Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th December 2007, 19:10
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default SSL problem - error 12263

Hi,

I have server with Ubuntu 7.10, went through perfect server allright and tried to load ISPConfig 2.2.18 with my domain chillifire.net

That worked after some trials and tribulations and a first failed install (see below), so now http://www.chillifire.net work, https://www.chillifire.net:81 works and gets me to the panel, which seems to work fine. However, https://www.chillifire.net gets me the treaded 12263 error in the browser.

Yes, there has been a lot of postings, but all seem to deal with the issue of more than one certificate per IP or multiple IPs and certificates etc. These posts do not apply as I have one IP only and (should) have only one certificate.

Now, I did notice a few things:
- I have entries apache2.conf.06-12-07_16-21-50, and ports.conf.06-12-07_16-21-50 and under mods-enabled every file seems to have a copy with a .06-12-07_16-21-50. Should these files be there? If not, could they have been created by a failed ISPConfig installation attempt? I installed twice - the first time the system aborted after creating the certificates, complaining php was not available. So I made php globally available (reversing 16.1 of the perfect server setup) and rerun the install - and it worked.
Could it be that there is a dud certificate flying around somewhere that wrecks the whole thing?
If so where?
And should I get rid of all the *.06-12-07_16-21-50 entries? Where else do I need to llok for them?
- Port 81 did not work at first. I had to recreate the certificate manually as per the instructions in this forum. Once that was done, 81 worked and I can get to the panel.
- I noticed there is no module ssl under /etc/apach2/modules-available and modules-enabled. Also, under /etc/apache2/vhosts I have the files
Vhosts_ispconfig.conf Vhosts_ispconfig.conf~ They look like this:
Code:
###################################
#
# ISPConfig vHost Configuration File
#         Version 1.0
#
###################################
#
NameVirtualHost 210.48.62.30:80
<VirtualHost 210.48.62.30:80>
  ServerName localhost
  ServerAdmin root@localhost
  DocumentRoot /var/www/sharedip
</VirtualHost>
NameVirtualHost 210.48.62.30:80
<VirtualHost 210.48.62.30:80>
  ServerName localhost
  ServerAdmin root@localhost
  DocumentRoot /var/www/sharedip
</VirtualHost>
#
#
######################################
# Vhost: www.chillifire.net:80
######################################
#
#
<VirtualHost 210.48.62.30:80>
SuexecUserGroup web3_contact web3
ServerName www.chillifire.net:80
ServerAdmin webmaster@chillifire.net
DocumentRoot /var/www/web3/web
ServerAlias chillifire.net
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias  /cgi-bin/ /var/www/web3/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web3/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web3/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3
</VirtualHost>
There is nothing anywhere I can see that would tell the system how to deal with port 443 (other than ports.conf, which says:
Code:
Listen 80

<IfModule mod_ssl.c>
    Listen 443
</IfModule>
- This is what is in directory /root/ispconfig/httpd/conf/ssl.crt
Code:
0cf14d7d.0  544fc7bf.1  82ab5372.0  README.CRT     ca.crt      server.crt           snakeoil-ca-rsa.crt  snakeoil-rsa.crt
544fc7bf.0  5d8360e1.0  Makefile    ca-bundle.crt  e52d41d0.0  snakeoil-ca-dsa.crt  snakeoil-dsa.crt
Is that what should be there? The server.crt file is the one I manually recreated.

Again, I suspect it has something to do with the failed installation, but then again, what do I know? So for starters, where should I look for dud certificates. And why are there no ssl modules and for Vhost? Any input/advice is welcome.

Thanks

chillifire
Auckland, New Zealand


PS: Here is some more output you will ask me for:
Code:
root@blackbird:~# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN
tcp        0      0 210.48.62.30:53         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      0 210.48.62.30:81         60.234.129.51:56569     TIME_WAIT
tcp        0      0 210.48.62.30:81         60.234.129.51:56567     TIME_WAIT
tcp6       0      0 :::993                  :::*                    LISTEN
tcp6       0      0 :::995                  :::*                    LISTEN
tcp6       0      0 :::110                  :::*                    LISTEN
tcp6       0      0 :::143                  :::*                    LISTEN
tcp6       0      0 :::21                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::25                   :::*                    LISTEN
tcp6       0      0 ::1:953                 :::*                    LISTEN
tcp6       0   2112 ::ffff:210.48.62.30:22  ::ffff:60.234.129:56685 ESTABLISHED
Reply With Quote
Sponsored Links
  #2  
Old 7th December 2007, 06:01
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default This is getting interesting

Hi everyone,

Out of sheer desparation I deinstalled ISPConfig. Interesting: it does not remove those funny files with date/time appended and it also does not get used to vhosts directories and files and vost roots. I deleted these all manually and then reinstalled ISPConfig. The result was interesting:
The same certificate error (unvalid signature) occured again and I had to employ www.howtoforge.com/faq/14_63_en.html to fix that. After that at least port 81 works and I can access the ISPConfig admin site. But SSL still does not work (leads to 12263 error) and new date and time appended files have been created.

So now I am thinking these files were not created by the fialed install but obviouslyare created by a 'successful' install.

So something must be in the setup of the system that upsets ISPConfig enough to do somehing very funny and not cope with SSL.

