View Single Post
  #1  
Old 8th November 2011, 15:12
zenny zenny is offline
Senior Member
 
Join Date: Nov 2006
Posts: 177
Thanks: 21
Thanked 7 Times in 7 Posts
Unhappy Problem after grading to 3.0.4

As instructed by Till (http://www.howtoforge.com/forums/sho...3&postcount=40) I am creating this new thread (similar to http://www.howtoforge.com/forums/sho...4&postcount=38 and http://www.howtoforge.com/forums/sho...4&postcount=40).


Since ISPConfig 3.0.4 supports SNI, I upgraded but the upstream CentOS5 repository does not provide Apache above 2.2.12 and Openssl-0.9.8f upwards. So I manually compiled the binaries from source and upgraded to Apache 2.2.21 and 1 with backward compatibility to 0.9.8f.


But when I tried to create a ssl certificate from the ISPCOnfig3 panel, it goes well but nothing seems to have been created as the SSL Certificate field not only remained blank, but the webserver died. Or I just missed something.

The error log follows:

Quote:
# tail -n 50 /var/log/httpd/error_log
[Mon Nov 07 03:27:07 2011] [notice] Digest: done
[Mon Nov 07 03:27:08 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 03:27:08 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 03:27:08 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Mon Nov 07 04:04:20 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Mon Nov 07 10:10:35 2011] [notice] caught SIGTERM, shutting down
[Mon Nov 07 10:10:35 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(26991) exit(shutting down), terminated by calling exit(), return code: 0
[Mon Nov 07 10:10:36 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Nov 07 10:10:36 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 10:10:36 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 10:10:36 2011] [notice] Digest: generating secret for digest authentication ...
[Mon Nov 07 10:10:36 2011] [notice] Digest: done
[Mon Nov 07 10:10:37 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 10:10:37 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 10:10:37 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Mon Nov 07 10:34:42 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 00:36:44 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:36:44 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(19240) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 00:36:45 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:36:46 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:36:46 2011] [notice] Digest: done
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:36:47 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:37:50 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 00:42:43 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:42:43 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(11177) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 00:42:44 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
Use of uninitialized value in alarm at /usr/local/ispconfig/server/scripts/vlogger line 538.
[Tue Nov 08 00:42:45 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:42:45 2011] [notice] Digest: done
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:42:45 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:51:02 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:51:03 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:51:04 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:51:04 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:51:04 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:51:04 2011] [notice] Digest: done
[Tue Nov 08 00:51:05 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:51:05 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:51:05 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:52:06 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:52:07 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:52:10 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
Please note that in Centos5, I patched the libraries from Version 6 openssl.

Quote:
# openssl version -a
OpenSSL 1.0.0d-fips 8 Feb 2011
built on: Mon Nov 7 23:51:57 CET 2011
platform: linux-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORT$
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic
I saw this thread (http://www.howtoforge.com/forums/showthread.php?t=41597) and to solve above problem, I tried with:

1) replacing the httpd.conf from the previous installation, didn't work! :-(
2) removing the NameVirutalhost:*.80 NameVirtualhost: *.443 and Include lines and changed the Directory to /var/www from default /var/www/html, the webserver starts, but gave me the default apache index pages to my domains.
3) So I did 'php -q update' with new ssl certificate, but when it reconfigures services, the running webserver segfaults.
4) Also tried to disable default certificates in /etc/httpd/conf.d/ssl.conf, but it prevents the server from starting.

Any hints or help appreciated! Thanks!
Reply With Quote
Sponsored Links