HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=18)
-   -   SSL on ISPconfig3 not working (http://www.howtoforge.com/forums/showthread.php?t=30276)

novaflash 13th January 2009 10:37

SSL on ISPconfig3 not working
 
Well, at least not for me.

I am running Debian Etch 4.0 and I installed ISPconfig3 but for some reason when I access https://192.168.47.104:8080/ I get the error message: (in firefox)

SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

I tried googling around a bit for this error but it seems it's somewhere in the Apache2 configuration. I looked around in the vhosts files and couldn't find a mention of an SSL module anywhere. Only in mods-enabled I found a mention of ssl.conf and ssl.load.

Any help on how to proceed from here? I figure messing with the apache2 configuration files won't help me since they'll most likely be rewritten by ISPconfig 3 the moment I make a change using the panel. (I can access it via http://192.168.47.104:8080, without SSL)

I also tried adding a new site, added the domainname to my local hosts file so I could access it, and it works. But again, when I check the box for SSL support and generate a certificate, it won't work and give me the same error as mentioned above.

skeldof 13th January 2009 15:10

Port 8080 is not SSL, hence why https won't work. The ISPConfig panel is not SSL at all. There is no SSL option for the main panel.

Creating (and then accessing) a working SSL website is an unrelated issue. What port were you trying to access the site on? Or just https://newsite.tld/ ? How was it configured in ispconfig3?

mikey169 13th January 2009 17:50

i'm in trouble with similar problems...

first.. how did you manage to get the "ssl_error_rx_record_too_long" error?
to get there.. i needed to add a "Listen 443" in ports.conf and then restart the apache2-service..

why does ispconfig3 this not automatically?

now, i finally got a site working by editing the sites-enabled/000-default
i changed line 1 and 2

old:
Code:

NameVirtualHost *
<VirtualHost *>

new:
Code:

NameVirtualHost localhost
<VirtualHost localhost>

then some error-messages at apache2-start dissappeared and the https://domain.tld worked well..

but i am still asking myself why these two changes in config-files cannot be done by ispconfig3?

also i would like to know how to get the ispconfig3-panel working under https...

*EDIT*

now i got ispconfig3-panel over https working!

from every site i removed ssl-options and then i added the following lines to /etc/apache2/sites-available/ispconfig.vhost

Code:

<IfModule mod_ssl.c>
###########################################################
# SSL Vhost
###########################################################
Listen 443
<VirtualHost *:443>
    DocumentRoot /usr/local/ispconfig/interface/web

    SSLEngine on
    SSLCertificateFile /path/to/certificate/theCertFile.crt
    SSLCertificateKeyFile /path/to/key/theKeyFile.key

</VirtualHost>
</IfModule>

it works, but it seems to me that it is not a very clean solution..

vogelor 20th January 2009 22:35

Quote:

Originally Posted by mikey169 (Post 164421)
from every site i removed ssl-options and then i added the following lines to /etc/apache2/sites-available/ispconfig.vhost

it is even better to create a new ispconfig.vhost-file (for example) my_ispconfig.vhost and then adapt the LINK in the sites-enabled directory to this new file instead of the original file. The reason to do this is that every update replaces the "old" ispconfig.vhost with a "new" file generated by the setup (so you loose your changes). But the LINK is not recreated. this means you will not lose any changes if you update your installation!

vogelor 20th January 2009 22:38

Quote:

Originally Posted by skeldof (Post 164391)
Port 8080 is not SSL, hence why https won't work.

This is not 100% correct. If you enable the ssl-engine at this port (inside the vhost-file), SSL will work at this port too - but this is NOT the default setting, so SSL will not work at this port if you don#t change it ...


All times are GMT +2. The time now is 06:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.