Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st March 2013, 07:22
spanish spanish is offline
Member
 
Join Date: Nov 2009
Posts: 58
Thanks: 13
Thanked 4 Times in 4 Posts
Default Problem with RapidSSL + ISPConfig 3 + OpenVZ + Debian + MyDNS

Hello,

I have:
OVH dedicated server with Debian 6 + Proxmox 2. IP = 0.0.0.0
OpenVZ VM with Debian 6 (kernel 2.6.32-16-pve), ISPConfig 3.0.4.2, Apache 2.2.16 and MyDNS 1.2.8.27. IP = 1.1.1.1
Last version of CSF+LFD installed on both machines (with IP 2.2.2.2 allowed).

ISPConfig 3 is working for several years with a RapidSSL Wildcard certificate installed manually like default-ssl. This certificate is associated to domain1.es and IP 1.1.1.1

Now, I want use a standard RapidSSL in domain2.es (whose DNS are configured in OVH Manager).

I bought a OVH IPv4 FailOver (IP = 2.2.2.2).

I added IP 2.2.2.2 to my interfaces and I restarted my network (following the Manual's chapter How Do I Manually Configure New IP Addresses On My System?):
# vi /etc/network/interfaces
...
auto venet0:1
iface venet0:1 inet static
address 2.2.2.2
netmask 255.255.255.255

# ifconfig
...
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:2.2.2.2 P-t-P:2.2.2.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1


I added 2.2.2.2 to ISPConfig 3 (System -> Server IP Addresses):
Type: IPv4
IP Address: 2.2.2.2
HTTP NameVirtualHost: yes
HTTP Ports: 80,443


I created the DNS zone of domain2.es and change 1.1.1.1 records to 2.2.2.2

I created the website of domain2.es:
IPv4: 2.2.2.2
Auto-Subdomain: None or www (I tested both)
SSL: Yes


I filled the SSL fields (with a-z characters), selected "Create certificate" and saved.

And I restarted Apache & MyDNS.

At this moment:
http://domain2.es displays http://domain1.es (like a domain alias).
https://domain2.es says Forbidden. You don't have permission to access / on this server.

# tail -f /var/log/apache2/error.log
[...] [error] [...] client denied by server configuration: /var/www/domain2.es/web/

No error in:
/var/log/apache2/ssl_error.log
/var/log/ispconfig/httpd/domain2.es/error.log

Any idea?

Thanks!

Manuel

Last edited by spanish; 1st March 2013 at 07:29.
Reply With Quote
Sponsored Links
  #2  
Old 2nd March 2013, 02:47
spanish spanish is offline
Member
 
Join Date: Nov 2009
Posts: 58
Thanks: 13
Thanked 4 Times in 4 Posts
Default

Here is the problem:
Quote:
Originally Posted by spanish View Post
I added IP 2.2.2.2 to my interfaces and I restarted my network (following the Manual's chapter How Do I Manually Configure New IP Addresses On My System?):
# vi /etc/network/interfaces
...
auto venet0:1
iface venet0:1 inet static
address 2.2.2.2
netmask 255.255.255.255
Following Till (Your server is a vserver, so you can not configure the network from within the virtual machine. The network is configured on the host server.), I added IPv4 2.2.2.2 on host server:

Login Proxmox -> Datacenter -> My Dedicated Server (0.0.0.0) -> My OpenVZ VM (1.1.1.1) -> Network -> Add -> IP address (venet) -> IP address: 2.2.2.2 -> Add

Now, http and https are OK (SSL self-signed, at the moment).


Last edited by spanish; 2nd March 2013 at 02:58.
Reply With Quote
  #3  
Old 4th March 2013, 12:30
spanish spanish is offline
Member
 
Join Date: Nov 2009
Posts: 58
Thanks: 13
Thanked 4 Times in 4 Posts
Default

After consume all reissues of first RapidSSL certificate, I managed to run a second RapidSSL certificate following these steps:
  1. Run self-signed SSL certificate (view supra).
  2. Generate RapidSSL CRT using our CSR and selecting Apache 2 option.
  3. Check match CRT&CSR and CRT&Key (for example, in http://sslchecker.com/matcher). You may have to wait a while (in my case, the first time CRT&CSR was OK but CRT&Key was KO) (after a while, both were well).
  4. In ISPConfig 3 Administration Panel, go to SSL tab, delete the self-signed CRT and paste the RapidSSL CRT in SSL Certificate field, select Save Certificate in SSL Action dropdown and click Save buttom.
I think the keys are:
  1. Select Apache 2 option in step 2.
  2. Wait for all match in step 3 before do step 4.
Regards,

Manuel
Reply With Quote
  #4  
Old 6th March 2013, 19:19
spanish spanish is offline
Member
 
Join Date: Nov 2009
Posts: 58
Thanks: 13
Thanked 4 Times in 4 Posts
 
Default

Quote:
Originally Posted by spanish View Post
Login Proxmox -> Datacenter -> My Dedicated Server (0.0.0.0) -> My OpenVZ VM (1.1.1.1) -> Network -> Add -> IP address (venet) -> IP address: 2.2.2.2 -> Add
Be sure to restart Host after this (if not, you will have a network problem on the VM).
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ftp problems timeout reny2000 General 6 23rd December 2009 11:09
ISPConfig3 Mail Warn Errors reason8 General 3 25th November 2009 13:58
[debian 5 + ispconfig 3] Unable to send mail tanakskool HOWTO-Related Questions 6 4th November 2009 18:20
Proftpd Login Problem with Debian Etch and ISPConfig Rocky Installation/Configuration 5 28th April 2007 06:42
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 17:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.