#1  
Old 23rd April 2012, 15:41
FumarMata FumarMata is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Added IP address, Apache broken

Hello,

I wanted to install an SSL certificate. I was following the instructions in

http://www.howtoforge.com/securing-y...-from-startssl

Where I did it to point 2, but not 3 (StartSSL site was not working), so I went to the ISPConfig manual and I read that I have to associate the certificate to a single IP, not to the *. I look at my domain and see that it's associated to the * instead of the IP, that is not there.

So I go to ISPConfig and add a new IP. From then on, Apache has stopped working and the logs don't show anything meaningful to me:

/var/log/apache2/error.log
Code:
...
[Mon Apr 23 12:19:02 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 23 12:19:02 2012] [warn] RSA server certificate CommonName (CN) `Marc Sallent' does NOT match server name!?
[Mon Apr 23 12:19:02 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Apr 23 12:19:02 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Apr 23 12:19:02 2012] [notice] Digest: done
[Mon Apr 23 12:19:02 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 23 12:19:02 2012] [warn] RSA server certificate CommonName (CN) `Marc Sallent' does NOT match server name!?
[Mon Apr 23 12:19:02 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Mon Apr 23 12:21:02 2012] [notice] caught SIGTERM, shutting down
DBI connect('database=dbispconfig;host=localhost:3306','ispconfig',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) at /usr/local/ispconfig/server/scripts/vlogger line 257
The last error with a date is when apache stopped working
The "DBI Connect..." is when I rebooted the server

When I try to reboot I get this, but nothing is printed in the log:
Code:
root@server1:/var/log/apache2# apachectl restart
httpd not running, trying to start
Action 'restart' failed.
The Apache error log may have more information.
root@server1:/var/log/apache2#
Can you help me? All my sites are down

Thanks in advance,

marc
Reply With Quote
Sponsored Links
  #2  
Old 23rd April 2012, 15:45
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Most likely you have a broken ssl cert on your server. Delete the vhost file symlink in /etc/apache2/sites-enabled/ for the website that you tried to add the new ssl cert and then restart apache. Then login to ispconfig and disable ssl for that site so that the site gets available too again. Then create a new ssl cert for the site in ispconfig, ensure that you use short description in the ssl fields and no special chars as openssl can fail otherwise.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 23rd April 2012, 15:53
FumarMata FumarMata is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It didn't work, I removed the symlinks (moved them to a ./bak folder, is it the same?) and I still get the same result
Reply With Quote
  #4  
Old 23rd April 2012, 15:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
Originally Posted by FumarMata View Post
It didn't work, I removed the symlinks (moved them to a ./bak folder, is it the same?) and I still get the same result
Then the problem must be related to the startssl config steps that you did before and not the configuration changes in ispconfig. I guess you you did not notice the problem before as apache was not restarted.

Please try to undo the other config changes you did for startssl and then try to restart apache.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 23rd April 2012, 16:03
FumarMata FumarMata is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

do you think that restoring a backup would solve the issue?
(i did it with the updating process in http://www.howtoforge.com/securing-y...-from-startssl )
does anybody know how to restore it?

thanks!
Reply With Quote
  #6  
Old 23rd April 2012, 16:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

To completely disable ssl for ispconfig, edit the file:

/etc/apache2/sites-available/ispconfig.vhost

add a # in front of the lines:

SSLEngine On
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
## must be re-added after an ISPConfig update!!!
SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class1.server.ca.crt

and then restart apache.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 23rd April 2012, 16:12
FumarMata FumarMata is offline
Junior Member
 
Join Date: Mar 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

I commented them all (the last one was not in the file) and I still get the same result.
It's strange that the log shows -nothing- at all
!Thanks so much for your help!!!!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sessions not being saved gavimobile General 6 15th January 2012 15:05
problems with suexec gobokster Installation/Configuration 7 7th May 2009 13:33
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
ISPConfig 2.3.2-dev released till General 9 4th June 2007 10:46
php script injections Grizzly General 21 18th July 2006 08:55


All times are GMT +2. The time now is 12:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.