#1  
Old 16th June 2009, 07:20
punto punto is offline
Member
 
Join Date: Jul 2006
Posts: 84
Thanks: 12
Thanked 2 Times in 1 Post
Default Creating SSL crashed apache

Hi,

I am trying to create an SSL certificate for a domain I am hosting and everytime I enter the certificate sent to me from Commodo and click save under ISPCONFIG it causes httpd to stop and I cannot restart it. This is from the error_log:

[Tue Jun 16 15:01:02 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:04 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:05 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:06 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
[Tue Jun 16 15:01:08 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:02:55 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

Once I delete the SSL certificate for the domain, httpd restarts instantly and we are all okay again.

I can confirm the following files are created in the SSL data directory once I input the certificate file received from Commodo and upload the bundle.

www_domain.com.ca-bundle www_domain.com.csr
www_domain.com.crt www_domain.com.key
www_domain.com.key.org


Any advice on how to get this working will be appreciated as the site is due to go live immediately.

The domain is on its own dedicated, routable IP address.

Thanks in advance
Matt

Last edited by punto; 16th June 2009 at 13:47.
Reply With Quote
Sponsored Links
  #2  
Old 16th June 2009, 15:16
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,082
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 16th June 2009, 21:44
punto punto is offline
Member
 
Join Date: Jul 2006
Posts: 84
Thanks: 12
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by till View Post
There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.
Hi Till,

No that is not the case. I uploaded the bundle through FTP to the SSL directory of the website as per the instructions on the Comodo webpage and added the apache directives.

https://support.comodo.com/index.php...264&nav=0,96,1

Please advise.

Matt
Reply With Quote
  #4  
Old 17th June 2009, 12:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Any errors in the web site's error log?
What's the output of
Code:
httpd -t
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 17th June 2009, 14:39
punto punto is offline
Member
 
Join Date: Jul 2006
Posts: 84
Thanks: 12
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by falko View Post
Any errors in the web site's error log?
What's the output of
Code:
httpd -t
?
Hi Falko, output is

[punto@web ~]# httpd -t
Syntax OK


Httpd started once I deleted the created certificate. I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome.

One other thing I noticed (happened the first time httpd crashed, but not the second) was the vhosts.conf file was completely deleted (when I removed the certificate and apache crashed) and I needed to restore it from the most recent snapshot file. I did not try creating the cert request or adding the certificate file directly on the shell, it was all done through the ISPCONFIG web interface.

Thanks
Matt
Reply With Quote
  #6  
Old 18th June 2009, 14:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by punto View Post
I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome.
Did you check the web site's error log? It should still contain the errors of your previous attempt.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 19th June 2009, 01:07
punto punto is offline
Member
 
Join Date: Jul 2006
Posts: 84
Thanks: 12
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by falko View Post
Did you check the web site's error log? It should still contain the errors of your previous attempt.
Thanks Falko, not sure why I didnt check the website's error log rather than the system's. Okay here is what appeared in the log at time of trying to save the certificate from Comodo

[Mon Jun 15 21:40:39 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:40:39 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:40:43 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:40:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:41:40 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:41:40 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:42:43 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:42:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:43:15 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:43:15 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:44:00 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:44:00 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:func(128):reason(116)
[Mon Jun 15 21:44:01 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:44:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:46:23 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:46:23 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:47:32 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:47:32 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:47:35 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:47:35 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:50 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:50 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:52 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:52 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:58 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:58 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:59 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:59 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:00:01 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:00:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:03 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:03 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:04 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:04 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:05 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:05 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:06 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:06 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:09 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:09 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:02:56 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:02:56 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h



Thanks
Matt
Reply With Quote
  #8  
Old 19th June 2009, 08:08
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,082
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Looks as if you uploaded a certificate that was not based on the csr that was created by ispconfig. This results in a mismatch of the ssl key and apache is not able to start anymore. To avoid this, take the csr (certificate signing request) that was created by ispconfig and let it sign from your ssl company and then copy the new cert that you get back into the certificate field in ispconfig and select save as action and click on save.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
punto (22nd June 2009)
  #9  
Old 22nd June 2009, 08:00
punto punto is offline
Member
 
Join Date: Jul 2006
Posts: 84
Thanks: 12
Thanked 2 Times in 1 Post
 
Default

Re-created the certificate request and all working okay now.

Thanks
Matt
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
problems with suexec gobokster Installation/Configuration 7 7th May 2009 13:33
SSL "connection interrupted" apache not listening on 443 yuro Installation/Configuration 10 28th October 2008 14:42
CENTOS 5 Ping Problem gAnDo Server Operation 11 28th March 2008 20:58
ISPConfig 2.2.14 released till General 48 19th July 2007 23:46
Problem with the installation of Dokeos (LMS) in ISPConfig jofranco General 4 28th April 2006 00:45


All times are GMT +2. The time now is 17:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.