#1  
Old 3rd January 2013, 17:16
SparkyRih SparkyRih is offline
Member
 
Join Date: Dec 2012
Posts: 35
Thanks: 2
Thanked 0 Times in 0 Posts
Default *:443 not reachable?

I've read a lot of threads o nthis forum, but non of them have a clear answer for my issue...

So I have a SSL certificate, installed it for one of my websites in the ISPConfig 3 contorlpanel... I also enabled SSL on the main config screen of the website...

But whenever I go to https://domain.nl(:443) IE gives me the error:


Internet Explorer cannot display the webpage.

/etc/apache2/apache2.conf is listening to port 443... but why is it still not working?
__________________
Schattorie Solutions
Making IT Possible While Keeping IT Simple
Reply With Quote
Sponsored Links
  #2  
Old 3rd January 2013, 22:04
ChrisZ ChrisZ is offline
Junior Member
 
Join Date: Dec 2012
Posts: 10
Thanks: 0
Thanked 2 Times in 2 Posts
Default

This is the only thing I can think of off the top of my head. Did you specify "443" when ISPConfig asked which port to make the interface available on?

Chris
Reply With Quote
  #3  
Old 3rd January 2013, 22:37
SparkyRih SparkyRih is offline
Member
 
Join Date: Dec 2012
Posts: 35
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ChrisZ View Post
This is the only thing I can think of off the top of my head. Did you specify "443" when ISPConfig asked which port to make the interface available on?

Chris
Good question...
Where can I check this?
__________________
Schattorie Solutions
Making IT Possible While Keeping IT Simple
Reply With Quote
  #4  
Old 3rd January 2013, 23:51
ChrisZ ChrisZ is offline
Junior Member
 
Join Date: Dec 2012
Posts: 10
Thanks: 0
Thanked 2 Times in 2 Posts
Smile

http://www.howtoforge.com/forums/showthread.php?t=42519

Quote:
Originally Posted by gkot View Post
edit

etc/apache2/sites-available/ispconfig.vhost

change line 7-10 to
Code:
 Listen 8080
NameVirtualHost *:8080

<VirtualHost _default_:8080>
login SSH to reboot apache
Code:
/etc/init.d/apache2 restart
I hope this helps!
Reply With Quote
  #5  
Old 4th January 2013, 08:16
SparkyRih SparkyRih is offline
Member
 
Join Date: Dec 2012
Posts: 35
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I guess you misunderstand my issue...
I'm able to login to the ISPConfig control panel (over port 8080, with an unsigned certificate, I'm fine with that)...

I'm trying to add an SSL certificate to one of the websites which is hosted on that server via ISPConfig...
The settings in ISPConfig seem right, I pasted the SSL cert into the second large field on the SSL tab of the website (including the ---begin, end--- delimiters), I enabled SSL on the main tab of that website, and if I go to my FTP server I can see that it did save the *.crt file correctly in the /ssl folder (if I open the file, it is the certificate signed by GeoTrust)...

I also tried to add this directive via ISPConfig

SSLCertificateChainFile /var/www/domain.ext/ssl/domain.ext.crt

After saving, when I go to the /etc/apache2/sites-availabledomain.ext.vhost I can see that that directive is presont on the last line (within the vhost tags)
I still end up with IE not being able to open any page (if I use https, http is fine)...

Edit: also tried editing the vhost tag from *:80 to *:443 or ext.ip.address:443 orr just *)...but nothing...
__________________
Schattorie Solutions
Making IT Possible While Keeping IT Simple

Last edited by SparkyRih; 4th January 2013 at 08:20.
Reply With Quote
  #6  
Old 4th January 2013, 08:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,407
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Please do not edit any of the apache config files manually, if you did any changes already, undo them as tehy will prevent the ssl website to work later. The procedure to install a ssl certificate in a website is:

1) Select the IP address in the site settings instead of *. If the IP does not show up, add it under System > Server IP.
2) Enable the ssl checkbox in the site settings.
3) Create a ssl certificate on the ssl certificate tab. If you have already created a cert that does not work, then delete this cert by selecting delete as action and press on save before you create a new ssl cert. Now test that the ssl site works with the self signed ssl cert.
4) If you want to use a signed ssl cert, then use the csr that ispconfig shows in the first field. Dont use any other csr as the crt and key will not match later and the sl site will fail.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 4th January 2013, 09:05
SparkyRih SparkyRih is offline
Member
 
Join Date: Dec 2012
Posts: 35
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Config is back to defaults...

Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...

But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...

Apache gives this error though: [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

But that's probably pretty much the same thign as you're telling me, but I thought maybe it's still usefull for anyone...

Edit: I did do what you told me, I added the fixed IP instead of the *, enabled SSL, createda a self signed certificate via the SSL tab, saved it, still nothing...
__________________
Schattorie Solutions
Making IT Possible While Keeping IT Simple

Last edited by SparkyRih; 4th January 2013 at 09:18.
Reply With Quote
  #8  
Old 4th January 2013, 09:26
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,407
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Quote:
Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...
Just dont mix * and IP. If you switch all sites to use the IP, it will work again.

Quote:
But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...
Then you will have to replace cert and key manually in the ssl folder. But the ssl authority should also resign your cert for free based on the csr created in ispconfig. Thats nemed rekeying.

Quote:
Edit: I did do what you told me, I added the fixed IP instead of the *, enabled SSL, createda a self signed certificate via the SSL tab, saved it, still nothing...
Did you delete the cert before you created a new one?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
SparkyRih (4th January 2013)
  #9  
Old 4th January 2013, 10:10
SparkyRih SparkyRih is offline
Member
 
Join Date: Dec 2012
Posts: 35
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I got it to work for a minute with a self signed cert, but when I try te add my own cert (replacing the key manually) it does not work anymore...

The virtualhost with ip:443 was added (by ISPConfig) in the vhosts file of the website, but now the virtual host is not created anymore...

1. Created self signed cert: working

After this
1. Deleted the self signed certificate
2. Inserted the real certificate data in the certificate field, saved (gave the system some time, and waited for the *.crt file to appear in the ssl folder)...
3. added the www.domain.ext.key file manually to the ssl dir...

Edit: So it works now, agian with a self signed cert, now I replaced the files in the ssl dir, but it keeps using the self signed cert...

Edit 2: Got it... I removed al the certs from the ssl dir, and uploaded my own stuff, now it takes the signed certificate... and it just works perfect

Thanks for the help!
__________________
Schattorie Solutions
Making IT Possible While Keeping IT Simple

Last edited by SparkyRih; 4th January 2013 at 12:22.
Reply With Quote
  #10  
Old 4th January 2013, 14:41
ChrisZ ChrisZ is offline
Junior Member
 
Join Date: Dec 2012
Posts: 10
Thanks: 0
Thanked 2 Times in 2 Posts
 
Default

Quote:
Originally Posted by SparkyRih View Post
I guess you misunderstand my issue...
Yes, I sure did. I'm sorry. I actually thought, at first, that's what you meant and then read it again.
Reply With Quote
The Following User Says Thank You to ChrisZ For This Useful Post:
SparkyRih (4th January 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Vserver and system not reachable pontifex Installation/Configuration 7 3rd December 2009 17:17
ISPConfig stuck with error: The URL is not reachable! adobe Installation/Configuration 4 18th September 2008 11:29
Domain not reachable kreya Installation/Configuration 12 5th October 2007 09:16
The URL is not reachable! kreya Installation/Configuration 8 15th June 2007 06:04
Error The URL is not reachable! blackgreen Installation/Configuration 4 22nd May 2007 17:09


All times are GMT +2. The time now is 12:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.