SSL Vhost questions...

Discussion in 'ISPConfig 3 Priority Support' started by craig baker, Feb 2, 2016.

  1. craig baker

    craig baker Member HowtoForge Supporter

    I just got a multi-domain SSL for cdbsystems.com, www.cdbsystems.com and ns9.cdbsystems.com.
    I cut and pasted it into cdbsystems.com (the www was added by default) - checking SSL of course and saved cert.
    I also created a vhost for ns9.cdbsystems.com, checked SSL on it and cut and paste same info CSR, CRT and bundle into the fields. clicked 'save certificate'.

    but now my ssl is not working not seeing the new certs at all installed by ispconfig3 supposedly!

    I notice that (under centos) I have ssl.conf in /etc/httpd/conf.d and that points to old ssl files.
    none of the vhost files in /etc/httpd/conf/sites-available have any 443 entries.
    where does ispconfig3 install the certs when save certificate happens?

    and is this not SUPPOSED to work these days? all current browsers support etc etc...

    and should I manually alter the ssl.conf file? or should that file be deleted from /etc/httpd/conf.d since its obviously not being generated by ispconfig?

    ADDITIONAL NOTES:
    from other reading I unchecked and rechecked the ssl box both on cdbsystems.com and on ns9.cdbsystems.com. the latter now created a vhost that has a 443 section. but the cert is clearly not being recognized properly. the former cdbsystems.com.vhost creats an err file and no 443 section (apart from inside the cdbsystems.com.vhost.err file)
    how do I find out what it didnt like?


    thanks
     
    Last edited: Feb 3, 2016
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Ensure that you add the ssl cert and key. key and cert must match, a ssl cert without the correct key will not work (apache wont start), ispconfig revognizes that and disables ssl again then so that apache can start again.
     
  3. craig baker

    craig baker Member HowtoForge Supporter

    ok I reissued the cert, fiddled with my subdomain vhost entries and have verified that all 4 files (bundle,csr,key,crt) match both in ispconfig ssl page, but also in the /var/www/..../ssl folder and all are correct with the new multidomain key,crt,csr and bundle.
    but restarting apache does NOT bring up ssl on the port still says the cert has expired! for some reason it is NOT reading the subdomain properly (claims cert is self signed and has expired).
    however there are no .err files generated in the /var/www/.../ssl directory.
    when I copy and paste ALL the correct information into my main website folder, and save, uncheck check ssl box and restart apache the ../ssl directory gets .err files and even though the information is correct in ISPCONFIG apache is clearly rejecting it.

    is ispconfig unable to handle a multidomain cert? how do I troubleshoot further? where to look?

    what is going on??/ VERY frustrating!
    oh just to (possibly) confuse things my name server is ns9.cdbsystems.com and one of the multidomain entries for for that (ns9.cdbsystems.com,cdbsystems.com and www.cdbsystems.com)
    I setup ns9.cdbsystems as a vhost subdomain of cdbsystems.com in ispconfig.
    any problem with it also being the server name?
     
    Last edited: Feb 4, 2016
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig handles all kinds of ssl certs incl. multidomain ssl certs.

    You can not create the server name as website on an apache server as it will go to the /var/www directory directly and not to a website that you added as vhost. If you want to exchange the ssl cert for the apache default host (server hostname) then seek in the apache config files for the ssl cert and replace it, thts not managed by ispconfig.
     

Share This Page