Any thoughts?

chillifire
Reply With Quote
  #3  
Old 7th December 2007, 11:02
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,256 Times in 4,121 Posts
Default

Please have a look here:

http://www.howtoforge.com/forums/showthread.php?t=13596
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 7th December 2007, 20:25
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default Thanks - but no solution

Thanks till for your quick response. Much appreciated.

I had seen the thread, but it does not really apply and it does not provide a solution.

As I stated, there is only
Vhosts_ispconfig.conf Vhosts_ispconfig.conf~
in the vhosts folder. There is no file with date/time appendage that I could rename. So therefore this approach does not provide a fix.

There were indeed an apache2.conf and ports.conf file with date/time appendage as reported (ports was indetnical though, not sure about apache2). I renamed them and restarted apache2 and ispconfig_server. No change.

Admittedly there are also all these date/time appended files in mods-available next to 'normal' files. it looks like this:
Code:
alias.conf                              include.load.07-12-07_15-41-46
alias.conf.07-12-07_15-41-46            mime.conf
alias.load                              mime.conf.07-12-07_15-41-46
alias.load.07-12-07_15-41-46            mime.load
auth_basic.load                         mime.load.07-12-07_15-41-46
auth_basic.load.07-12-07_15-41-46       negotiation.conf
authn_file.load                         negotiation.conf.07-12-07_15-41-46
authn_file.load.07-12-07_15-41-46       negotiation.load
authz_default.load                      negotiation.load.07-12-07_15-41-46
authz_default.load.07-12-07_15-41-46    php5.conf
authz_groupfile.load                    php5.conf.07-12-07_15-41-46
authz_groupfile.load.07-12-07_15-41-46  php5.load
authz_host.load                         php5.load.07-12-07_15-41-46
authz_host.load.07-12-07_15-41-46       rewrite.load
authz_user.load                         rewrite.load.07-12-07_15-41-46
authz_user.load.07-12-07_15-41-46       setenvif.conf
autoindex.conf                          setenvif.conf.07-12-07_15-41-46
autoindex.conf.07-12-07_15-41-46        setenvif.load
autoindex.load                          setenvif.load.07-12-07_15-41-46
autoindex.load.07-12-07_15-41-46        ssl.conf
cgi.load                                ssl.conf.07-12-07_15-41-46
cgi.load.07-12-07_15-41-46              ssl.load
dir.conf                                ssl.load.07-12-07_15-41-46
dir.conf.07-12-07_15-41-46              status.conf
dir.load                                status.conf.07-12-07_15-41-46
dir.load.07-12-07_15-41-46              status.load
env.load                                status.load.07-12-07_15-41-46
env.load.07-12-07_15-41-46              suexec.load
include.load                            suexec.load.07-12-07_15-41-46
The files without date/time are in a light turquios, so I assume they are symlinks. Also, I checked the pairs ssl.load / ssl.load.07-12-07_15-41-46 and ssl.conf / ssl.conf.07-12-07_15-41-46 and they are exactely the same. So for now I don't see how renaming all these files would change anything (as they should be just symlinks to mods-available anyway, right?)

Any more clues?

chillifire

Last edited by chillifire; 7th December 2007 at 20:28.
Reply With Quote
  #5  
Old 7th December 2007, 20:32
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,256 Times in 4,121 Posts
Default

Please undoi the renaming of these other files. I talked just about the file Vhost_ispconfig.conf and not any other file.

Please recreate the SSL cert of the website where you have SSL enabled in ISPConfig (not the ecrt for port 81!).
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 7th December 2007, 21:59
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default

Thanks again for the quick response.

I have to ask in that case where does ISPConfig store these website related SSL certifiactes? I assume these website related keys were created during the ISP config install? But where are they? I assume they are not in /root/ispconfig/httpd/conf/ssl.* which holds the ispconfig certificates?

I would not even know where to look, as there is no ssl module in either /etc/apache2/mods-available nor /etc/apache2/mods-enabled, nor are there any port 443 instructions in the vhosts files. So where apache2 even would know where to look for certificates is beyond my limited knowledge.

BTW, I am also playing around with DNS entries at the same time, so this link may be required for testing at the moment.

Thanks again for your support.

Hanno

Last edited by chillifire; 7th December 2007 at 22:08.
Reply With Quote
  #7  
Old 7th December 2007, 22:04
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

a sites cert should be in /var/www/web#/ssl
Reply With Quote
  #8  
Old 7th December 2007, 22:12
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default no sites certs

/var/www/web1/ssl is empty
Reply With Quote
  #9  
Old 7th December 2007, 22:32
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

did you enable ssl for web1 and create a certificate from the ispconfig control panel for web1?
Reply With Quote
  #10  
Old 7th December 2007, 22:42
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
 
Default ssl for site enabled

This might be a misunderstanding on my part then.

Yes, I did enable SSL with that switch.

No, I did not create a certificate for the site through the panel, I thought this was for certificates signed by agents only. Is this required for self signed certificates as well?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
SSL problem LeoLinux Installation/Configuration 12 15th March 2007 00:15
Can't solve SSL problem virtualweb Installation/Configuration 2 10th January 2007 16:50
problem with ssl cappeonghe General 1 7th August 2006 13:22


All times are GMT +2. The time now is 21:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.