PDA

View Full Version : New Install mod_ssl won't listen on port 443


dpicella
27th April 2009, 04:13
I just installed ISPConfig 3 and I can't get mod_ssl to listen on port 443

As far as I can tell Apache should listen to my VirtualHost directives on port 443.

I'm getting "failure to connect"

I have a dedicated IP and the csr and key files are in place. It should work. I've restarted the server and rebooted the machine. Here is the apache config section for the domain.


<IfModule mod_ssl.c>
################################################## #########
# SSL Vhost
################################################## #########

<VirtualHost 208.166.54.19:443>
DocumentRoot /var/www/majella.us/web

ServerName majella.us
ServerAdmin webmaster@majella.us

ErrorLog /var/log/ispconfig/httpd/majella.us/error.log

ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html

SSLEngine on
SSLCertificateFile /var/www/clients/client1/web2/ssl/majella.us.crt
SSLCertificateKeyFile /var/www/clients/client1/web2/ssl/majella.us.key

<Directory /var/www/majella.us/web>
Options FollowSymLinks
AllowOverride Indexes AuthConfig Limit
Order allow,deny
Allow from all

# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</Directory>
<Directory /var/www/clients/client1/web2/web>
Options FollowSymLinks
AllowOverride Indexes AuthConfig Limit
Order allow,deny
Allow from all

# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</Directory>

# cgi enabled
<Directory /var/www/clients/client1/web2/cgi-bin>
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/clients/client1/web2/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
# mod_php enabled
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@majella.us"
php_admin_value upload_tmp_dir /var/www/clients/client1/web2/tmp
php_admin_value session.save_path /var/www/clients/client1/web2/tmp
#php_admin_value open_basedir /var/www/clients/client1/web2:/usr/share/php5


</VirtualHost>
</IfModule>

till
27th April 2009, 14:56
Please post the output of:

netstat -tap

dpicella
27th April 2009, 15:34
Here is the output - Cheers!
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 2176/dovecot
tcp 0 0 *:pop3s *:* LISTEN 2176/dovecot
tcp 0 0 localhost.localdomain:10024 *:* LISTEN 2250/amavisd (maste
tcp 0 0 localhost.localdomain:10025 *:* LISTEN 2338/master
tcp 0 0 *:mysql *:* LISTEN 2153/mysqld
tcp 0 0 *:pop3 *:* LISTEN 2176/dovecot
tcp 0 0 *:imap *:* LISTEN 2176/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1701/rpcbind
tcp 0 0 *:48080 *:* LISTEN 1714/rpc.statd
tcp 0 0 *:ftp *:* LISTEN 2370/pure-ftpd (SER
tcp 0 0 mail.jprehost.com:domain *:* LISTEN 1979/named
tcp 0 0 localhost.localdomai:domain *:* LISTEN 1979/named
tcp 0 0 *:ssh *:* LISTEN 2029/sshd
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2466/cupsd
tcp 0 0 *:smtp *:* LISTEN 2338/master
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 1979/named
tcp 0 0 localhost.localdomain:mysql localhost.localdomain:46467 ESTABLISHED 2153/mysqld
tcp 0 0 localhost.localdomain:54467 localhost.localdomain:mysql ESTABLISHED 2368/amavisd (ch8-a
tcp 0 0 localhost.localdomain:mysql localhost.localdomain:46463 TIME_WAIT -
tcp 0 0 localhost.localdomain:mysql localhost.localdomain:46468 ESTABLISHED 2153/mysqld
tcp 0 0 localhost.localdomain:46466 localhost.localdomain:mysql ESTABLISHED 11967/smtpd
tcp 0 0 localhost.localdomain:46464 localhost.localdomain:mysql TIME_WAIT -
tcp 0 0 localhost.localdomain:46468 localhost.localdomain:mysql ESTABLISHED 11967/smtpd
tcp 0 0 localhost.localdomain:46467 localhost.localdomain:mysql ESTABLISHED 11967/smtpd
tcp 0 0 localhost.localdomain:40004 localhost.localdomain:mysql ESTABLISHED 2369/amavisd (ch7-a
tcp 0 0 localhost.localdomain:46465 localhost.localdomain:mysql TIME_WAIT -
tcp 0 48 mail.jprehost.com:ssh 44.101.152.151.duarte:24543 ESTABLISHED 11977/0
tcp 0 0 localhost.localdomain:mysql localhost.localdomain:40004 ESTABLISHED 2153/mysqld
tcp 0 0 localhost.localdomain:mysql localhost.localdomain:46466 ESTABLISHED 2153/mysqld
tcp 0 0 localhost.localdomain:mysql localhost.localdomain:54467 ESTABLISHED 2153/mysqld
tcp 0 0 *:imaps *:* LISTEN 2176/dovecot
tcp 0 0 *:pop3s *:* LISTEN 2176/dovecot
tcp 0 0 *:pop3 *:* LISTEN 2176/dovecot
tcp 0 0 *:imap *:* LISTEN 2176/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1701/rpcbind
tcp 0 0 *:webcache *:* LISTEN 2726/httpd
tcp 0 0 *:http *:* LISTEN 2726/httpd
tcp 0 0 *:ftp *:* LISTEN 2370/pure-ftpd (SER
tcp 0 0 *:ssh *:* LISTEN 2029/sshd
tcp 0 0 *:smtp *:* LISTEN 2338/master
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 1979/named
tcp 0 0 mail.jprehost.com:http rate-limited-proxy-20:35841 TIME_WAIT -

dpicella
27th April 2009, 15:43
Can't say I have much experience with this command, but the first thing I notice is that *:http is on the list but *:https is not. Assuming that is the problem, I don't know how to fix it. I Googled for it, but that wasn't much help. Seems like netstat can do a lot of really useful things!

Can't wait to find out what the heck is going on here.

falko
27th April 2009, 20:10
Which distribution are you using?
Which tutorial (URL) did you use to set the server up?

dpicella
27th April 2009, 21:33
Software

Fedora release 10 (cambridge)
ISPConfig 3.0.1.1

yum packages all up to date

FYI ... I had the same problem with ISPConfig 2 and never did get the SSL certificates to work - "connection refused" ... although ISPConfig 2 did correctly use its SSL certificate on port 81 when it was installed.

Cheers! Thank you in advance for your help!

till
28th April 2009, 10:25
SSL is not installed or not enabled on your server. Please install all packages exactly as described here:

http://www.howtoforge.com/perfect-server-fedora-10-ispconfig-3

and then update ispconfig and choose to reconfigure the services.

dpicella
29th April 2009, 03:26
till,

I did some investigation and found that it was "mod_ssl" that was not installed.

After I installed it ... everything worked.

I feel a bit stupid that the answer was that simple, but it was!

Thank you!

# yum install mod_ssl