Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 29th July 2010, 15:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Does
Code:
/etc/init.d/apache2 restart
give you any errors now?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
DrJohn (30th July 2010)
Sponsored Links
  #12  
Old 29th July 2010, 16:29
DrJohn DrJohn is offline
Member
 
Join Date: Aug 2007
Location: Portland, OR, USA
Posts: 66
Thanks: 8
Thanked 2 Times in 2 Posts
Default

Yes, the error is unchanged:
Code:
root@m2a74am-vm1:/# /etc/init.d/apache2 restart
 * Restarting web server apache2                                         [fail] 
root@m2a74am-vm1:/#
There are no relevant apache2 log entries that I can find.
Reply With Quote
  #13  
Old 29th July 2010, 16:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

If there is no error message, then its most likely a ssl error. take a look into the error log of the website were you added / changed the ssl certificate.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
DrJohn (30th July 2010)
  #14  
Old 29th July 2010, 17:14
DrJohn DrJohn is offline
Member
 
Join Date: Aug 2007
Location: Portland, OR, USA
Posts: 66
Thanks: 8
Thanked 2 Times in 2 Posts
Default

Yes, that's the problem:
Code:
[Thu Jul 29 07:24:18 2010] [error] Unable to configure RSA server private key
[Thu Jul 29 07:24:18 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
I thought that the key pair was OK. The ispconfig-supplied csr was provided to GoDaddy, they validated the request and my site, and then provided the cert.

Although I have installed these before it's been a couple of years since. I've obviously done something wrong here. The cert was downloaded for the "Other" type of web server; the sent me a zip file containing gd_bundle.crt and my.domain.com.crt. I read somewhere else in this forum that I should simply copy the simple crt file into the certificate window in ispconfig but apparently that may be incorrect. Should I obtain the Apache-type cert bundle and install the intermediate file as instructed earlier in the above thread?

Also, I checked the first and last six characters of the cert as shown in ispconfig and as in the received crt file -- they are identical -- so there's little chance that this is the wrong cert, but is it possible that the csr was accidentally regenerated at some point? I'll re-key the cert at GoDaddy later today and see what happens.

It would be nice to know if either or both of the above procedures ('Other' or 'Apache' cert, without or with the intermediate file and supporting Apache2 directive) are best, required, preferred, or what.

Thanks!
Reply With Quote
  #15  
Old 30th July 2010, 07:01
DrJohn DrJohn is offline
Member
 
Join Date: Aug 2007
Location: Portland, OR, USA
Posts: 66
Thanks: 8
Thanked 2 Times in 2 Posts
Default

I deleted the certificates and made sure that /var/www/web#/ssl was empty. Then used ispconfig to generate a new csr and used that to rekey the GoDaddy cert. Uploaded the two files from GoDaddy's download: sf_bundle.crt and my.domain.com.crt into the web's ssl folder. Added the intermediate file directive to Apache directives:
Code:
SSLCertificateChainFile /var/www/web##/ssl/sf_bundle.crt
Now, when I restart apache2 I get:
Code:
root@m2a74am-vm1:/# /etc/init.d/apache2 restart
 * Restarting web server apache2                                               
 apache2: Syntax error on line 340 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/vhosts/Vhosts_ispconfig.conf: No such file or directory
                                                                         [fail]
and yes, there is no such file, only older versions:
Code:
root@m2a74am-vm1:/etc/apache2# ls vhosts
Vhosts_ispconfig.conf_29-07-10_21-00-25
Vhosts_ispconfig.conf_29-07-10_21-18-53
Vhosts_ispconfig.conf_29-07-10_21-18-56
Vhosts_ispconfig.conf_29-07-10_21-19-11
root@m2a74am-vm1:/etc/apache2#
Since there were definitely no changes from the most recent file, and it contained the correct directives and certificate file names, I copied it to Vhosts_ispconfig.conf. Now Apache2 started successfully.

Question: where did the Vhosts_ispconfig.conf file go? It apparently was not re-created at a juncture when modifying the site configuration.

SSL is now up on the webmail site; the other sites are running as well. So, problem solved.

Diagnosis: The intermediate file is required for the GoDaddy cert.

The steps I ended up following to get SSL re-keying with GoDaddy to work in this one site (this is not ssl for the ispconfig admin site on :81) were:
  1. Enter the directive
    Code:
    SSLCertificateChainFile /var/www/web13/ssl/sf_bundle.crt
    into the Apache Directives window on the Basis tab.
  2. Note the exact country, region, etc. in the original request.
  3. Delete the existing certificates with the Delete Certificates operation in the ispconfig panel.
  4. Make sure that /var/www/web##/ssl was emply.
  5. Generate a new csr using the same country, region, etc. as the original.
  6. From a terminal, cat and then copy the certificate request, paste it into the re-key window from GoDaddy, and the download the rekeyed certificate files.
  7. Unzip and transfer the new crt files to /var/www/web##/ssl
  8. Restart apache2
Reply With Quote
  #16  
Old 30th July 2010, 08:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

This is not the correct procedure. Your crt file gets removed or overwritten as you have not used ispconfig to save it and ispconfig might now replace the signed certificate with the self signed one.

The correct steps are:

6) Copy the csr from the csr field of the ispconfig web interface to godadda and do not use a terminal for that.
7) copy the content of the cert file that you received from godaddy into the certificate field in ispconfig, select "save" as action and click on save.
8) Not nescessary.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #17  
Old 31st July 2010, 03:56
DrJohn DrJohn is offline
Member
 
Join Date: Aug 2007
Location: Portland, OR, USA
Posts: 66
Thanks: 8
Thanked 2 Times in 2 Posts
 
Default

Thank you Till,

I had forgotten about that. Ssl is now set up via ispconfig, and it survives a restart, so all is OK.

Thanks again,

John
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3.0.1.4 causes Apache to have too many open files gkovacs Installation/Configuration 29 27th February 2013 08:59
monitrc configuration for Debian ISPConfig 3 server Hans Tips/Tricks/Mods 2 27th March 2011 23:22
geronimo-jetty7-javaee5-2.2 fails to deploy war application vtapas Server Operation 0 3rd May 2010 13:35
Monit & Munin SamTzu HOWTO-Related Questions 1 4th May 2008 18:03
"Too many open files in system" problems Berry Installation/Configuration 3 10th November 2007 21:58


All times are GMT +2. The time now is 16:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.