SSL Problem

Discussion in 'Installation/Configuration' started by vlados, Dec 20, 2010.

  1. vlados

    vlados New Member

    Hi,
    I tried to use the SSL feature in the control panel for one site, but when I import the cert and give action Save certficate ... nothing happens.
    https://domain.com not reposnd and in the vhost there is not *:443.
    What to do?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    First you have to create a new certificate in ispconfig. Then take the csr thats was created by ispconfig and let it sign by a ssl authority. Then copy the cert that you got back in the ssl cert field and select save as action.

    By the way, thats all described in detail in the manual and several posts here in the forum :)
     
  3. vlados

    vlados New Member

    yes, I did all this :)
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    And the ssl site workked after you created the cert and stopped working as you imported the signed cert?
     
  5. vlados

    vlados New Member

    No, the apache vhosts file didnt have :443 directive at all. When I make changes in the ispconfig panel to the ssl section it didn't update the file....
     
  6. vlados

    vlados New Member

    So I found that when apache tries to restart it returns an error, but I can't find what is

    30.01.2011-01:02 - WARNING - Apache did not restart after the configuration change for website tipswins.com Reverting the configuration. Saved non-working config as /etc/apache2/sites-available/tipswins.com.vhost.err

    Code:
    <VirtualHost *:80>
          DocumentRoot /var/www/tipswins.com/web
      
        ServerName tipswins.com
        ServerAlias *.tipswins.com
        ServerAdmin [email protected]
    
        ErrorLog /var/log/ispconfig/httpd/tipswins.com/error.log
    
    
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 503 /error/503.html
    	
        <Directory /var/www/tipswins.com/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client2/web47/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
        <IfModule mod_fcgid.c>
          
    	  # SocketPath /tmp/fcgid_sock/
    	  
    	  # IdleTimeout n (3600 seconds)
    	  # An idle fastcgi application will be terminated after IdleTimeout seconds.
          IdleTimeout 3600
    	  
    	  # ProcessLifeTime n (7200 seconds)
          # A fastcgi application will be terminated if lifetime expired, even no error is detected.
          ProcessLifeTime 7200
    	  
    	  # MaxProcessCount n (1000)
          # The max count of total fastcgi process count.
          # MaxProcessCount 1000
          
    	  # DefaultMinClassProcessCount n (3)
          # The minimum number of fastcgi application instances for any one fastcgi application.
          # Idle fastcgi will not be killed if their count is less than n
          # Set this to 0, and tweak IdleTimeout
    	  DefaultMinClassProcessCount 0
    	  
    	  # DefaultMaxClassProcessCount n (100)
          # The maximum number of fastcgi application instances allowed to run for
          # particular one fastcgi application.
          DefaultMaxClassProcessCount 100
    	  
    	  # IPCConnectTimeout n (3 seconds)
          # The connect timeout to a fastcgi application.
          IPCConnectTimeout 8
    	  
    	  # IPCCommTimeout n (20 seconds)
          # The communication timeout to a fastcgi application. Please increase this
          # value if your CGI have a slow initialization or slow respond.
          IPCCommTimeout 360
          
    	  # BusyTimeout n (300 seconds)
          # A fastcgi application will be terminated if handing a single request
          # longer than busy timeout.
    	  BusyTimeout 300
    	  
        </IfModule>
        <Directory /var/www/tipswins.com/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web47/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    	<Directory /var/www/clients/client2/web47/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web47/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web47 client2
        </IfModule>
    
        <IfModule mod_dav_fs.c>
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    
    
    
    <IfModule mod_ssl.c>
    ###########################################################
    # SSL Vhost
    ###########################################################
    
    <VirtualHost *:443>
          DocumentRoot /var/www/tipswins.com/web
      
        ServerName tipswins.com
        ServerAlias *.tipswins.com
        ServerAdmin [email protected]
        
        ErrorLog /var/log/ispconfig/httpd/tipswins.com/error.log
    
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 503 /error/503.html
    
        SSLEngine on
        SSLCertificateFile /var/www/clients/client2/web47/ssl/tipswins.com.crt
        SSLCertificateKeyFile /var/www/clients/client2/web47/ssl/tipswins.com.key
        SSLCACertificateFile /var/www/clients/client2/web47/ssl/tipswins.com.bundle
        
    	<Directory /var/www/tipswins.com/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client2/web47/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
        <IfModule mod_fcgid.c>
          # SocketPath /tmp/fcgid_sock/
    	  # IdleTimeout n (3600 seconds)
    	  # An idle fastcgi application will be terminated after IdleTimeout seconds.
          IdleTimeout 3600
    	  
    	  # ProcessLifeTime n (7200 seconds)
          # A fastcgi application will be terminated if lifetime expired, even no error is detected.
          ProcessLifeTime 7200
    	  
    	  # MaxProcessCount n (1000)
          # The max count of total fastcgi process count.
          # MaxProcessCount 1000
          
    	  # DefaultMinClassProcessCount n (3)
          # The minimum number of fastcgi application instances for any one fastcgi application.
          # Idle fastcgi will not be killed if their count is less than n
          # Set this to 0, and tweak IdleTimeout
    	  DefaultMinClassProcessCount 0
    	  
    	  # DefaultMaxClassProcessCount n (100)
          # The maximum number of fastcgi application instances allowed to run for
          # particular one fastcgi application.
          DefaultMaxClassProcessCount 100
    	  
    	  # IPCConnectTimeout n (3 seconds)
          # The connect timeout to a fastcgi application.
          IPCConnectTimeout 8
    	  
    	  # IPCCommTimeout n (20 seconds)
          # The communication timeout to a fastcgi application. Please increase this
          # value if your CGI have a slow initialization or slow respond.
          IPCCommTimeout 360
          
    	  # BusyTimeout n (300 seconds)
          # A fastcgi application will be terminated if handing a single request
          # longer than busy timeout.
    	  BusyTimeout 300
    	  
        </IfModule>
        <Directory /var/www/tipswins.com/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web47/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    	<Directory /var/www/clients/client2/web47/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web47/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web47 client2
        </IfModule>
    
        <IfModule mod_dav_fs.c>
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    </IfModule>
    
    
     
  7. falko

    falko Super Moderator Howtoforge Staff

    Can you rename /etc/apache2/sites-available/tipswins.com.vhost to /etc/apache2/sites-available/tipswins.com.vhost.bak and rename /etc/apache2/sites-available/tipswins.com.vhost.err to /etc/apache2/sites-available/tipswins.com.vhost and then run
    Code:
    apache2 -t
    ? Does it report any syntax errors?
     
  8. vlados

    vlados New Member

    root@server1:/etc/apache2# killall apache2
    root@server1:/etc/apache2# apache2 -t
    apache2: bad user name ${APACHE_RUN_USER}

    Is this the right parameter? It this is for configtest:
    root@server1:/etc/apache2# apache2ctl configtest
    Syntax OK
    root@server1:/etc/apache2# /etc/init.d/apache2 start
    * Starting web server apache2 [fail]
    root@server1:/etc/apache2#
     
    Last edited: Jan 30, 2011
  9. falko

    falko Super Moderator Howtoforge Staff

    Ok, the syntax seems to be ok.

    Are there any errors in Apache's error log? What's the output of
    Code:
    netstat -tap
    ?
     

Share This Page