When install SSL no more site access

Hi,

I installed "The Perfect Server" on Ubuntu 11.04 with Ispconfig 3. Everythig have worked fine, then I activated SSL cert for the site and now I have no access to my site. Not even http. Only SSH still works. It looks, that apache stop working.

 

I get this:

httpd not running, trying to start
Action 'restart' failed.
The Apache error log may have more information.

And here is apache error log:

[Sun Aug 28 06:26:47 2011] [error] [client 95.176.180.106] PHP Notice: Undefined index: return_to_ur l in /usr/local/ispconfig/interface/lib/classes/tform_actions.inc.php on line 142, referer: http://www.xxxxxxxxxx.si:8080/index.php
[Sun Aug 28 06:26:55 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc /apache2/htdocs
[Sun Aug 28 06:26:56 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc /apache2/htdocs
[Sun Aug 28 06:27:02 2011] [notice] caught SIGTERM, shutting down
[Sun Aug 28 06:27:03 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Aug 28 06:27:03 2011] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 28 06:27:03 2011] [notice] Digest: done
[Sun Aug 28 06:27:03 2011] [notice] Apache/2.2.17 (Ubuntu) DAV/2 mod_fcgid/2.3.6 PHP/5.3.5-1ubuntu7.2 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.17 OpenSSL/0.9.8o configured -- resuming normal operations
[Sun Aug 28 06:27:04 2011] [error] [client 95.176.180.106] client denied by server configuration: /et c/apache2/htdocs
[Sun Aug 28 06:27:06 2011] [notice] caught SIGTERM, shutting down

 

I got:

ERROR: Site mydomain.si does not exist!

I tried with

a2dissite default

got this:

Site default disabled.

Reload apache, still nothing

 

I have to add vhost:

a2dissite mydomaine.si.vhost

now Ispconfig works, but I can not create certificate

 

I did like you explain. When I press Save button with SSL Action 'Create certificate', window closes. When I open site again, there is no certificate.

 

Now manage to make certificate, but browser get me:

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

 

All settings are correct.
Statistic doesn't work too.

 

I made fresh installation of 'Perfect server Ubuntu 11.04 with Ispconfig 3' and I have the same problem. SSL and statistic doesn't work. I configure certificate and save it (with IP). Again Secure Connection Failed.
When I try to get statistic of the site, I got: The requested URL /stats was not found on this server.

 

Is the SSL module enabled?

Code:

a2enmod ssl

What's the output of

Code:

netstat -tap

?

 

a2enmod ssl:

Module ssl already enabled

netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:http-alt *:* LISTEN 2006/apache2
tcp 0 0 *:www *:* LISTEN 2006/apache2
tcp 0 0 *:tproxy *:* LISTEN 2006/apache2
tcp 0 0 server.mydomain:domain *:* LISTEN 29208/named
tcp 0 0 localhost.locald:domain *:* LISTEN 29208/named
tcp 0 0 *:ftp *:* LISTEN 29189/pure-ftpd (SE
tcp 0 0 *:ssh *:* LISTEN 654/sshd
tcp 0 0 localhost.localdoma:953 *:* LISTEN 29208/named
tcp 0 0 *:smtp *:* LISTEN 28269/master
tcp 0 0 *:https *:* LISTEN 2006/apache2
tcp 0 0 localhost.localdo:10024 *:* LISTEN 28328/amavisd (mast
tcp 0 0 localhost.localdo:10025 *:* LISTEN 28269/master
tcp 0 0 *:mysql *:* LISTEN 28061/mysqld
tcp 0 52 server.mydomain:ssh APN-122-59-103-gp:51130 ESTABLISHED 11291/sshd: iztokm
tcp 65 0 localhost.localdo:37598 localhost.localdo:10025 CLOSE_WAIT 29062/amavisd (ch1-
tcp6 0 0 [::]:imap2 [::]:* LISTEN 29090/couriertcpd
tcp6 0 0 [::]:domain [::]:* LISTEN 29208/named
tcp6 0 0 [::]:ftp [::]:* LISTEN 29189/pure-ftpd (SE
tcp6 0 0 [::]:ssh [::]:* LISTEN 654/sshd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 29208/named
tcp6 0 0 [::]:imaps [::]:* LISTEN 29107/couriertcpd
tcp6 0 0 [::]op3s [::]:* LISTEN 29135/couriertcpd
tcp6 0 0 [::]op3 [::]:* LISTEN 29118/couriertcpd


I did everything by the manual, but it doesn't work.

