HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Apache + SSL problems (http://www.howtoforge.com/forums/showthread.php?t=56683)

xicoloco 26th March 2012 02:19

Apache + SSL problems
 
ok its the 3 rd time i get this i reinstall linux + ispconfig from scratch 3 times to see if this happen again and it does.

Well everything is fine i but when i trying out the certificate buttons on website SSL creation in some point apache stop working ...

my questions are :

there is a sequence to use the ISP interface to create the certificates without messing with him ?
i can recover the instalation so i not have to reinstall the linux itself ?



well i have tryed something i saw somewhere in forum without sucess :

root@tarik01:~# a2dissite petrolube.com.br.vhost
Site petrolube.com.br.vhost already disabled

i have disable all domains and apache stills not start ... well any clues ?

till 26th March 2012 08:33

Quote:

there is a sequence to use the ISP interface to create the certificates without messing with him ?
1) Select a IP address in the website settings.
2) Enable the ssl checkbox in the site settings.
3) Enter the details of the ssl cert, select create certificate as action.

The most likely resaon for your problem is a broken ssl certificate. This can happen if you enter chars in the ssl fields that cant be interpreted by openssl when the ssl cert is created.

Quote:

i have disable all domains and apache stills not start ... well any clues ?
Post the errors that you get on the shell and in the apache error and ssl log when you restart apache.

There is no need to reinstall Linux or reinstall ispconfig. Reinstalling ispconfig when you created already some items like websites etc can mess up your setup, so its not recommended to do that.

xicoloco 26th March 2012 13:29

when starting apache:

root@tarik01:~# /etc/init.d/apache2 restart
Restarting web server: apache2Action 'start' failed.
The Apache error log may have more information.
failed!
root@tarik01:~#

th eapace log is :

Code:

[Sun Mar 25 18:22:33 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:22:33 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:22:33 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:22:58 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:22:58 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:22:59 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:22:59 2012] [error] [client 201.94.206.149] client denied by server configuration: /etc/apache2/htd
ocs
[Sun Mar 25 18:23:02 2012] [notice] caught SIGTERM, shutting down
[Sun Mar 25 18:23:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 25 18:23:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!?
[Sun Mar 25 18:23:03 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Sun Mar 25 18:23:03 2012] [notice] Digest: generating secret for digest authentication ...
[Sun Mar 25 18:23:03 2012] [notice] Digest: done
[Sun Mar 25 18:23:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 25 18:23:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!?
[Sun Mar 25 18:23:03 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin
-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operation
s
[Sun Mar 25 18:23:07 2012] [notice] caught SIGTERM, shutting down

Let me ask i cant use self signed SSL to all virtual servers ? they mess up ?

If i have only 5 ips in rackspace for each server, there is a diferent solution to have more then one certificate in one IP ?

i am reinstalling anyway because this is one of my tests ... i will try now the cluster confg, sorry i feel very newby right now i left computers and linux back in 1999 is hard to get in shape again ...

xicoloco 29th March 2012 13:53

well today that happens again ....

Code:

[Thu Mar 29 06:42:15 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:15 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:17 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:17 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:18 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:18 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:19 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:19 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:34 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:34 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:54 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:42:54 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:43:02 2012] [notice] caught SIGTERM, shutting down
[Thu Mar 29 06:43:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 29 06:43:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!?
[Thu Mar 29 06:43:03 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Thu Mar 29 06:43:03 2012] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 29 06:43:03 2012] [notice] Digest: done
[Thu Mar 29 06:43:03 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 29 06:43:03 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!?
[Thu Mar 29 06:43:03 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Thu Mar 29 06:43:06 2012] [notice] caught SIGTERM, shutting down
[Thu Mar 29 06:43:07 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 29 06:43:07 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!?
[Thu Mar 29 06:43:07 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Thu Mar 29 06:43:07 2012] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 29 06:43:07 2012] [notice] Digest: done
[Thu Mar 29 06:43:07 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 29 06:43:07 2012] [warn] RSA server certificate CommonName (CN) `xicoloco' does NOT match server name!?
[Thu Mar 29 06:43:07 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Thu Mar 29 06:43:09 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:43:09 2012] [error] [client 189.58.110.185] client denied by server configuration: /etc/apache2/htdocs
[Thu Mar 29 06:43:10 2012] [notice] caught SIGTERM, shutting down
[Thu Mar 29 06:50:11 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
root@tarik01:~#

omg what fuk i doing wrong ????

falko 30th March 2012 10:13

Quote:

[Thu Mar 29 06:50:11 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
What's the output of
Code:

cd /etc/apache2
grep -Ri SSLCertificateFile *

?

xicoloco 1st April 2012 23:14

root@tarik01:/etc/apache2# grep -Ri SSLCertificateFile *
sites-available/ispconfig.vhost: SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
sites-available/default-ssl: # SSLCertificateFile directive is needed.
sites-available/default-ssl: SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
sites-available/default-ssl: # the referenced file can be the same as SSLCertificateFile
sites-enabled/000-ispconfig.vhost: SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
root@tarik01:/etc/apache2#

falko 2nd April 2012 09:31

Do /usr/local/ispconfig/interface/ssl/ispserver.crt and /etc/ssl/certs/ssl-cert-snakeoil.pem exist?

xicoloco 2nd April 2012 13:09

i already format this server because i panic, but i pretty sure this will happen again so we will continue on that ...

DUCKFACE 4th June 2013 16:42

i have the samoe problem
here is the apache.log
Code:

[Tue Jun 04 17:24:03 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jun 04 17:24:03 2013] [warn] RSA server certificate CommonName (CN) `Nikolay Konstantinov' does NOT match server name!?
[Tue Jun 04 17:24:03 2013] [notice] Apache/2.2.22 (Ubuntu) DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.7 PHP/5.4.9-4ubuntu2 mod_python/3.3.1 Python/2.7.4 mod_ruby/1.2.6 Ruby/1.8.7(2012-02-08) mod_ssl/2.2.22 OpenSSL/1.0.1c configured -- resuming normal operations
PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php5/cgi/conf.d/ming.ini on line 1 in Unknown on line 0

the /usr/local/ispconfig/interface/ssl/ispserver.crt and /etc/ssl/certs/ssl-cert-snakeoil.pem exists

thebrawnyman 22nd August 2013 22:54

I'm having the same issue that xicoloco was having. I ran the grep on /etc/apache2 and verified that all crt files listed in the output do exist. In this case, what would be the next thing I check?


All times are GMT +2. The time now is 10:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.