HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   New Install mod_ssl won't listen on port 443 (http://www.howtoforge.com/forums/showthread.php?t=34186)

dpicella 27th April 2009 03:13
New Install mod_ssl won't listen on port 443
 
I just installed ISPConfig 3 and I can't get mod_ssl to listen on port 443

As far as I can tell Apache should listen to my VirtualHost directives on port 443.

I'm getting "failure to connect"

I have a dedicated IP and the csr and key files are in place. It should work. I've restarted the server and rebooted the machine. Here is the apache config section for the domain.

Code:
<IfModule mod_ssl.c>
###########################################################
# SSL Vhost
###########################################################

<VirtualHost 208.166.54.19:443>
      DocumentRoot /var/www/majella.us/web

    ServerName majella.us
    ServerAdmin webmaster@majella.us

    ErrorLog /var/log/ispconfig/httpd/majella.us/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    SSLEngine on
    SSLCertificateFile /var/www/clients/client1/web2/ssl/majella.us.crt
    SSLCertificateKeyFile /var/www/clients/client1/web2/ssl/majella.us.key

        <Directory /var/www/majella.us/web>
        Options FollowSymLinks
        AllowOverride Indexes AuthConfig Limit
        Order allow,deny
        Allow from all

        # ssi enabled
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
        Options +Includes
    </Directory>
    <Directory /var/www/clients/client1/web2/web>
        Options FollowSymLinks
        AllowOverride Indexes AuthConfig Limit
        Order allow,deny
        Allow from all

        # ssi enabled
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
        Options +Includes
    </Directory>

    # cgi enabled
        <Directory /var/www/clients/client1/web2/cgi-bin>
      Order allow,deny
      Allow from all
    </Directory>
    ScriptAlias  /cgi-bin/ /var/www/clients/client1/web2/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    # ssi enabled
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@majella.us"
    php_admin_value upload_tmp_dir /var/www/clients/client1/web2/tmp
    php_admin_value session.save_path /var/www/clients/client1/web2/tmp
    #php_admin_value open_basedir /var/www/clients/client1/web2:/usr/share/php5


</VirtualHost>
</IfModule>

till 27th April 2009 13:56
Please post the output of:

netstat -tap

dpicella 27th April 2009 14:34
ISPConfig 3 won't listen on 443 netstat -tap
 
Here is the output - Cheers!
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address              Foreign Address            State      PID/Program name 
tcp        0      0 *:imaps                    *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:pop3s                    *:*                        LISTEN      2176/dovecot       
tcp        0      0 localhost.localdomain:10024 *:*                        LISTEN      2250/amavisd (maste
tcp        0      0 localhost.localdomain:10025 *:*                        LISTEN      2338/master       
tcp        0      0 *:mysql                    *:*                        LISTEN      2153/mysqld       
tcp        0      0 *:pop3                      *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:imap                      *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:sunrpc                    *:*                        LISTEN      1701/rpcbind       
tcp        0      0 *:48080                    *:*                        LISTEN      1714/rpc.statd     
tcp        0      0 *:ftp                      *:*                        LISTEN      2370/pure-ftpd (SER
tcp        0      0 mail.jprehost.com:domain    *:*                        LISTEN      1979/named         
tcp        0      0 localhost.localdomai:domain *:*                        LISTEN      1979/named         
tcp        0      0 *:ssh                      *:*                        LISTEN      2029/sshd         
tcp        0      0 localhost.localdomain:ipp  *:*                        LISTEN      2466/cupsd         
tcp        0      0 *:smtp                      *:*                        LISTEN      2338/master       
tcp        0      0 localhost.localdomain:rndc  *:*                        LISTEN      1979/named         
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46467 ESTABLISHED 2153/mysqld       
tcp        0      0 localhost.localdomain:54467 localhost.localdomain:mysql ESTABLISHED 2368/amavisd (ch8-a
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46463 TIME_WAIT  -                 
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46468 ESTABLISHED 2153/mysqld       
tcp        0      0 localhost.localdomain:46466 localhost.localdomain:mysql ESTABLISHED 11967/smtpd       
tcp        0      0 localhost.localdomain:46464 localhost.localdomain:mysql TIME_WAIT  -                 
tcp        0      0 localhost.localdomain:46468 localhost.localdomain:mysql ESTABLISHED 11967/smtpd       
tcp        0      0 localhost.localdomain:46467 localhost.localdomain:mysql ESTABLISHED 11967/smtpd       
tcp        0      0 localhost.localdomain:40004 localhost.localdomain:mysql ESTABLISHED 2369/amavisd (ch7-a
tcp        0      0 localhost.localdomain:46465 localhost.localdomain:mysql TIME_WAIT  -                 
tcp        0    48 mail.jprehost.com:ssh      44.101.152.151.duarte:24543 ESTABLISHED 11977/0           
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:40004 ESTABLISHED 2153/mysqld       
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:46466 ESTABLISHED 2153/mysqld       
tcp        0      0 localhost.localdomain:mysql localhost.localdomain:54467 ESTABLISHED 2153/mysqld       
tcp        0      0 *:imaps                    *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:pop3s                    *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:pop3                      *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:imap                      *:*                        LISTEN      2176/dovecot       
tcp        0      0 *:sunrpc                    *:*                        LISTEN      1701/rpcbind       
tcp        0      0 *:webcache                  *:*                        LISTEN      2726/httpd         
tcp        0      0 *:http                      *:*                        LISTEN      2726/httpd         
tcp        0      0 *:ftp                      *:*                        LISTEN      2370/pure-ftpd (SER
tcp        0      0 *:ssh                      *:*                        LISTEN      2029/sshd         
tcp        0      0 *:smtp                      *:*                        LISTEN      2338/master       
tcp        0      0 localhost6.localdomain:rndc *:*                        LISTEN      1979/named         
tcp        0      0 mail.jprehost.com:http      rate-limited-proxy-20:35841 TIME_WAIT  -

dpicella 27th April 2009 14:43
netstat -tap for the newbie
 
Can't say I have much experience with this command, but the first thing I notice is that *:http is on the list but *:https is not. Assuming that is the problem, I don't know how to fix it. I Googled for it, but that wasn't much help. Seems like netstat can do a lot of really useful things!

Can't wait to find out what the heck is going on here.

falko 27th April 2009 19:10
Which distribution are you using?
Which tutorial (URL) did you use to set the server up?

dpicella 27th April 2009 20:33
ISPConfig Software Version Info
 
Software

Fedora release 10 (cambridge)
ISPConfig 3.0.1.1

yum packages all up to date

FYI ... I had the same problem with ISPConfig 2 and never did get the SSL certificates to work - "connection refused" ... although ISPConfig 2 did correctly use its SSL certificate on port 81 when it was installed.

Cheers! Thank you in advance for your help!

till 28th April 2009 09:25
SSL is not installed or not enabled on your server. Please install all packages exactly as described here:

http://www.howtoforge.com/perfect-se...10-ispconfig-3

and then update ispconfig and choose to reconfigure the services.

dpicella 29th April 2009 02:26
not listenting because mod_ssl was not installed
 
till,

I did some investigation and found that it was "mod_ssl" that was not installed.

After I installed it ... everything worked.

I feel a bit stupid that the answer was that simple, but it was!

Thank you!

# yum install mod_ssl


All times are GMT +2. The time now is 11:31.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.