#1  
Old 28th December 2005, 23:17
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSL related problems

I am having trouble accessing my server in https mode,
I can access it fine via http, but not in secure mode.
I have configured a public (CA) Certificate and I believe it is correct because apache2 asks for the passphrase and I can go into secure mode if I use the servers name. I get the following messages when restarting apache. The messages are followed by the apahce2 Vhosts_ispconfig.conf file. Any help would be much appreciated. I am way behind on this project.

Messages when restarting apache2

amgsrv1:/etc/apache2/vhosts # /etc/init.d/apache2 restart
[Wed Dec 28 15:58:05 2005] [warn] VirtualHost 192.168.3.170:443 overlaps with VirtualHost 192.168.3.170:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Dec 28 15:58:05 2005] [warn] NameVirtualHost 192.168.3.170:80 has no VirtualHosts
Syntax OK
Shutting down httpd2 (waiting for all children to terminate) done

Starting httpd2 (prefork) [Wed Dec 28 15:58:16 2005] [warn] VirtualHost 192.168.3.170:443 overlaps with VirtualHost 192.168.3.170:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Dec 28 15:58:16 2005] [warn] NameVirtualHost 192.168.3.170:80 has no VirtualHosts
Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server www.amg01.info:443 (RSA)
Enter pass phrase:
done

/etc/aphache2/vhosts/Vhosts_ispconfig.conf file

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
#NameVirtualHost 192.168.3.170:80
#<VirtualHost 192.168.3.170:80>
# ServerName localhost
# ServerAdmin root@localhost
# DocumentRoot /var/www/sharedip
#</VirtualHost>
#
#
######################################
# Vhost: www.amg01.info:80
######################################
#
#
NameVirtualHost 192.168.3.170:80
<VirtualHost 192.168.3.170:80>
#<VirtualHost www.amg01.info:80>
ServerName www.amg01.info:80
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias 192.168.3.170
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>
#
<IfModule mod_ssl.c>
<VirtualHost 192.168.3.170:443>
#<VirtualHost www.amg01.info:443>
ServerName www.amg01.info:443
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias 192.168.3.170
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
SSLEngine on
SSLCertificateFile /var/www/web1/ssl/www.amg01.info.crt
SSLCertificateKeyFile /var/www/web1/ssl/www.amg01.info.key
SSLCertificateChainFile /var/www/web1/ssl/sf_issuing.crt
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
#
Reply With Quote
Sponsored Links
  #2  
Old 28th December 2005, 23:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

Is /etc/aphache2/vhosts/Vhosts_ispconfig.conf included maybe more than once in your Apache configuration file?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 29th December 2005, 04:09
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you. I could swear I checked that twice.
That fixed error messages, but I still cannot get to the https side of the site. It looks like it times out and basically gives a cannot find page error.
Reply With Quote
  #4  
Old 29th December 2005, 09:15
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,638
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
Default

Have you tried firefox to access the SSL site, it gives better error messages then IE.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 29th December 2005, 16:27
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Till thanks for looking at this. Firefox returns a time out message. I think the problem is somehow related to the fact that the machine is named amgsrv1.anthem-group.com. It is on a local domain named anthem-group.com. I have defined www.amg01.info as a virtual host and send both http and https requests from the fire wall to the IP & port defined for the virtual server which is named www.amg01,info. This is the same as the machines IP address. I can reach the machine using https:amgsrv1.anthem-group.com, but the certifcate indicates that the domain name in the certificate was not matched.
I just happed to think, what would happen if I used a different IP address to define the virtual host? I will try that, in the meantime I hope I have provided enough info to help solve my problem.

No Luck I still cannot access https://www.amg01.info even though apache apparently "sees" the certificates because it requires me to enter one before apache will boot.
Happy new year to all.

Last edited by senzapaura; 2nd January 2006 at 22:50.
Reply With Quote
  #6  
Old 2nd January 2006, 22:53
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Still no luck getting the SSL to work.
Reply With Quote
  #7  
Old 3rd January 2006, 00:36
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

What's the exact error message now? What's in the logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 7th January 2006, 16:56
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Question

Well, in my haste to find a solution I screwed things up so bad I had to reinstall everything to make sure I brought everything back to where it was before my screw up. I was hoping that by reinstalling my problem would miraculously go away, so much for miracles. I guess the good news is I am right back where I started. The bad news is I still have the problem. I can access my site by a domain name using http, but the browser times out when trying to access the site via https.

Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings. I do not know how to make these changes in Ispconfig, so I must edit the file directly. The second is, do not make any mistakes when creating a web site using Ispconfig. If you do make a mistake and try again Ispconfig adds one to the web site and by the time you create a “good” site it is web3 or web4. I am not sure if the implicit save is a good thing for my bad typing. Also, is there a problem if I use the newest version of phpMyAdmin? I noticed that the current version is several versions ahead of the one I have been using.

I have added the public SSL certificate and when I reboot apache2 it asks for the passphrase, when entered apache2 starts OK, so it looks like apache2 knows there is a valid SSL certificate.

These are my current settings for the /etc/apache2/vhosts/Vhosts_ispconfig.conf file, followed by my host and domain settings. – Falko which log files?

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
#NameVirtualHost 192.168.3.170:80
#<VirtualHost 192.168.3.170:80>
# ServerName localhost
# ServerAdmin root@localhost
# DocumentRoot /var/www/sharedip
#</VirtualHost>
#
#
######################################
# Vhost: www.amg01.info:80
######################################
#
#
<VirtualHost 192.168.3.170:80>
ServerName www.amg01.info:80
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias amg01.info
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>
#
<IfModule mod_ssl.c>
<VirtualHost 192.168.3.170:443>
ServerName www.amg01.info:443
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias amg01.info
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
SSLEngine on
SSLCertificateFile /var/www/web1/ssl/www.amg01.info.crt
SSLCertificateKeyFile /var/www/web1/ssl/www.amg01.info.key
SSLCertificateChainFile /var/www/web1/ssl/sf_issuing.crt
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
#
#
==============================================
amgsrv1:/etc/apache2/vhosts # hostname
amgsrv1
amgsrv1:/etc/apache2/vhosts # hostname -d
anthem-group.com

This is a copy of the top lines of IE error I get when I try to access the site using https://www.amg01.info.

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
Reply With Quote
  #9  
Old 7th January 2006, 18:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,638
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
Default

Did you use any of the howtos provided at howtoforge to setup your server for ISPConfig?

Quote:
Originally Posted by senzapaura
Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings.I do not know how to make these changes in Ispconfig, so I must edit the file directly.
Simply put you additional directives in the Apache directives field of the website.

Quote:
The second is, do not make any mistakes when creating a web site using Ispconfig. If you do make a mistake and try again Ispconfig adds one to the web site and by the time you create a “good” site it is web3 or web4. I am not sure if the implicit save is a good thing for my bad typing.
Whats the problem with that? Websites are referenced in ISPConfig by the domain, the web ID's are only for internal use in ISPConfig.


Quote:
Also, is there a problem if I use the newest version of phpMyAdmin? I noticed that the current version is several versions ahead of the one I have been using.
You can use any version you want. But make sure you configure it correctly. Have a look in the config file that ISPConfig uses for PHPMyAdmin.

Quote:
I have added the public SSL certificate and when I reboot apache2 it asks for the passphrase, when entered apache2 starts OK, so it looks like apache2 knows there is a valid SSL certificate.
I guess you dont added the certificate with ISPCOnfig, beacuse ISPConfig makes sure the the certificates dont ask for the password when you restart apache. If you setup an SSL certificate manually you have to select "n" in steps 6 and 7 of the openSSL certificate setup.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 7th January 2006 at 20:39.
Reply With Quote
  #10  
Old 7th January 2006, 20:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
 
Default

Quote:
Originally Posted by senzapaura
Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings. I do not know how to make these changes in Ispconfig, so I must edit the file directly.
On the "Basis" tab of a web site in ISPConfig, there's the field "Apache Directives" where you can put your additional directives.


Quote:
Originally Posted by senzapaura
This is a copy of the top lines of IE error I get when I try to access the site using https://www.amg01.info.

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
What error message do you get when you use Firefox instead of IE?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with groups/grpconv linuxfast General 28 21st April 2008 09:35
problems mysql rayit General 15 1st April 2006 04:57
2 Questions (1 SSL Related and 1 dns forward related) phamels Installation/Configuration 11 4th January 2006 01:33
Debian 3.1 Related problems! AdykOSu Installation/Configuration 1 21st December 2005 22:32
Problems getting through the installation klausagnoletti Installation/Configuration 4 26th September 2005 12:23


All times are GMT +2. The time now is 13:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.