Hi, I have server with Ubuntu 7.10, went through perfect server allright and tried to load ISPConfig 2.2.18 with my domain chillifire.net That worked after some trials and tribulations and a first failed install (see below), so now http://www.chillifire.net work, https://www.chillifire.net:81 works and gets me to the panel, which seems to work fine. However, https://www.chillifire.net gets me the treaded 12263 error in the browser. Yes, there has been a lot of postings, but all seem to deal with the issue of more than one certificate per IP or multiple IPs and certificates etc. These posts do not apply as I have one IP only and (should) have only one certificate. Now, I did notice a few things: - I have entries apache2.conf.06-12-07_16-21-50, and ports.conf.06-12-07_16-21-50 and under mods-enabled every file seems to have a copy with a .06-12-07_16-21-50. Should these files be there? If not, could they have been created by a failed ISPConfig installation attempt? I installed twice - the first time the system aborted after creating the certificates, complaining php was not available. So I made php globally available (reversing 16.1 of the perfect server setup) and rerun the install - and it worked. Could it be that there is a dud certificate flying around somewhere that wrecks the whole thing? If so where? And should I get rid of all the *.06-12-07_16-21-50 entries? Where else do I need to llok for them? - Port 81 did not work at first. I had to recreate the certificate manually as per the instructions in this forum. Once that was done, 81 worked and I can get to the panel. - I noticed there is no module ssl under /etc/apach2/modules-available and modules-enabled. Also, under /etc/apache2/vhosts I have the files Vhosts_ispconfig.conf Vhosts_ispconfig.conf~ They look like this: Code: ################################### # # ISPConfig vHost Configuration File # Version 1.0 # ################################### # NameVirtualHost 210.48.62.30:80 <VirtualHost 210.48.62.30:80> ServerName localhost ServerAdmin root@localhost DocumentRoot /var/www/sharedip </VirtualHost> NameVirtualHost 210.48.62.30:80 <VirtualHost 210.48.62.30:80> ServerName localhost ServerAdmin root@localhost DocumentRoot /var/www/sharedip </VirtualHost> # # ###################################### # Vhost: www.chillifire.net:80 ###################################### # # <VirtualHost 210.48.62.30:80> SuexecUserGroup web3_contact web3 ServerName www.chillifire.net:80 ServerAdmin [email protected] DocumentRoot /var/www/web3/web ServerAlias chillifire.net DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm ScriptAlias /cgi-bin/ /var/www/web3/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl ErrorLog /var/www/web3/log/error.log AddType application/x-httpd-php .php .php3 .php4 .php5 <Files *.php> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php3> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php4> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php5> SetOutputFilter PHP SetInputFilter PHP </Files> php_admin_flag safe_mode Off AddType text/html .shtml AddOutputFilter INCLUDES .shtml Alias /error/ "/var/www/web3/web/error/" ErrorDocument 400 /error/invalidSyntax.html ErrorDocument 401 /error/authorizationRequired.html ErrorDocument 403 /error/forbidden.html ErrorDocument 404 /error/fileNotFound.html ErrorDocument 405 /error/methodNotAllowed.html ErrorDocument 500 /error/internalServerError.html ErrorDocument 503 /error/overloaded.html AliasMatch ^/~([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3 </VirtualHost> There is nothing anywhere I can see that would tell the system how to deal with port 443 (other than ports.conf, which says: Code: Listen 80 <IfModule mod_ssl.c> Listen 443 </IfModule> - This is what is in directory /root/ispconfig/httpd/conf/ssl.crt Code: 0cf14d7d.0 544fc7bf.1 82ab5372.0 README.CRT ca.crt server.crt snakeoil-ca-rsa.crt snakeoil-rsa.crt 544fc7bf.0 5d8360e1.0 Makefile ca-bundle.crt e52d41d0.0 snakeoil-ca-dsa.crt snakeoil-dsa.crt Is that what should be there? The server.crt file is the one I manually recreated. Again, I suspect it has something to do with the failed installation, but then again, what do I know? So for starters, where should I look for dud certificates. And why are there no ssl modules and for Vhost? Any input/advice is welcome. Thanks chillifire Auckland, New Zealand PS: Here is some more output you will ask me for: Code: root@blackbird:~# netstat -tan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN tcp 0 0 210.48.62.30:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 0 210.48.62.30:81 60.234.129.51:56569 TIME_WAIT tcp 0 0 210.48.62.30:81 60.234.129.51:56567 TIME_WAIT tcp6 0 0 :::993 :::* LISTEN tcp6 0 0 :::995 :::* LISTEN tcp6 0 0 :::110 :::* LISTEN tcp6 0 0 :::143 :::* LISTEN tcp6 0 0 :::21 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::25 :::* LISTEN tcp6 0 0 ::1:953 :::* LISTEN tcp6 0 2112 ::ffff:210.48.62.30:22 ::ffff:60.234.129:56685 ESTABLISHED
