Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd April 2011, 10:37
John.Smith John.Smith is offline
Junior Member
 
Join Date: Apr 2011
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default Client Site With SSL Not Working

I am using ISPConfig Version: 2.2.38 on Fedora 14 x86_64. I log into the ISPConfig control panel as admin at https://server1.example.tld:81/. I click ISP Manager -> Sites Folder -> Site1 -> Basis Tab -> Check SSL -> Save. I am taken back to the ISP Manager home page. I must browse back to Site1 and then click on the SSL tab. I filled in the drop down box and the 5 text fields. I then select create certificate from the drop down box and click save. I am taken back to the ISP Manger home page and I must browse back to Site1, click on the SLL tab, then there are two textareas that are called SSL Request and SSL certificate and are filled in with information. I select save certificate from the drop down box and click save.

Now when I browse to http://www.site1.com/ everything works normal. When I browse to https://www.site1.com/ I get unable to connect page.

---
[root@pluto ~]# lynx https://www.site.com/

Looking up www.site1.com
Making HTTPS connection to www.site1.com
Alert!: Unable to connect to remote host.

lynx: Can't access startfile https://www.site1.com/
---

I have replaced my domains with example and site1 for this post.

Whenever I try to access Site1 using https there doesn't seem to be any errors generated in /var/log/httpd/error_log.

Can anyone please give me some suggestions as to why I can't access Site1 using SSL, or where to start looking?
Reply With Quote
Sponsored Links
  #2  
Old 4th April 2011, 13:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

What's the output of
Code:
netstat -tap
?

Quote:
I am taken back to the ISP Manger home page and I must browse back to Site1, click on the SLL tab, then there are two textareas that are called SSL Request and SSL certificate and are filled in with information. I select save certificate from the drop down box and click save.
BTW, you don't have to select "Save" again after the initial creation of the certificate. "Save" is needed only if you use the CSR to get an official certificate from a trusted CA. You would then paste the official cert into the form and select "Save". See http://www.howtoforge.com/faq/14_49_en.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 5th April 2011, 04:01
John.Smith John.Smith is offline
Junior Member
 
Join Date: Apr 2011
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default netstat -tap

falko,

Thank you for the reply. Here is my netstat -tap.

Code:
[root@pluto ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 *:imap                      *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:81                        *:*                         LISTEN      1827/ispconfig_http 
tcp        0      0 pluto.site1.com:domain    *:*                         LISTEN      2150/named          
tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      2150/named          
tcp        0      0 *:ssh                       *:*                         LISTEN      1452/sshd           
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      1236/cupsd          
tcp        0      0 *:smtp                      *:*                         LISTEN      32696/master        
tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      2150/named          
tcp        0      0 *:imaps                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:pop3s                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:mysql                     *:*                         LISTEN      1591/mysqld         
tcp        0      0 *:pop3                      *:*                         LISTEN      1617/dovecot        
tcp        1      0 pluto.site1.com:35533     24.143.206.49:http          CLOSE_WAIT  2822/clock-applet   
tcp        0      0 pluto.site1.com:45791     gy-in-f102.1e100.net:http   TIME_WAIT   -                   
tcp        0      0 *:imap                      *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:http                      *:*                         LISTEN      1967/httpd          
tcp        0      0 *:ftp                       *:*                         LISTEN      378/proftpd: (accep 
tcp        0      0 *:ssh                       *:*                         LISTEN      1452/sshd           
tcp        0      0 pluto.site1.com:ipp       *:*                         LISTEN      1236/cupsd          
tcp        0      0 *:smtp                      *:*                         LISTEN      32696/master        
tcp        0      0 pluto.site1.com:rndc      *:*                         LISTEN      2150/named          
tcp        0      0 *:imaps                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:pop3s                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:pop3                      *:*                         LISTEN      1617/dovecot
It appears that it isn't listening for https? How do i configure or start that?

Thanks,
John

Last edited by John.Smith; 24th May 2011 at 19:26.
Reply With Quote
  #4  
Old 5th April 2011, 16:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Can you post your /etc/httpd/conf/httpd.conf? What's the output of
Code:
ls -la /etc/httpd/conf/
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 5th April 2011, 18:49
John.Smith John.Smith is offline
Junior Member
 
Join Date: Apr 2011
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Code:
[root@pluto ~]# ls -la /etc/httpd/conf/
total 136
drwxr-xr-x. 3 root root  4096 Apr  5 02:28 .
drwxr-xr-x. 4 root root  4096 Apr  4 23:18 ..
-rw-r--r--  1 root root 35976 Apr  5 01:47 httpd.conf
-rw-r--r--  1 root root 35932 Mar 31 07:30 httpd.conf.31-03-11_07-30-18
-rw-r--r--  1 root root 34464 Mar 31 07:30 httpd.conf.orig
-rw-r--r--  1 root root 12958 Oct 27 06:05 magic
drwxr-xr-x  2 root root  4096 Apr  3 03:57 vhosts
Reply With Quote
  #6  
Old 6th April 2011, 15:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

What's in your /etc/httpd/conf/httpd.conf? Do you have
Code:
Listen 443
anywhere in your configuration?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 7th April 2011, 00:28
John.Smith John.Smith is offline
Junior Member
 
Join Date: Apr 2011
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default

No, I don't have that line. I'm pretty certain you don't want me to paste the 1058 lines in that file. Do you? It conatins a line towards the end that reads

Code:
Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
I looked in the /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf file , and all of my domains use port 80, except for the one that I setup to use SSL.

I put

Quote:
Listen 443
in the /etc/httpd/conf/httpd.conf file, and restarted everything. Now it gives me this error,

Code:
[root@pluto ~]# lynx https://www.site1.com/

Looking up www.site1.com
Making HTTPS connection to www.site1.com
Retrying connection without TLS.
Looking up www.site1.com
Making HTTPS connection to www.site1.com
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile https://www.site1.com/
What next?

Last edited by John.Smith; 24th May 2011 at 19:28.
Reply With Quote
  #8  
Old 7th April 2011, 16:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

This link might help: http://webcache.googleusercontent.co...www.google.com
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 7th April 2011, 22:25
John.Smith John.Smith is offline
Junior Member
 
Join Date: Apr 2011
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default

I reversed my previous step, by removing the Listen 443 line back out of my /etc/httpd/conf/httpd.conf file. Then I typed yum install mod_ssl. Then restarted. Now I can access the site using https. Now I have a new problem. I am hosting 8 competitors web sites. Only site1 requires to be able to connect using https. Whenever anyone accesses the other 7 web sites using https, they are connected securely to site1. I visit https://www.site2.com/ and site1's web site displays. Since they are competitors, this is bad. When I access any of the sites using http then everything is fine.

What can I do now to fix the new problem?

Last edited by John.Smith; 7th April 2011 at 22:32. Reason: More important info
Reply With Quote
  #10  
Old 8th April 2011, 15:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
 
Default

You could set up a default SSL vhost that catches all connections that are not targeted at your SSL site.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL on ISPconfig3 not working novaflash Developers' Forum 4 20th January 2009 23:38
HTTPS site not working. suidas Installation/Configuration 3 7th May 2007 11:59
ISPConfig stop working after i add a new site xTiNcTion Installation/Configuration 4 6th January 2007 00:55
change report client / site fpl General 18 29th June 2006 14:25


All times are GMT +2. The time now is 05:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.