HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Creating SSL crashed apache (http://www.howtoforge.com/forums/showthread.php?t=36575)

punto 16th June 2009 07:20

Creating SSL crashed apache
 
Hi,

I am trying to create an SSL certificate for a domain I am hosting and everytime I enter the certificate sent to me from Commodo and click save under ISPCONFIG it causes httpd to stop and I cannot restart it. This is from the error_log:

[Tue Jun 16 15:01:02 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:04 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:05 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:06 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
[Tue Jun 16 15:01:08 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:02:55 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

Once I delete the SSL certificate for the domain, httpd restarts instantly and we are all okay again.

I can confirm the following files are created in the SSL data directory once I input the certificate file received from Commodo and upload the bundle.

www_domain.com.ca-bundle www_domain.com.csr
www_domain.com.crt www_domain.com.key
www_domain.com.key.org


Any advice on how to get this working will be appreciated as the site is due to go live immediately.

The domain is on its own dedicated, routable IP address.

Thanks in advance
Matt

till 16th June 2009 15:16

There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.

punto 16th June 2009 21:44

Quote:

Originally Posted by till (Post 194551)
There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.

Hi Till,

No that is not the case. I uploaded the bundle through FTP to the SSL directory of the website as per the instructions on the Comodo webpage and added the apache directives.

https://support.comodo.com/index.php...264&nav=0,96,1

Please advise.

Matt

falko 17th June 2009 12:41

Any errors in the web site's error log?
What's the output of
Code:

httpd -t
?

punto 17th June 2009 14:39

Quote:

Originally Posted by falko (Post 194799)
Any errors in the web site's error log?
What's the output of
Code:

httpd -t
?

Hi Falko, output is

[punto@web ~]# httpd -t
Syntax OK


Httpd started once I deleted the created certificate. I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome.

One other thing I noticed (happened the first time httpd crashed, but not the second) was the vhosts.conf file was completely deleted (when I removed the certificate and apache crashed) and I needed to restore it from the most recent snapshot file. I did not try creating the cert request or adding the certificate file directly on the shell, it was all done through the ISPCONFIG web interface.

Thanks
Matt

falko 18th June 2009 14:19

Quote:

Originally Posted by punto (Post 194846)
I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome.

Did you check the web site's error log? It should still contain the errors of your previous attempt.

punto 19th June 2009 01:07

Quote:

Originally Posted by falko (Post 195085)
Did you check the web site's error log? It should still contain the errors of your previous attempt.

Thanks Falko, not sure why I didnt check the website's error log rather than the system's. Okay here is what appeared in the log at time of trying to save the certificate from Comodo

[Mon Jun 15 21:40:39 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:40:39 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:40:43 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:40:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:41:40 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:41:40 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:42:43 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:42:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:43:15 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:43:15 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:44:00 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:44:00 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:func(128):reason(116)
[Mon Jun 15 21:44:01 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:44:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:46:23 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:46:23 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:47:32 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:47:32 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:47:35 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:47:35 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:50 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:50 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:52 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:52 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:58 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:58 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:59 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:59 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:00:01 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:00:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:03 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:03 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:04 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:04 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:05 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:05 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:06 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:06 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:09 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:09 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:02:56 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:02:56 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h



Thanks
Matt

till 19th June 2009 08:08

Looks as if you uploaded a certificate that was not based on the csr that was created by ispconfig. This results in a mismatch of the ssl key and apache is not able to start anymore. To avoid this, take the csr (certificate signing request) that was created by ispconfig and let it sign from your ssl company and then copy the new cert that you get back into the certificate field in ispconfig and select save as action and click on save.

punto 22nd June 2009 08:00

Re-created the certificate request and all working okay now.

Thanks
Matt


All times are GMT +2. The time now is 15:39.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.