This is getting interesting Hi everyone, Out of sheer desparation I deinstalled ISPConfig. Interesting: it does not remove those funny files with date/time appended and it also does not get used to vhosts directories and files and vost roots. I deleted these all manually and then reinstalled ISPConfig. The result was interesting: The same certificate error (unvalid signature) occured again and I had to employ www.howtoforge.com/faq/14_63_en.html to fix that. After that at least port 81 works and I can access the ISPConfig admin site. But SSL still does not work (leads to 12263 error) and new date and time appended files have been created. So now I am thinking these files were not created by the fialed install but obviouslyare created by a 'successful' install. So something must be in the setup of the system that upsets ISPConfig enough to do somehing very funny and not cope with SSL. Any thoughts? chillifire
Thanks - but no solution Thanks till for your quick response. Much appreciated. I had seen the thread, but it does not really apply and it does not provide a solution. As I stated, there is only Vhosts_ispconfig.conf Vhosts_ispconfig.conf~ in the vhosts folder. There is no file with date/time appendage that I could rename. So therefore this approach does not provide a fix. There were indeed an apache2.conf and ports.conf file with date/time appendage as reported (ports was indetnical though, not sure about apache2). I renamed them and restarted apache2 and ispconfig_server. No change. Admittedly there are also all these date/time appended files in mods-available next to 'normal' files. it looks like this: Code: alias.conf include.load.07-12-07_15-41-46 alias.conf.07-12-07_15-41-46 mime.conf alias.load mime.conf.07-12-07_15-41-46 alias.load.07-12-07_15-41-46 mime.load auth_basic.load mime.load.07-12-07_15-41-46 auth_basic.load.07-12-07_15-41-46 negotiation.conf authn_file.load negotiation.conf.07-12-07_15-41-46 authn_file.load.07-12-07_15-41-46 negotiation.load authz_default.load negotiation.load.07-12-07_15-41-46 authz_default.load.07-12-07_15-41-46 php5.conf authz_groupfile.load php5.conf.07-12-07_15-41-46 authz_groupfile.load.07-12-07_15-41-46 php5.load authz_host.load php5.load.07-12-07_15-41-46 authz_host.load.07-12-07_15-41-46 rewrite.load authz_user.load rewrite.load.07-12-07_15-41-46 authz_user.load.07-12-07_15-41-46 setenvif.conf autoindex.conf setenvif.conf.07-12-07_15-41-46 autoindex.conf.07-12-07_15-41-46 setenvif.load autoindex.load setenvif.load.07-12-07_15-41-46 autoindex.load.07-12-07_15-41-46 ssl.conf cgi.load ssl.conf.07-12-07_15-41-46 cgi.load.07-12-07_15-41-46 ssl.load dir.conf ssl.load.07-12-07_15-41-46 dir.conf.07-12-07_15-41-46 status.conf dir.load status.conf.07-12-07_15-41-46 dir.load.07-12-07_15-41-46 status.load env.load status.load.07-12-07_15-41-46 env.load.07-12-07_15-41-46 suexec.load include.load suexec.load.07-12-07_15-41-46 The files without date/time are in a light turquios, so I assume they are symlinks. Also, I checked the pairs ssl.load / ssl.load.07-12-07_15-41-46 and ssl.conf / ssl.conf.07-12-07_15-41-46 and they are exactely the same. So for now I don't see how renaming all these files would change anything (as they should be just symlinks to mods-available anyway, right?) Any more clues? chillifire
Please undoi the renaming of these other files. I talked just about the file Vhost_ispconfig.conf and not any other file. Please recreate the SSL cert of the website where you have SSL enabled in ISPConfig (not the ecrt for port 81!).
Thanks again for the quick response. I have to ask in that case where does ISPConfig store these website related SSL certifiactes? I assume these website related keys were created during the ISP config install? But where are they? I assume they are not in /root/ispconfig/httpd/conf/ssl.* which holds the ispconfig certificates? I would not even know where to look, as there is no ssl module in either /etc/apache2/mods-available nor /etc/apache2/mods-enabled, nor are there any port 443 instructions in the vhosts files. So where apache2 even would know where to look for certificates is beyond my limited knowledge. BTW, I am also playing around with DNS entries at the same time, so this link may be required for testing at the moment. Thanks again for your support. Hanno
ssl for site enabled This might be a misunderstanding on my part then. Yes, I did enable SSL with that switch. No, I did not create a certificate for the site through the panel, I thought this was for certificates signed by agents only. Is this required for self signed certificates as well?
Solved OK, I created a certificate in ispconfig and it appears it not only creates a certificate request but also a self signed certificate. Now https://www.chillifire.net works like a charmer. I could be forgiven for what looks like a RTFM error. The documentation (see for yourself here) clearly talks about CA signed certificates only. It was not clear that further action other than clicking the SSL button was required, when creating the site. To the developers: I would like to propose a documentation update for the next release to avoid further misunderstanding. It is a shame when documentation lets down an otherwise great package. (No brown nosing intended - just my honest opinion). Thanks everyone for helping me here. Great community. chillifire
yes you must create the self signed cert in control panel for the site. go deal glade you got it working.
