Hi Folks, My problem is that when I try to access the only SSL-enabled web site on my server, the web server presents me with the wrong certificate. It works; it's just the wrong certificate (localhost.localdomain). I have followed instructions posted elsewhere in these forums by Till and Falco to create a CSR and paste/save the CACert.org certificate. The Vhosts_ispconfig.conf looks OK to me and is only included once in httpd.conf. I made no hand edits anywhere (in recent memory...this is not a new problem). The certificate the server presents is, I believe, /etc/httpd/conf/ssl.crt/server.crt pointed to by /etc/httpd/conf.d/ssl.conf. SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key Maybe there was some (historic) modification to /etc/httpd/conf.d/ssl.conf causing this problem? The only error I see in the /var/www/web1/log/error.log when I restart is "[warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?". Any ideas anyone? Thanks in advance, G
Everything works...and has been...just with the wrong certificate. I can't remember when this started or what kicked it off, but I have to suspect is was a web application application install or an upgrade. A yum update, maybe? Thanks, G
I temporarily fixed the problem by renaming these two files: /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.key/server.key and used symbolic links to the corresponding files in web1: ln -s /etc/httpd/conf/ssl.key/server.key /var/www/web1/ssl/www.sonoracomm.com.key ln -s /var/www/web1/ssl/www.sonoracomm.com.crt /etc/httpd/conf/ssl.crt/server.crt Then restarting the web server: /etc/init.d/httpd restart /etc/init.d/ispconfig_server restart I know this is not the right way to fix it, but it works. G
Web Site is Using the Wrong SSL Certificate I just installed a fresh ISPConfig installation on a fresh Centos 5 Perfect Install and I have the same problem I had on a previous Centos 4 server. I can't believe I'm the only one! ;-) This time, I have not come up with a work-around. When I try to access the first web site, and the first to be configured as SSL enabled, via SSL, I am presented with a certificate for localhost.localdomain. Through testing, I determined it is using this certificate: /etc/pki/tls/certs/localhost.crt But it should be using the cert in web1. I added a second IP addres and enabled SSL on another web site. It works as it should! It uses the cert in web17. Any clues anyone? Thanks in advance, G
Please make sure that you do not have any SSL vhosts enabled in your apache configuration beside the vhsosts created by ISPConfig.
Hi Till, Thanks much for your response. Unfortunately, at my level of Apache skill, it may not tell me enough. There are no references to ssl or 443 in the main httpd.conf. The Vhosts_ispconfig.conf is included only once and my testing shows it is generated entirely by ISPConfig. There is a <VirtualHost _default_:443> section in /etc/httpd/conf.d/ssl.conf and it points at the problem localhost certificate. This is most likely the cause, somehow, of my problems. I tried removing the <VirtualHost _default_:443> section from the file. I also tried renaming the ssl.conf file. In both cases Apache will not restart. Do you have any further suggestions for me? TIA, G
Hi Falco, Thanks so much for your time. Here are the results if ifconfig: eth0 Link encap:Ethernet HWaddr 00:16:3E:38:F6:01 inet addr:192.245.12.114 Bcast:192.245.12.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe38:f601/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:471281 errors:0 dropped:0 overruns:0 frame:0 TX packets:149418 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:85985564 (82.0 MiB) TX bytes:66483225 (63.4 MiB) eth0:0 Link encap:Ethernet HWaddr 00:16:3E:38:F6:01 inet addr:192.245.12.116 Bcast:192.245.12.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:37053 errors:0 dropped:0 overruns:0 frame:0 TX packets:37053 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5463001 (5.2 MiB) TX bytes:5463001 (5.2 MiB) Here are the contents of the vhosts file: http://www.sonoracomm.com/dmdocuments/Vhosts_ispconfig.conf (If you use https:// you will see the incorrect certificate too) Thanks, G
Which exact error message do you get in the apache error log when you remove the default ssl vhost and restart apache?
Thanks for your time, Till. I beat this up and I looked in every log file I could find including /root/ispconfig/httpd/logs/*. There are no error messages at all. Apache just doesn't start when I do: service httpd stop service httpd start or if I do service httpd restart I deleted the entire section <VirtualHost _default_:443>...</VirtualHost> from ssl.conf. Obviously, it is necessary somehow. I just don't know how. Also, this command outputs the correct results: openssl x509 -in /var/www/web1/ssl/www.sonoracomm.com.crt -noout -text I sure hope I am learning something from this frustration... Thanks, G
