Hi everyone, I need help with this. I successfully install SSL on ISPConfig 3. Love it. It's so easy. Now when I try to access the control panel the https://www.mydomain.com:8080 it does not work but without the SSL it works http://www.mydomain.com:8080 Anyway after further googling I found this tutorial http://www.faqforge.com/linux/controlpanels/ispconfig3/enable-ssl-for-the-ispconfig-3-controlpanel/ but since I already install the SSL cert on ispconfig and the cert is not self signed I wasn't sure to start at which step.. If anyone already had this covered I appreciated if you guys/gals could guide me with this. Thanks in advance
Hello, update your interface, if next version is out or install in expert mode and say yes to ssl and ispconfig do everything for you. Regards, Xaver
hey appreciate your help. I guess I will try reinstalling ispconfig again since update need to wait for new release. Code: root@server1:~# ispconfig_update.sh -------------------------------------------------------------------------------- _____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ -------------------------------------------------------------------------------- >> Update Please choose the update method. For production systems select 'stable'. The update from svn is only for development systems and may break your current setup. Select update method (stable,svn) [stable]: There are no updates available for ISPConfig 3.0.3.3 root@server1:~# Also do you know is there anyway I could just use the control panel php page without the port 8080 thing? because in theory that would automatically solve SSL on port 8080 problem. thank you. EDIT So I blindly followed the steps here with no knowledge with what I'm doing http://www.faqforge.com/linux/controlpanels/ispconfig3/enable-ssl-for-the-ispconfig-3-controlpanel/ On the final step I was greeted with this error: Code: root@server1:/etc/apache2/ssl# /etc/init.d/apache2 restart Syntax error on line 48 of /etc/apache2/sites-enabled/000-ispconfig.vhost: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Action 'configtest' failed. The Apache error log may have more information. failed! root@server1:/etc/apache2/ssl# /etc/init.d/apache2 restart Syntax error on line 48 of /etc/apache2/sites-enabled/000-ispconfig.vhost: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Action 'configtest' failed. The Apache error log may have more information. failed! I always have this question in my mind. Either updating or using the step from the link above I need to create a new SSL Request cert. So in other word my current provided cert is useless because I need to paste the new cert request to my cert provider and pasting the provided cert to ispconfig. Am I correct? I appreciate if anyone could help me with the error above. Thanks in advance
Please do what xaver suggested and run a ispconfig update where you select to create new ssl certs. If your ispconfig is up to date, then download the ispconfig tar.gz manually from ispconfig.org, unpack it and run the update.php script. You can use a existing cert as well, but only after you did the step with the update that xaver described. Afterwards you can replace the key and crt file in /usr/local/ispconfig/interface/ssl/ directory with your existing cert and key.
I did actually. I search the forum and found the your same advice over here http://www.howtoforge.com/forums/showthread.php?t=53072&highlight=ssl+port but I was greeted with error: Code: root@server1:~/ispconfig3_install/install# php -q update.php -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Update Operating System: Debian 6.0 (Squeeze/Sid) or compatible This application will update ISPConfig 3 on your server. mysqldump: Got error: 1045: Access denied for user 'root'@'localhost' (using password: YES) when trying to connect PHP Warning: mysql_connect(): Access denied for user 'root'@'localhost' (using password: YES) in /root/ispconfig3_install/install/lib/mysql.lib.php on line 78 PHP Notice: Uninitialized string offset: 0 in /root/ispconfig3_install/install/lib/update.lib.php on line 98 PHP Fatal error: Cannot use string offset as an array in /root/ispconfig3_install/install/lib/update.lib.php on line 98 This is what in mysql.lib.php in line 78: Code: $this->linkId = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); I assume the first error is mysql error so I add all new credentials in mysql.lib.php (at the top section): Code: class db { var $dbHost = "localhost"; // hostname of the MySQL server var $dbName = "dbispconfig"; // logical database name on that server var $dbUser = "root"; // database authorized user var $dbPass = "mydbpass"; // user's password var $dbCharset = "utf8"; // what charset comes and goes to mysql: utf8 / latin1 var $linkId = 0; // last result of mysql_connect() var $queryId = 0; // last result of mysql_query() var $record = array(); // last record fetched var $autoCommit = 1; // Autocommit Transactions var $currentRow; // current row number var $errorNumber = 0; // last error number var $errorMessage = ""; // last error message var $errorLocation = ""; // last error location var $show_error_messages = false; but still got the same error. Please help Thank you.
Please undo all changes that you made in the file mysql.lib.php. Make sure that the file is exactly as it was before! If you want that we are able help you, dont do any hectic changes in the sources of ispconfig as thats not required and you will mess up our setup more and more by doing that. Your problem is that you changed the mysql root password without changing it in the file /usr/local/ispconfig/server/lib/mysql_clientdb.conf. So edit only this one file and set the new root password there.
hey thanks. My apologies but I had to minimize from asking support here because I'm embarrassed I only active here in this forum when I need support. I don't like to see as a lechers you know That's why I prefer to goongling/search and DIY The update works great and ispconfig created the self signed SSL. Now the problem is SSL. I want to use my own CA issued cert. In Code: /usr/local/ispconfig/interface/ssl I found 4 files. For the cert I paste in SSL bundle text form in Sites >> Web Domain >> SSL Where should I paste the SSL bundle cert in Code: /usr/local/ispconfig/interface/ssl I could upload screenshot if you want to. I hope I explain everything clear. Thank you.
Take a look into the ssl directory of the website where you created the signed certificate. There you find a key and a crt file. Kopy the content of the key file into the ispconfig key file, the content of the crt file into the ispconfig crt file. Then create a new file for the bundle certificate in the ispconfig ssl directory and insert the bundle certificate(s) there. Then add a line a line like: SSLCACertificateFile /path/to/my/bundle/certificate into the ispconfig vhost file as ispconfig as no support for bundles builtin and then restart apache.
Yes I copy the text from my website SSL directory and paste it to ISPConfig SSL directory. This is the exact step I did. My website SSL directory Code: www.mydomain.com.crt www.mydomain.com.csr www.mydomain.com.key www.mydomain.com.key.org ISPconfig SSL directory. Noted that cert from key.org is pasted to key.secure Code: ispserver.crt ispserver.csr ispserver.key ispserver.key.secure After that I restart apache and SSL appears to be working across all browsers. I guess bundle certificate is not needed for ispconfig SSL directory :/ Appreciate your help Xaver and Till Hope it helps anyone.
