View Single Post
Old 10th June 2009, 13:52
wxman wxman is offline
Senior Member
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts

Originally Posted by till View Post
Your problem is that you added a ssl certificate tht was not based on the csr created by ispconfig, so the private keys dont matched and apache was not able to start namyore. You have to reissue the certificate and this time use the csr that was created by ispconfig to create the signed certificate.
I did use the CSR created by ISPConfig. When I first went to the domain settings on ISPConfig, there was nothing in the CSR box. I told it to create certificate. It made the CSR which I used to get a standard certificate at Godaddy. They sent me the cert for the domain, and the bundle. I went back to ISPConfig and there was a certificate now showing in both the CSR and SSL Certificate boxes. I replaced the one in the SSL Certificate box with the SSL certificate that was issued, pasted the bundle into the SSL bundle box, then told it to 'save certificate'. That's when it froze. I wasn't sure if I was supposed to replace the showing cert in the SSL Certificate box with the one they issued or not.

Also. I'm not clear on the IP address. The web server is behind a load balancer, which is behind a router. I have 5 IP addresses, and one of them is now routed to the local address at the load balancer. ISPConfig server IP is set to local address of the load balancer.
I would like to use the public IP I'm using now for the first certificate, but I expect at least two more sites will need them. Do I just add more IP's the "Edit Server IP" section?

Here's an even bigger question. I don't know how I missed it, but HAProxy can't do SSL. I'm told that I need to install apache and mod_ssl on my LB' nodes. First I have to find a how-to for that. But that made me wonder now where the certificates get installed.
I'm really wondering if I should do away with haproxy, get rid of the LB nodes, and just run heartbeat on the server to do failover.

Last edited by wxman; 10th June 2009 at 18:54.
Reply With Quote