HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Problem with RapidSSL + ISPConfig 3 + OpenVZ + Debian + MyDNS (http://www.howtoforge.com/forums/showthread.php?t=60755)

spanish 1st March 2013 07:22

Problem with RapidSSL + ISPConfig 3 + OpenVZ + Debian + MyDNS
 
Hello,

I have:
OVH dedicated server with Debian 6 + Proxmox 2. IP = 0.0.0.0
OpenVZ VM with Debian 6 (kernel 2.6.32-16-pve), ISPConfig 3.0.4.2, Apache 2.2.16 and MyDNS 1.2.8.27. IP = 1.1.1.1
Last version of CSF+LFD installed on both machines (with IP 2.2.2.2 allowed).

ISPConfig 3 is working for several years with a RapidSSL Wildcard certificate installed manually like default-ssl. This certificate is associated to domain1.es and IP 1.1.1.1

Now, I want use a standard RapidSSL in domain2.es (whose DNS are configured in OVH Manager).

I bought a OVH IPv4 FailOver (IP = 2.2.2.2).

I added IP 2.2.2.2 to my interfaces and I restarted my network (following the Manual's chapter How Do I Manually Configure New IP Addresses On My System?):
# vi /etc/network/interfaces
...
auto venet0:1
iface venet0:1 inet static
address 2.2.2.2
netmask 255.255.255.255

# ifconfig
...
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:2.2.2.2 P-t-P:2.2.2.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1


I added 2.2.2.2 to ISPConfig 3 (System -> Server IP Addresses):
Type: IPv4
IP Address: 2.2.2.2
HTTP NameVirtualHost: yes
HTTP Ports: 80,443


I created the DNS zone of domain2.es and change 1.1.1.1 records to 2.2.2.2

I created the website of domain2.es:
IPv4: 2.2.2.2
Auto-Subdomain: None or www (I tested both)
SSL: Yes


I filled the SSL fields (with a-z characters), selected "Create certificate" and saved.

And I restarted Apache & MyDNS.

At this moment:
http://domain2.es displays http://domain1.es (like a domain alias).
https://domain2.es says Forbidden. You don't have permission to access / on this server.

# tail -f /var/log/apache2/error.log
[...] [error] [...] client denied by server configuration: /var/www/domain2.es/web/

No error in:
/var/log/apache2/ssl_error.log
/var/log/ispconfig/httpd/domain2.es/error.log

Any idea?

Thanks!

Manuel

spanish 2nd March 2013 02:47

Here is the problem:
Quote:

Originally Posted by spanish (Post 292963)
I added IP 2.2.2.2 to my interfaces and I restarted my network (following the Manual's chapter How Do I Manually Configure New IP Addresses On My System?):
# vi /etc/network/interfaces
...
auto venet0:1
iface venet0:1 inet static
address 2.2.2.2
netmask 255.255.255.255

Following Till (Your server is a vserver, so you can not configure the network from within the virtual machine. The network is configured on the host server.), I added IPv4 2.2.2.2 on host server:

Login Proxmox -> Datacenter -> My Dedicated Server (0.0.0.0) -> My OpenVZ VM (1.1.1.1) -> Network -> Add -> IP address (venet) -> IP address: 2.2.2.2 -> Add

Now, http and https are OK (SSL self-signed, at the moment).

:)

spanish 4th March 2013 12:30

After consume all reissues of first RapidSSL certificate, I managed to run a second RapidSSL certificate following these steps:
  1. Run self-signed SSL certificate (view supra).
  2. Generate RapidSSL CRT using our CSR and selecting Apache 2 option.
  3. Check match CRT&CSR and CRT&Key (for example, in http://sslchecker.com/matcher). You may have to wait a while (in my case, the first time CRT&CSR was OK but CRT&Key was KO) (after a while, both were well).
  4. In ISPConfig 3 Administration Panel, go to SSL tab, delete the self-signed CRT and paste the RapidSSL CRT in SSL Certificate field, select Save Certificate in SSL Action dropdown and click Save buttom.
I think the keys are:
  1. Select Apache 2 option in step 2.
  2. Wait for all match in step 3 before do step 4.
Regards,

Manuel

spanish 6th March 2013 19:19

Quote:

Originally Posted by spanish (Post 293083)
Login Proxmox -> Datacenter -> My Dedicated Server (0.0.0.0) -> My OpenVZ VM (1.1.1.1) -> Network -> Add -> IP address (venet) -> IP address: 2.2.2.2 -> Add

Be sure to restart Host after this (if not, you will have a network problem on the VM).


All times are GMT +2. The time now is 14:15.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.