Hello, I changed domain name inside of the billing module from one domain to another domain 2-3 months ago. I'm not sure if change caused the issue. SSL Certificate works on https://mydomain.com, SSL Certificate doesn't work on port 8080 - https://mydomain.com:8080/ When I create an invoice in Billing Module and when my client clicks on the link https://mydmain.com:8080/billing/payments/pay.php?id=7dfeb87e5350db1f72aec520f163cc10 they get the following: Your connection is not private Attackers might be trying to steal your information from mydomain.com (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID PEM encoded chain:-----BEGIN CERTIFICATE----- MIIF+TCCA+GgAwIBAgIJAPxyk/mafEoDMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD VQQGEwJVUzELMAkGA1UECAwCSUwxEDAOBgNVBAcMB0NoY2lhZ28xFTATBgNVBAoM DEJsdWUgU2lnbmFsczELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2JsdWVzaWduYWxz LmNvbTEmMCQGCSqGSIb3DQEJARYXc3VwcG9ydEBibHVlc2lnbmFscy5jb20wHhcN MTcxMDI4MDQxODQ0WhcNMjcxMDI2MDQxODQ0WjCBkjELMAkGA1UEBhMCVVMxCzAJ -----END CERTIFICATE----- I'm looking on advice on how to fix the issue. Thanks in advance
I assume you are using a valid SSL cert and not a self-signed cert. Then most likely the SSL chain/bundle certificates for the SSL authority you used are not configured in the ispconfig.vhost file.
I'm using Lets Encrypt SSL. How to configure ispconfig.vhost? I see the following lines in my /etc/apache2/sites-available/ispconfig.vhost # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
/etc/apache2/sites-available/ispconfig.vhost I removed # from #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle Got error SSLCACertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.bundle' does not exist or is empty File ispserver.bundle was empty, I've added SSL Bundle from SSL tab of my website to /usr/local/ispconfig/interface/ssl/ispserver.bundle restarted Apache, same issue "Your connection is not private"
The ssl bundle must be the one from letsencrypt if you are using a letsencrypt ssl cert for the ispconfig UI.
Do I need to implement Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ to fix the issue? Will Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate affect mail postfix/dovecot, would my clients have to modify settings on their devices to make the mail work again.
1st fail* https://www.howtoforge.com/community/threads/pfs-letsencrypt-for-postfix-dovecot-pureftpd.77499/ defnitly works for me, there may be better tricks on your mentioned thread, don't know. Well yeah depending on how you configure dovecot ( using SNI or not ) your users would of course need to use whichever domain [theservice] handles valid ssl on. 2nd fail* ah wrong topic https://www.howtoforge.com/communit...-enigma-munin-phpmyadmin-using-php-fpm.77489/ was what I actually meant, if u change ISPConfig cert, it won't change operation of dovecot/postfix... final answer not my day ... forget my links ... I really thought I had this covered, too ^^ *) kept for reference, just cleaning up to make 3 to 1 post
