#1  
Old 31st May 2010, 14:45
shoevring shoevring is offline
Member
 
Join Date: Feb 2010
Posts: 71
Thanks: 1
Thanked 2 Times in 2 Posts
Default SSL errors

Hello.

I have a site where my customer needs one SSL certificate but it will not work.

At starting i enabling the SSL on homepage => In SSL tab i writing the informations(Country, name osv,) and then i was finish writing i trying to create a certificate.. After what i send my CSR into godaddy, and i gets crt and bundlefile.. I copyed the data from current files into both information(ssl certificate and bundle) and then i got this error then i trying to view the site:

ssl_error_rx_record_too_long

Why? And thanks
Reply With Quote
Sponsored Links
  #2  
Old 31st May 2010, 14:57
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,645
Thanks: 793
Thanked 5,000 Times in 3,911 Posts
Default

Please try to remove the content from the bundle field, select save as action, wait 2 minutes and try to access the site again with your webbrowser. Does the error message change? If yoes, plaese post the instructions that godaddy provided on how to include the bundle cert, as they mkght be different from waht ispconfig uses to include the bundle.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 31st May 2010, 15:09
shoevring shoevring is offline
Member
 
Join Date: Feb 2010
Posts: 71
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Hmm, i have tried to remove the content in bundle, but the error code is the same,..

I have also tryed to restart apache but nothing changes(error code)

Do you have any other options?
Reply With Quote
  #4  
Old 31st May 2010, 15:12
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,645
Thanks: 793
Thanked 5,000 Times in 3,911 Posts
Default

Have you waited a few minutes? It takes some time until the change sget written.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 31st May 2010, 15:16
shoevring shoevring is offline
Member
 
Join Date: Feb 2010
Posts: 71
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Yes i am very sure! I can also upload the certificate in domain/ssl ??
Reply With Quote
  #6  
Old 31st May 2010, 15:19
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,645
Thanks: 793
Thanked 5,000 Times in 3,911 Posts
Default

Quote:
Yes i am very sure! I can also upload the certificate in domain/ssl ??
Theoretically yes, but it should have been written there already. I guess the problem might be related to a bug in ispconfig. Please post the output of "ls" from within the sl directory and also post the content of the vhost file of this website and the ISPConfig version that you use currently.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 31st May 2010, 15:31
shoevring shoevring is offline
Member
 
Join Date: Feb 2010
Posts: 71
Thanks: 1
Thanked 2 Times in 2 Posts
Default

web1:/var/www/neohost.dk/ssl# ls
gd_bundle.crt www..crt www..key.org www.neohost.dk.key
neohost.dk.crt www..csr www.neohost.dk.crt www.neohost.dk.key.org
neohost.dk.csr www..key www.neohost.dk.csr

-----------------------------------------------------------------------

web1:/etc/apache2/sites-available# nano neohost.dk.vhost
GNU nano 2.0.7 File: neohost.dk.vhost

<Directory /var/www/clients/client0/web1/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# mod_php enabled
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@neohost.dk"
php_admin_value upload_tmp_dir /var/www/clients/client0/web1/tmp
php_admin_value session.save_path /var/www/clients/client0/web1/tmp
php_admin_value open_basedir /var/www/clients/client0/web1/web:/var/www/clients/client0/web1/tmp:/var/www/neohost.dk/we$

RewriteEngine on
RewriteCond %{HTTP_HOST} ^kontrolpanel.neohost.dk [NC]
RewriteRule ^/(.*)$ http://mainweb.neohost.dk:81$1

# add support for apache mpm_itk
<IfModule mpm_itk_module>
AssignUserId web1 client0
</IfModule>


</VirtualHost>

------------------------------------------------------------------------

Iam running the last version of ispconfig 3
Reply With Quote
  #8  
Old 31st May 2010, 21:44
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 211
Thanked 648 Times in 294 Posts
Send a message via Skype™ to Hans
Default

I see that you've exactly the same problem as i had last week: The same error in your browser and the fact that the SSL-Engine is not turned on in the vhost of the site. Please don't switch on the SSL Engine manually and don'trestart Apache afterwards, otherwise Apache2 can't restart anymore and ISPConfig3 and your websites will be down!

Probably there is something wrong with the SSL-certicate and/or the steps you took during the creation of the SSL-certicate. It might be a bug as well, because we are not the only ones who had these problems. Please, also don't click to fast in ISPConfig3 during turning on SSL and creating the certicates. Don't save your self created certicate yet. Only save the commercial certicate from your provider, which belongs to the CSR.

You can also get that error in your browser if you don't upload all the additional certicates into the ssl folder of the web. You probably need to add additional "SSLCertificateChainFile" directives to pin the additional certicates. You can add these rules by using the options tab of the web.

I am not sure if the my similar problems where caused by a corrupt SSL-certicate or because of a bug, because i took all the steps again with a new SSL-certicate.
__________________
Hans

BB-Hosting | Quality Web Hosting since 2005

Last edited by Hans; 31st May 2010 at 21:50.
Reply With Quote
  #9  
Old 31st May 2010, 23:56
shoevring shoevring is offline
Member
 
Join Date: Feb 2010
Posts: 71
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by Hans View Post
I see that you've exactly the same problem as i had last week: The same error in your browser and the fact that the SSL-Engine is not turned on in the vhost of the site. Please don't switch on the SSL Engine manually and don'trestart Apache afterwards, otherwise Apache2 can't restart anymore and ISPConfig3 and your websites will be down!

Probably there is something wrong with the SSL-certicate and/or the steps you took during the creation of the SSL-certicate. It might be a bug as well, because we are not the only ones who had these problems. Please, also don't click to fast in ISPConfig3 during turning on SSL and creating the certicates. Don't save your self created certicate yet. Only save the commercial certicate from your provider, which belongs to the CSR.

You can also get that error in your browser if you don't upload all the additional certicates into the ssl folder of the web. You probably need to add additional "SSLCertificateChainFile" directives to pin the additional certicates. You can add these rules by using the options tab of the web.

I am not sure if the my similar problems where caused by a corrupt SSL-certicate or because of a bug, because i took all the steps again with a new SSL-certicate.
Thanks for the reply and you too also Till,

I have never saved the auto generated crt from ispconfig, i have changed it to my godaddy certificate...

As i read your text i should do: Create certificate, give crt to godaddy, paste the certificate from godaddy into certificate and bundle should i not paste into the text field? After that i should(20 min) i should turn SSL on?

// How can i in my vhost file do it so it will work manualy?

Thanks alot for the reply both.
Reply With Quote
  #10  
Old 1st June 2010, 07:51
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,645
Thanks: 793
Thanked 5,000 Times in 3,911 Posts
 
Default

I guess your problem might be related to this bug:

http://bugtracker.ispconfig.org/inde...&due=44&status[0]=

I've attached a copy of the fixed apache plugin. Please unpack it from the zip file and then copy it to the directory /usr/local/ispconfig/server/plugins-available/

Then go into the ispconfig interface and select save as action for the ssl cert again and click on save.
Attached Files
File Type: zip apache2_plugin.inc.zip (8.4 KB, 90 views)
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Hans (1st June 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating a SSL certificate - Quick guide SamTzu Tips/Tricks/Mods 22 4th January 2011 13:38
Documentation for SSL abubin Installation/Configuration 1 23rd April 2010 06:48
Fedora 10 - Virtual Users And Domains With Postfix, Courier etc j.smith1981 Server Operation 6 17th February 2010 01:01
SSL and IPs problem. debian-lover General 7 21st April 2008 11:59
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59


All times are GMT +2. The time now is 16:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.