Navigation

punto · #1 16th June 2009, 07:20

Hi,

I am trying to create an SSL certificate for a domain I am hosting and everytime I enter the certificate sent to me from Commodo and click save under ISPCONFIG it causes httpd to stop and I cannot restart it. This is from the error_log:

[Tue Jun 16 15:01:02 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:04 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:05 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:01:06 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
[Tue Jun 16 15:01:08 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 16 15:02:55 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

Once I delete the SSL certificate for the domain, httpd restarts instantly and we are all okay again.

I can confirm the following files are created in the SSL data directory once I input the certificate file received from Commodo and upload the bundle.

www_domain.com.ca-bundle www_domain.com.csr
www_domain.com.crt www_domain.com.key
www_domain.com.key.org

Any advice on how to get this working will be appreciated as the site is due to go live immediately.

The domain is on its own dedicated, routable IP address.

Thanks in advance
Matt

till · #2 16th June 2009, 15:16

There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.

punto · #3 16th June 2009, 21:44

Quote:

Originally Posted by till

There is no option to upload a bundle certificate in ispconfig 2, so you must have added the bundle to a wrong field.

Hi Till,

No that is not the case. I uploaded the bundle through FTP to the SSL directory of the website as per the instructions on the Comodo webpage and added the apache directives.

https://support.comodo.com/index.php...264&nav=0,96,1

Please advise.

Matt

falko · #4 17th June 2009, 12:41

Any errors in the web site's error log?
What's the output of

Code:

httpd -t

?

punto · #5 17th June 2009, 14:39

Quote:

Originally Posted by falko

Any errors in the web site's error log?
What's the output of

Code:

httpd -t

?

Hi Falko, output is

[punto@web ~]# httpd -t
Syntax OK

Httpd started once I deleted the created certificate. I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome.

One other thing I noticed (happened the first time httpd crashed, but not the second) was the vhosts.conf file was completely deleted (when I removed the certificate and apache crashed) and I needed to restore it from the most recent snapshot file. I did not try creating the cert request or adding the certificate file directly on the shell, it was all done through the ISPCONFIG web interface.

Thanks
Matt

falko · #6 18th June 2009, 14:19

Quote:

Originally Posted by punto

I could go through the process again (have tried twice already) if you think it neccessary, but it is a live webserver with 50+ domains so any downtime is not welcome.

Did you check the web site's error log? It should still contain the errors of your previous attempt.

punto · #7 19th June 2009, 01:07

Quote:

Originally Posted by falko

Did you check the web site's error log? It should still contain the errors of your previous attempt.

Thanks Falko, not sure why I didnt check the website's error log rather than the system's. Okay here is what appeared in the log at time of trying to save the certificate from Comodo

[Mon Jun 15 21:40:39 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:40:39 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:40:43 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:40:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:41:40 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:41:40 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:42:43 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:42:43 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_k
ey:key values mismatch
[Mon Jun 15 21:43:15 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:43:15 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:44:00 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:44:00 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:func(128):reason(116)
[Mon Jun 15 21:44:01 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:44:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:46:23 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:46:23 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:47:32 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:47:32 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Mon Jun 15 21:47:35 2009] [error] Unable to configure RSA server private key
[Mon Jun 15 21:47:35 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:50 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:50 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:52 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:52 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:58 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:58 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 14:59:59 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 14:59:59 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:00:01 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:00:01 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:03 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:03 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:04 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:04 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:05 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:05 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:06 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:06 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:01:09 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:01:09 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h
[Tue Jun 16 15:02:56 2009] [error] Unable to configure RSA server private key
[Tue Jun 16 15:02:56 2009] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatc
h

Thanks
Matt

till · #8 19th June 2009, 08:08

Looks as if you uploaded a certificate that was not based on the csr that was created by ispconfig. This results in a mismatch of the ssl key and apache is not able to start anymore. To avoid this, take the csr (certificate signing request) that was created by ispconfig and let it sign from your ssl company and then copy the new cert that you get back into the certificate field in ispconfig and select save as action and click on save.

punto · #9 22nd June 2009, 08:00

Re-created the certificate request and all working okay now.

Thanks
Matt

Navigation

Facebook

News

Recent comments

Newsletter