SSL cert configured / created but not served, default SSL cert used only
We've been working with ISPconfig 220.127.116.11 and CentOS 6.3 with Apache.
We have duplicated this issue on more than one installation.
Issue is as follows:
- ISPconfig control panel configured with SSL on port 8080
- New SSL cert created or existing imported
- Website configured for SSL and assigned to a specific IP
Despite all the above, the self signed cert created and used for ISPConfig on port 8080 is served up for the configured website and not the cert created or imported for that specific site.
What does work as a hack is to replace the self signed cert normally located in /etc/pki/tls/certs and /etc/pki/tls/private but obviously this does not scale. Another hack is to modify /etc/httpd/conf.d/ssl.conf.
Have also reviewed the ISPConfig manual and not found any further data on this.
Would appreciate any advice on resolving this issue.
Try to check if other website is using * instead ip addresses
Unfortunately that did not resolve the issue.
We have several servers running ispconfig3 all running CentOS 6. Some have this problem and some do not. We have looked extensively and not found what the difference/cause is.
We just deployed two new servers, one behaves as expected, the other exhibits the following behavior:
http://www.domain.com -- correct site served
https://www.domain.com -- default site - apache test page served, also cert used is the self signed cert used by ispconfig on port 8080
In grepping the vhosts files in /etc/httpd/conf/sites-available for the string '443' the only hit is on the ispconfig vhosts file.
We had to deploy a site so we manually modified our domain.com.vhost file and added a section starting with <VirtualHost IP:443>
The contents of that section was a duplicate of the <VirtualHost IP:80> section with the addition of SSLEngine on and the various SSL file statements within the <IfModule mod_ssl.c> section.
Further modifications to that website within ispconfig did not overwrite the above change.
This resolved the issue but we don't really understand why this and the other described symptoms happen.
We've perused the ispconfig 3 manual and did not find anything there that would explain this.
We found some other threads that describe this behavior that do not have a described resolution (or not one that worked for us) including:
Would appreciate any input on this.
As mentioned in other threads, modifying the domain.com.vhost file is not workable as the changes will be overwritten.
Instead we have created an additional ssl-domain.com.vhost file which seems to work OK on a temporary basis.
Thanks in advance to anyone who might shed some light on resolving this.
In ISPConfig 3.0.5, it will be possible to import an existing certificate.
That's good to hear however in this last instance the SSL cert was created and managed entirely in ispconfig and not imported. Also, the issue in this recent case goes beyond just the cert itself as https requests to the site in question reached the apache test page instead due to the missing content that had to be included in the httpd.conf. We had to manually work around this.
Also, in other cases we created the cert in ispconfig and then replaced the files as described in the manual -- however in some cases apache would simply persistently serve the self signed cert used for ispconfig ui on port 8080 no matter what we did. In other cases this did not happen and all was well.
Would be great if some light could be shed on this.
|All times are GMT +2. The time now is 05:07.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.