 

Did you check Apache's error log? Are there any errors in ISPConfig's Monitor module?

Can you post an SSL vhost configuration here?

 

Thank you Falko for your replay.

System Messages - Log: Unable to read /var/log/messages

root@server2:/home/iztokm# tail -f /var/log/apache2/error.log
[Thu Sep 08 12:35:02 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs
[Thu Sep 08 12:35:02 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs
[Thu Sep 08 12:35:06 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs
[Thu Sep 08 12:35:06 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs
[Thu Sep 08 12:35:09 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs
[Thu Sep 08 12:35:09 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs
[Thu Sep 08 12:35:10 2011] [error] [client 66.249.66.234] client denied by server configuration: /etc/apache2/htdocs

vi /usr/local/ispconfig/server/conf/vhost.conf.master

------
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
###########################################################
# SSL Vhost
###########################################################

<VirtualHost <tmpl_var name='ip_address'>:443>
<tmpl_if name='php' op='==' value='suphp'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
<tmpl_if name='php' op='==' value='cgi'>
DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
DocumentRoot <tmpl_var name='web_document_root_www'>
</tmpl_if>
</tmpl_if>

ServerName <tmpl_var name='ssl_domain'>
<tmpl_if name='alias'>
<tmpl_var name='alias'>
</tmpl_if>
ServerAdmin webmaster@<tmpl_var name='domain'>

ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log

<tmpl_if name='errordocs'>
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html

</tmpl_if>
SSLEngine on
SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
<tmpl_if name='has_bundle_cert'>
SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
</tmpl_if>

<Directory {tmpl_var name='web_document_root_www'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
Order allow,deny
Allow from all
<tmpl_if name='ssi' op='==' value='y'>

# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
Order allow,deny
Deny from all
Allow from none
</Files>
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
Order allow,deny
Allow from all
<tmpl_if name='ssi' op='==' value='y'>

# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
Order allow,deny
Deny from all
Allow from none
</Files>
</tmpl_if>
</Directory>

<tmpl_if name='cgi' op='==' value='y'>
# cgi enabled
<Directory {tmpl_var name='document_root'}/cgi-bin>
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
</tmpl_if>
<tmpl_if name='ssi'op='==' value='y'>
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</tmpl_if>
<tmpl_if name='suexec'op='==' value='y'>
# suexec enabled
SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
</tmpl_if>
# Clear PHP settings of this website
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
<tmpl_if name='php' op='==' value='mod'>
# mod_php enabled
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
# PHPIniDir <tmpl_var name='custom_php_ini_dir'>
<tmpl_if name='security_level' op='==' value='20'>
php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
-------

 

This is the template file. Can you post a real vhost (from your /etc/apache2/sites-enabled or /etc/httpd/sites-enabled directory)?

 

vi /etc/apache2/sites-enabled mydomain.si.vhost:

---
<IfModule mod_ssl.c>
###########################################################
# SSL Vhost
###########################################################

<VirtualHost xxx.xxx.xxx.xxx:443>
DocumentRoot /var/www/mydomain.si/web

ServerName www.mydomain.si
ServerAlias www.mydomain.si
ServerAdmin [email protected]

ErrorLog /var/log/ispconfig/httpd/mydomain.si/error.log

ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html

SSLEngine on
SSLCertificateFile /var/www/clients/client1/web1/ssl/www.mydomain.si.crt
SSLCertificateKeyFile /var/www/clients/client1/web1/ssl/www.mydomain.si.key

<Directory /var/www/mydomain/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory /var/www/clients/client1/web1/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# suexec enabled
SuexecUserGroup web1 client1
# Clear PHP settings of this website
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
# php as fast-cgi enabled
<IfModule mod_fcgid.c>
# SocketPath /tmp/fcgid_sock/
# IdleTimeout n (3600 seconds)
# An idle fastcgi application will be terminated after IdleTimeout seconds.
IdleTimeout 3600

# ProcessLifeTime n (7200 seconds)
# A fastcgi application will be terminated if lifetime expired, even no error is detected.
ProcessLifeTime 7200

----

 

Can you post the output of

Code:

ifconfig

?

Also, I'm getting an "Error code: ssl_error_rx_record_too_long" error when I try to visit your SSL site.

What values did you type into ISPConfig when you created the certificate?