View Single Post
  #1  
Old 5th October 2010, 09:42
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 213
Thanked 648 Times in 294 Posts
Exclamation Problems with installing SSL-certifates on ISPConfig3 slaveservers

Dear Till,
Within these forums i can see that several persons do have problems with installing a SSL-certifcate for their website which are hosted on their ISPConfig3 server. Also do i and it causes me pain in my head.

I try to explain what happens:
I have a cluster of 6 ISPConfig3 servers (2 machines, 3 on each machine). These servers are all XEN VMs
Every ISPConfig3 server (of course) has its own IP-address. On the master ISPConfig3 server i use some additional IP-addresses as well for the websites whith Comodo SSL-certifaces. This works excellent.
However, when i define additional IP-addresses with version within ISPConfig3.0.2.2 it goes wrong.
I mentioned this already before within thread http://www.howtoforge.com/forums/sho...hlight=3.0.2.2.
After modifying the file /etc/network/interfaces again, i installed the website with a dedicated (additional) IP-address (not *) on the slave server.
And yes i know which steps to take as i did this procedure many times.
After installing the Comodo SSL-certicate everything is up and running, so thats good....alt least for a while.
After some time Firefox shows me the error at http://www.example.tld "It works" and at https://www.example.tld ssl_error_rx_record_too_long. After some time everything is normal again, which means the site is up and running.

First i thought: probably i did something wrong, maybe an DNS issue, but no. Also the vhosts where fine!
I repeated all the steps 3 times for 2 websites with a SSL-certicate but the problem remains.

After all, i decided to change the IP-addresses of the websites with SSL-certicates into the same IP-address of the host, which are the same IP-address of the slave ISPConfig3 servers.
That worked and keeps working. The sites with SSL-certicates keeps up and running.

On the master ISPConfig3 server i use websites with additional IP-addresses with SSL-certicates as well. No problems on the master server.
However, the same result on the slave servers when additional IP-addresses is NOT possible.

I want to ask you to have a look at this, because this is really not nice!
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
Sponsored Links