Alright so I moved my server over to a fresh, clean install and I'm not sure how but for some reason the SSL got mixed up in the middle of all this. For some reason on my site now I can't create new CSR's (just nothing comes up after I choose create certificate). And I've also tried uploading the one that I had before (with the intermediate) and I get: ssl_error_rx_record_too_long
Okay, I was able to finally bypass that error by blowing away my site and just recreating it. Unfortunately now, I'm getting sec_error_untrusted_issuer because it's self signed (even though that i'm saving the new godaddy one in there). What could be the cause of this?
Hmm and to top it off, whenever I try to view anything https:// on my site I just get the default apache webpage.
Not really, no. The only thing that is odd is this: Code: [Mon Jun 07 15:01:28 2010] [error] [client 72.10.126.2] File does not exist: /var/www/webmail [Mon Jun 07 15:01:29 2010] [error] [client 72.10.126.2] File does not exist: /var/www/webmail [Mon Jun 07 15:01:30 2010] [error] [client 72.10.126.2] File does not exist: /var/www/webmail I'm trying to access webmail using HTTPS and it seems that it's not going to the right site, it's just going to the /var/www/ directory for everything https
Here is mysite.com.vhost: Code: <Directory /var/www/mysite.com> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/mysite.com/web ServerName mysite.com ServerAlias www.mysite.com ServerAlias webmail.mysite.com ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/mysite.com/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/mysite.com/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web7/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]" php_admin_value upload_tmp_dir /var/www/clients/client1/web7/tmp php_admin_value session.save_path /var/www/clients/client1/web7/tmp php_admin_value open_basedir /var/www/clients/client1/web7/web:/var/www/clients/client1/web7/tmp:/var/www/mysite.com/web:/srv/www/mysite.com/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin RewriteEngine on RewriteCond %{HTTP_HOST} ^webmail.mysite.com [NC] RewriteRule ^/(.*)$ /webmail/$1 [R] # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web7 client1 </IfModule> </VirtualHost> And SSL is enabled in ISPConfig.
You should have something like this in you mysite.com.vhost What do you have in Sites > mysite.com > SSL fields.
I have to say that i have similar problems with one site. When i installed the SSL-Certicate everything seems to be ok, because everything works....at least for a while, because from time to time http://www.example.com (without SSL) shows the default Apache web page "It works" and at the same website (with SSL) https://www.example.com i see the error "ssl_error_rx_record_too_long". Some time later everything is normal again and the site is shown as it should be. First, i thought that it has to to something with DNS, but now i'm sure it is not. It must be a bug in the latest stable version of ISPConfig3 and i hope it will be fixed soon!
Alright, I was able to resolve the problem by manually deleting all of the certificates in /var/www/mysite.com/ssl Once that was done I disabled SSL in ISPConfig, and waited until everything went away in the SSL tab. Once that was done I re-enabled SSL and waited until the certificate appeared in ISPConfig (it does take a few minutes). After that I rekeyed my certificate with GoDaddy with the ISPConfig CSR and pasted the new cert and bundle into the ISPConfig UI and it worked!
That's good to know, but i did that for 3 times already. I have a site with SSL-certicate up und running as well, but several times a day the problem occurs again: from time to time http://www.example.com (without SSL) shows the default Apache web page "It works" and at the same website (with SSL) https://www.example.com i see the error "ssl_error_rx_record_too_long". It's not a DNS-problem as all the nameservers are pointing to the same address.
What does your vhost file look like in sites-enabled? I think what's happening is that it's bouncing between that and default-ssl
Hi, thanks for your feedback. Here is the content of the vhost file: Code: <Directory /var/www/www.example.com> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost 12.34.56.789:80> DocumentRoot /var/www/www.example.com/web ServerName www.example.com ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/www.example.com/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/www.example.com/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # suexec enabled SuexecUserGroup web1 client0 # php as fast-cgi enabled <IfModule mod_fcgid.c> # SocketPath /tmp/fcgid_sock/ IdleTimeout 3600 ProcessLifeTime 7200 # MaxProcessCount 1000 DefaultMinClassProcessCount 3 DefaultMaxClassProcessCount 100 IPCConnectTimeout 8 IPCCommTimeout 360 BusyTimeout 300 </IfModule> <Directory /var/www/www.example.com/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1 client0 </IfModule> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} SSLCertificateChainFile /var/www/clients/client0/web1/ssl/EntrustSecureServerCA.crt SSLCertificateChainFile /var/www/clients/client0/web1/ssl/USERTrustLegacySecureServerCA.crt </VirtualHost> <IfModule mod_ssl.c> ########################################################### # SSL Vhost ########################################################### <VirtualHost 12.34.56.789:443> DocumentRoot /var/www/www.example.com/web ServerName www.example.com ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/www.example.com/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html SSLEngine on SSLCertificateFile /var/www/clients/client0/web1/ssl/www.example.com.crt SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/www.example.com.key <Directory /var/www/www.example.com/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # suexec enabled SuexecUserGroup web1 client0 # php as fast-cgi enabled <IfModule mod_fcgid.c> # SocketPath /tmp/fcgid_sock/ IdleTimeout 3600 ProcessLifeTime 7200 # MaxProcessCount 1000 DefaultMinClassProcessCount 3 DefaultMaxClassProcessCount 100 IPCConnectTimeout 8 IPCCommTimeout 360 BusyTimeout 300 </IfModule> <Directory /var/www/www.example.com/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client0/web1/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1 client0 </IfModule> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} SSLCertificateChainFile /var/www/clients/client0/web1/ssl/EntrustSecureServerCA.crt SSLCertificateChainFile /var/www/clients/client0/web1/ssl/USERTrustLegacySecureServerCA.crt </VirtualHost> </IfModule>
Hmm, well the only thing that I see odd there is that there is an IP address for your SSL traffic here: Code: <VirtualHost 12.34.56.789:443> On mine (and most that I've seen) it's usually a star denoting that all incoming ip addreses on port 443. So you may only have it working when coming in on 12.34.56.789. I'd make a backup of that: Code: cp /etc/apache2/sites-enabled/example.com.vhost /etc/apache2/sites-enabled/example.com.vhost.old And then change: Code: <VirtualHost 12.34.56.789:443> to Code: <VirtualHost *:443> And then restart apache: Code: /etc/init.d/apache2 restart
Thanks fot your help! I use ISPConfig3 so i can just use "*" instead of the dedicated IP-address. If i do so, (not from time to time, but ALL the time) the site http://www.example.com (without SSL) shows the default Apache web page "It works" and at the same website (with SSL) https://www.example.com i see the error "ssl_error_rx_record_too_long". So, that's no good. By the way i don't understand that you choose "*" instead of the dedicated IP which belongs to the dedicated domain with SSL. For now i use the dedicated IP again in the vhost, because i did that also for the other websites (up and running without problems) with a dedicated IP and SSL-certicate on this server.
@bswinnerton, Thanks for your feedback. In the mean the problem has been solved. It had nothing to do with ISPConfig3. The problem was caused by a conflict with the IP-address within my network.
