HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   *:443 not reachable? (http://www.howtoforge.com/forums/showthread.php?t=60097)

SparkyRih 3rd January 2013 17:16

*:443 not reachable?
 
I've read a lot of threads o nthis forum, but non of them have a clear answer for my issue...

So I have a SSL certificate, installed it for one of my websites in the ISPConfig 3 contorlpanel... I also enabled SSL on the main config screen of the website...

But whenever I go to https://domain.nl(:443) IE gives me the error:


Internet Explorer cannot display the webpage.

/etc/apache2/apache2.conf is listening to port 443... but why is it still not working?

ChrisZ 3rd January 2013 22:04

This is the only thing I can think of off the top of my head. Did you specify "443" when ISPConfig asked which port to make the interface available on?

Chris

SparkyRih 3rd January 2013 22:37

Quote:

Originally Posted by ChrisZ (Post 290304)
This is the only thing I can think of off the top of my head. Did you specify "443" when ISPConfig asked which port to make the interface available on?

Chris

Good question...
Where can I check this?

ChrisZ 3rd January 2013 23:51

http://www.howtoforge.com/forums/showthread.php?t=42519

Quote:

Originally Posted by gkot (Post 215638)
edit

etc/apache2/sites-available/ispconfig.vhost

change line 7-10 to
Code:

Listen 8080
NameVirtualHost *:8080

<VirtualHost _default_:8080>

login SSH to reboot apache
Code:

/etc/init.d/apache2 restart

I hope this helps! :)

SparkyRih 4th January 2013 08:16

I guess you misunderstand my issue...
I'm able to login to the ISPConfig control panel (over port 8080, with an unsigned certificate, I'm fine with that)...

I'm trying to add an SSL certificate to one of the websites which is hosted on that server via ISPConfig...
The settings in ISPConfig seem right, I pasted the SSL cert into the second large field on the SSL tab of the website (including the ---begin, end--- delimiters), I enabled SSL on the main tab of that website, and if I go to my FTP server I can see that it did save the *.crt file correctly in the /ssl folder (if I open the file, it is the certificate signed by GeoTrust)...

I also tried to add this directive via ISPConfig

SSLCertificateChainFile /var/www/domain.ext/ssl/domain.ext.crt

After saving, when I go to the /etc/apache2/sites-availabledomain.ext.vhost I can see that that directive is presont on the last line (within the vhost tags)
I still end up with IE not being able to open any page (if I use https, http is fine)...

Edit: also tried editing the vhost tag from *:80 to *:443 or ext.ip.address:443 orr just *)...but nothing...

till 4th January 2013 08:40

Please do not edit any of the apache config files manually, if you did any changes already, undo them as tehy will prevent the ssl website to work later. The procedure to install a ssl certificate in a website is:

1) Select the IP address in the site settings instead of *. If the IP does not show up, add it under System > Server IP.
2) Enable the ssl checkbox in the site settings.
3) Create a ssl certificate on the ssl certificate tab. If you have already created a cert that does not work, then delete this cert by selecting delete as action and press on save before you create a new ssl cert. Now test that the ssl site works with the self signed ssl cert.
4) If you want to use a signed ssl cert, then use the csr that ispconfig shows in the first field. Dont use any other csr as the crt and key will not match later and the sl site will fail.

SparkyRih 4th January 2013 09:05

Config is back to defaults...

Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...

But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...

Apache gives this error though: [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

But that's probably pretty much the same thign as you're telling me, but I thought maybe it's still usefull for anyone...

Edit: I did do what you told me, I added the fixed IP instead of the *, enabled SSL, createda a self signed certificate via the SSL tab, saved it, still nothing...

till 4th January 2013 09:26

Quote:

Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...
Just dont mix * and IP. If you switch all sites to use the IP, it will work again.

Quote:

But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...
Then you will have to replace cert and key manually in the ssl folder. But the ssl authority should also resign your cert for free based on the csr created in ispconfig. Thats nemed rekeying.

Quote:

Edit: I did do what you told me, I added the fixed IP instead of the *, enabled SSL, createda a self signed certificate via the SSL tab, saved it, still nothing...
Did you delete the cert before you created a new one?

SparkyRih 4th January 2013 10:10

I got it to work for a minute with a self signed cert, but when I try te add my own cert (replacing the key manually) it does not work anymore...

The virtualhost with ip:443 was added (by ISPConfig) in the vhosts file of the website, but now the virtual host is not created anymore...

1. Created self signed cert: working

After this
1. Deleted the self signed certificate
2. Inserted the real certificate data in the certificate field, saved (gave the system some time, and waited for the *.crt file to appear in the ssl folder)...
3. added the www.domain.ext.key file manually to the ssl dir...

Edit: So it works now, agian with a self signed cert, now I replaced the files in the ssl dir, but it keeps using the self signed cert...

Edit 2: Got it... I removed al the certs from the ssl dir, and uploaded my own stuff, now it takes the signed certificate... and it just works perfect :)

Thanks for the help!

ChrisZ 4th January 2013 14:41

Quote:

Originally Posted by SparkyRih (Post 290323)
I guess you misunderstand my issue...

Yes, I sure did. I'm sorry. I actually thought, at first, that's what you meant and then read it again. :)


All times are GMT +2. The time now is 04:17.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.