View Single Post
Old 15th June 2013, 21:58
zenny zenny is offline
Senior Member
Join Date: Nov 2006
Posts: 178
Thanks: 21
Thanked 7 Times in 7 Posts

Originally Posted by till View Post
If you riún multiple sites on that same IP, then ensure that all sites use the IP and dont mix * and IP.
This is a completely new installation and only with two domains created to check whether SNI works by default. So all sites use the IP. Still no go.

This means that there is no ssl vhost or a broken ssl cert.You can e.g. try to recreate the ssl cert trough ispconfig, ensure that you dont use any special chars in the ssl cert detail fields as this might cause openssl to fail to create the cert.
Recreated the cert with ISPConfig3 panel, yet no go.

When tried to access the ssl site, Apache2 error.log shows as of below:

[Sat Jun 15 18:45:10 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jun 15 18:45:10 2013] [notice] Apache/2.2.22 (Debian) DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.6 PHP/5.4.4-14 mod_python/3.3.1 Python/2.7.3 mod_ruby/1.2.6 Ruby/1.8.7(2012-02-08) mod_ssl/2.2.22 OpenSSL/1.0.1e configured -- resuming normal operations
[Sat Jun 15 18:45:10 2013] [error] [client] client denied by server configuration: /var/www/
[Sat Jun 15 18:45:11 2013] [error] [client] client denied by server configuration: /var/www/
[Sat Jun 15 18:45:37 2013] [error] [client] client denied by server configuration: /var/www/
And the browser reports "(Error code: ssl_error_rx_record_too_long)"

Where did I go wrong?
Reply With Quote