tried again and now I'm back to NET::ERR_CERT_AUTHORITY_INVALID.
     
  10. sjau

    sjau Local Meanie Moderator

    What do you get by:

    Code:
    ls -al  /usr/local/ispconfig/interface/ssl/
    
    and
    Code:
    ls -al /etc/letsencrypt/live
    
     
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Actually, I think you didn't get it right here. You need LE SSL for webhost.simplysyncedllc.com which is your server domain name and not for simplysyncedllc.com which is your general domain name.

    From my visit, you should be able to login via ISPC with fine using LE SSL via https://webhost.simplysyncedllc.com:8080/login/ not https://simplysyncedllc.com:8080/login/. I hope that will clear some of your isssues.

    I also don't think you have a proper LE SSL set for your general domain - simplysyncedllc.com.
     
  12. DexDeadly

    DexDeadly New Member

    Hello ahrasis, thanks for replying. It looks like I might of just needed to wait. That and I did miss the part of setting a site for webhost.simplysyncedllc.com so I did so, I than walked away and came back and now I can as you mention get to https://webhost.simplysyncedllc.com:8080/login. Without webhost I do get the error, should 8080 be restricted to strictly webhost.simplysyncedllc.com site? I'd think it should be but I guess whats your feed back on that.

    Also you mention I dont have proper LE SSL set for simplysyncedllc.com. How do I check? If I look at the site under Sites and check the domain tab, SSL and Let's Encrypt SSL checkboxes are both cucked. I was under the assumption that if they were checked the SSL should be good. I went and ran a SSL Labs report https://www.ssllabs.com/ssltest/analyze.html?d=simplysyncedllc.com&latest and it gets an A. Is there something here that I am not looking at that you are that you can point me to how I should get it fixed?
     
    Last edited: Apr 4, 2017
  13. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

  14. DexDeadly

    DexDeadly New Member

    Excellent, thank you again. My guess is I didn't wait long enough for the DNS or the certs to take hold. I noticed when creating a new site last night and domain that I had the same thing. Waited a little bit and it worked. Time to move onto email and the DNS.o_O:eek:
     
    ahrasis likes this.
  15. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Email is a little bit tricky and you can read various post with keyword "postfix". My ISP blocks port 25 for sending emails, so I can only received emails via that port. My emails are sent via smtp relay, thus, I basically have no experience running a "fully" working own mail server.

    So good luck with it.
     
  16. DexDeadly

    DexDeadly New Member

    Thanks, this is on a fdcservers host. Should be fun.
     
    ahrasis likes this.

Share This Page