Old 20th February 2008, 18:35
jonwatson jonwatson is offline
Senior Member
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default Replacing SSL Cert

Hi All,

Been messing around with this for a while this morning and have given up. I am attempting to install a chained SSL cert from GoDaddy into an ISPConfig installation but am failing. The ISPConfig apache fails to launch, yet try as I might I cannot find a single log entry anywhere telling me why. I know it's SSL related, but without logs I'm pretty much in the dark.

I have:

A CSR file in /root/ispconfig/httpd/conf/ssl.csr
A CRT file in /root/ispconfig/httpd/conf/ssl.crt
A ca-bundle.crt file in /root/ispconfig/httpd/conf/ssl.crt

I have entries in /root/ispconfig/httpd/httpd.conf that point to all of these files, but no go. When I run /etc/init.d/ispconfig restart it happily tells me that it wasn't started, then tells me it is started, but it is not (at least port 81 apache is not up).

I see that this has been discussed before on the forums, but I'm obviously missing something. Can someone please, for the love of god, point me to the logs that the port 81 apache is supposed to be writing so I can see what's wrong?

Or, alternatively, is there some definitive guide somewhere on how to install a chained cert into ISPConfig? Seems to me that this is fairly poorly understood by a lot of people.


Reply With Quote
Sponsored Links
Old 21st February 2008, 09:25
till till is online now
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,999
Thanks: 840
Thanked 5,650 Times in 4,460 Posts

The log files are in /root/ispconfig/httpd/logs/

As far as I know, you will have to put the ca bundle in a separate file and not in the ssl.crt file together with the certificate. The bundle file is loded into the apache configuration with:

SSLCACertificateFile /path/to/the/bundle/cert/file/ca.txt
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Old 21st February 2008, 14:50
jonwatson jonwatson is offline
Senior Member
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts

HI Till,

I seem to have everything in the right place, but the ISPConfig apache just won't start. It doesn't log anything either. Very frustrating.

I'm going to play around a little more and maybe just move to a better cert that doesn't have a bundle.


Reply With Quote
Old 23rd February 2008, 22:13
tensor tensor is offline
Join Date: Jul 2007
Posts: 51
Thanks: 11
Thanked 9 Times in 6 Posts

Check these config directives:
SSLCertificateFile - should point to bare certificate
SSLCertificateKeyFile - should point to bare key (possibly protected with a password)
SSLCertificateChainFile - should point to bundle (contatenation) of certificates of all intermediate and root CAs, the Root CA cert should be at the bottom of the file, the closest intermediate CA to you cert at the top of the file.

That way it works for me for self generated certs. And yes, we do have inhouse intermediate CAs.
Reply With Quote
Old 24th February 2008, 16:40
jonwatson jonwatson is offline
Senior Member
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts


Yes, all that was set up correctly, yet ISPConfig would not start it's own port 81 apache and would not log the problem.

I've since moved to a direct cert from RapidSSL and all is good.

Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 18:59
Need some handholding on replacing the self-signed SSL Certs cgreentx Installation/Configuration 6 7th July 2007 01:06
New SSL Cert PoleCat Installation/Configuration 15 4th July 2007 11:13
Can't get SSL Cert to work rbartz Installation/Configuration 4 23rd April 2006 10:32
REAL SSL Cert install problems theduke Installation/Configuration 5 4th October 2005 23:06

All times are GMT +2. The time now is 17:42.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.