Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #21  
Old 16th October 2007, 02:08
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Not that I'm aware of. How would I check?
Reply With Quote
Sponsored Links
  #22  
Old 16th October 2007, 02:51
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

The crt, scr etc are your certificate, signing request and key files, so they're all there. You can check the /etc/apache2/vhosts/vhosts_ispconfig.conf file as well.
That'll have a section for your website that starts

<VirtualHost ip.ad.dr.ess:443>
ServerName www.yourdomain.com:443


and a bit further down should be

SSLEngine on
SSLCertificateFile /var/www/webXX/ssl/www.yourdomain.com.crt
SSLCertificateKeyFile /var/www/webXX/ssl/www.yourdomain.com.key

listing the files you just mentioned.

If you were using suPHP you would have consciously installed it, If Suexec is installed I think it gives you an enable 'tickbox' in the ISPConfig website setup.

A drastic check is to enter

a2dismod suexec

If it was enabled, that will disable it, an error message means it wasn't.

a2enmod suexec

would re-enable.

After all the to and froing with the certificates, it's probably a good idea to restart the web server explicitly as well.

/etc/init.d/apache2 restart
Reply With Quote
  #23  
Old 16th October 2007, 03:00
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Looking at the output from the first two commands, Inotice all of it looks OK to me. othername in the first one (i.e. without the www.) is unsupported and there is no date or challenge password attribute for the second, but I have no idea if that makes any difference to how the site would render in a browser.

So the question is are those four suffixes OK, or must there be a .pem somewhere to make it all work?
Reply With Quote
  #24  
Old 16th October 2007, 03:18
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Having done all that and checked everything, the browser is still getting exactly the same responses as before.

Suexec was enabled so I disabled it. There's a tip to run /etc/init.d/apache2 force-reload to fully disable. but if temporarily disabling doesn't achieve anything is there any point?

Apache2 restarted without any error messages at all.
Reply With Quote
  #25  
Old 16th October 2007, 09:46
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Pem files, .crt and key files are equivalent, just that a pem file can contain certificates or keys, ISPConfig just happens to use .crt and .key.

While a force-reload is the suggestion, restart achieves the same thing.

In a vanilla Apache install, the server runs the website as the 'Apache' user, usually on Debian or Ubuntu a user called 'www-data' or on some systems 'nobody'.
Under Suexec, that is changed to the local website owner, under ISPConfig usually web1_admin or similar. While this is good from a website mail point of view as mail servers tend not to like mail from 'nobody' it does impose tighter constraints on the 'ownership' of any files on the website. i.e. If you check the file owner and group, they should correspond to the user you have specified as website admin under the users and email tab.
File permission settings vary slightly as well.

.htaccess files can also play havoc with setting up SSL, as well as Zen Cart mods like SEO urls that use mod rewrite. They can be temporarily renamed fredhtaccess or htacess.bak or whatever.

But if the crt and key files are there and correctly formed, and there is a corrsponding entry in the vhosts.ispconfig.conf file that correctly references them, you should have SSL operational.

It is usually a good idea to clear your browser cache as well as they have a nasty habit of using cached pages when doing this kind of testing.
Reply With Quote
  #26  
Old 16th October 2007, 11:36
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Cache cleared. All .htaccess files under that web# renamed to .htaccess.orig suexec disabled everything else seems to check out and I have a nasty -12263 error still when entering https:// in the address bar and not found when entering http://

Is there a next move? Or is my poor shopping cart ( I have another one to install shortly, for a client this time) to wander through the ether unseen in perpetuity?
Reply With Quote
  #27  
Old 16th October 2007, 11:59
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Check the web error log in /webXX/log, same level as the ssl folder for any nasty messages there.

And while I think about it, what browser are you using for this? There have been reports of Firefox 2.0.0 and up doing this with some openssl certs.

I just tested on the ISPConfig/Debian VM image, which has Suexec running, and ZC 1.3.7. Generated a certificate, enabled SSL in the config files, and off it went, no problems at all.
Reply With Quote
  #28  
Old 16th October 2007, 12:12
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

No logs have been posted in /web#/log since Saturday 13th, when I first tried installing the cert!

Also, I'm using FF 2.0.0.6 on Ubuntu Feisty.

Yes, suexec doesn't appear to have had an effect, on or off. It's off at the moment.

<edit> May be FF behaviour, but ISPConfig has a self-generated cert for the overall server. On this domain, it hasn't worked with either CAcert or self-generated. </edit>

Last edited by chancer; 16th October 2007 at 12:14.
Reply With Quote
  #29  
Old 16th October 2007, 12:29
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Have a look here, might be worth a try, comments there have some further info

http://ffextensionguru.wordpress.com...0-ssl-2-tweak/
Reply With Quote
  #30  
Old 16th October 2007, 12:38
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
 
Default

Movement! Instead of the -12263 the browser says The connection was interrupted - any change is encouraging at this stage.

So FF was at best masking any attempts to fix it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgraded but forgot password.. ispconfig server dont start - what now? teveo1 Installation/Configuration 2 30th August 2007 09:00
Virtual Private Server voxanBoxer Installation/Configuration 3 9th August 2007 21:21
ISPConfig didn't start on server restart TheRudy Installation/Configuration 3 7th July 2006 17:25
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16
Server Not Autorative for Domain Error drbista Installation/Configuration 10 20th December 2005 16:41


All times are GMT +2. The time now is 01:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.