If you want to get Commercial SSL Certificate for 2048bit or stronger encryption (Godaddy etc.) you need to change ISPConfig3 core settings.
Follow this Quick guide to do it. If you just want to get your own non-commercial Certificate to work skip this ISPConfig3 hack and proceed to the Normal SSL configuration.
ISPConfig3 hack SSL guide.
Normal SSL configuration.
- If you have already created a cert, delete it from the SSL tab for your site.
- Disable SSL for your website from the Website tab.
- Open /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php and change 1024 (second instance, not the default setting - although it may still work changing both) to 2048 or 4096.
- Save the file and restart apache2 (i.e. /etc/init.d/apache2 restart) for good measure.
- Note: If you experience an error restarting apache2 (e.g. "(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80") then do the following:
- sudo lsof -i :80
- Determine the pid of the running service and...
- kill <pid from step 2>
- /etc/init.d/apache2 restart
It should start this time. I'm not sure what may cause this, but I had experienced it many times. It may have something to do with Subversion if you have it enabled under apache.
- Go back to ISPConfig and create a new certificate as you would normally.
- Go back to the SSL tab (may have to restart apache again if you do not see the keys in the first two fields (not sure why, but I experienced this a few times).
- Copy the code from the SSL request fields and provide that to GoDaddy as the request key.
- Once you download your certificate from GoDaddy, paste the contents of the yourdomain.com.crt file into the SSL Certificate field (replacing what is there), select Save Certificate form the pulldown and click Save. The SSL Bundle was left empty (not sure if I needed anything here or not...can anyone confirm).
- Restart apache2 for good measure and test it out.
- Make sure that your (Linux) server has 1 IP address for each site that needs a Cert (and one for the server.)
- Make sure that those IP addresses are configured in 'ISPConfig3 | System | Edit Server IP' list.
- Make sure that the 'new' Certificate site does not have * as it's address in 'Sites | Website | IP-Address' field.
- Make sure that SSL is enabled in that same page
- Make sure that the DNS address points to that IP-Address that was defined for the website and not the old address (*) that you probably had to change when starting this process.
- On 'Sites | Website | SSL' enter your Certificate settings. (Your locale and Company info.)
- On the same page in 'SSL Action' 'Create Certificate' and Save.
- Wait a moment.
- Refresh SSL settings page. You should see the new Certificate code now.
You can now use the https