Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th April 2011, 10:23
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Default Updated to 3.0.3.3 and SSL/8080 stopped working

SSL/8080 was working earlier OK, but after updating to 3.0.3.3 (at my own risk used from panel (system / Remote actions / Do ISPConfig-update ), went OK, but also after restart ISPConfig thru SSL stopped working (unsecured OK). Otherwise seems to work OK (shows 3.0.3.3 when logged in).

I checked as per manual 6.2. ("6.2 Enabling SSL For The ISPConfig Web Interface") and all looks the same as earlier:
- certificates exists
- a2enmod ssl" gives "Module ssl already enabled"
- SSL engine extra lines in file still exists

so:
- http://server1.example.com:8080 => works
- https://server1.example.com:8080 => gives below
Quote:
Secure Connection Failed
An error occurred during a connection to server1.example.com:8080.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
When re-starting machine, everything looks OK, but when manually restart of apache shows error
Code:
# /etc/init.d/apache2 restart
Restarting web server: apache2apache2: apr_sockaddr_info_get() failed for server1.example.com
...
 ... waiting apache2: apr_sockaddr_info_get() failed for server1.example.com
...
#
Any idea?

Webmin (with SSL) still OK (done as HOWTO)
http://www.howtoforge.net/easy-round...debian-squeeze
Reply With Quote
Sponsored Links
  #2  
Old 17th April 2011, 22:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Can you post your /etc/apache2/sites-available/ispconfig.vhost file?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 18th April 2011, 17:20
benlake benlake is offline
Junior Member
 
Join Date: Apr 2011
Posts: 4
Thanks: 1
Thanked 0 Times in 0 Posts
Default

When I upgraded my ispconfig.vhost had been reverted to non-SSL version, and the error you are getting is exactly what would happen if you specified https:// when connecting to a port not speaking SSL. So most likely it isthe config now has SSLEngine On commented out.
Reply With Quote
  #4  
Old 18th April 2011, 17:27
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,333 Times in 4,184 Posts
Default

Quote:
So most likely it isthe config now has SSLEngine On commented out.
This happens if your ssl certificates are in a wrong location or have wrong filenames. ISPConfig espects the ssl certs for the interface here:

/usr/local/ispconfig/interface/ssl/ispserver.crt
/usr/local/ispconfig/interface/ssl/ispserver.key
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 18th April 2011, 17:45
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question Mistake on manual then?

Manual ("Version 1.1 for ISPConfig 3.0.3", chapter 6.2) asks to create ssl-certificates on diff. place
Quote:
Make the directory for the SSL certificate:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
...
vi /etc/apache2/sites-available/ispconfig.vhost
... and insert the following lines...
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ispserver.crt
SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key
...
Now (as done per manual on org installation before update):
Code:
 /usr/local/ispconfig/interface/ssl# cd /etc/apache2/ssl
 /etc/apache2/ssl# ls
ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
...
/usr/local/ispconfig/interface/ssl# ls
(empty...)
This setup worked in earlier version...

Now do I'll have to
- copy /etc/apache2/ssl to /usr/local/ispconfig/interface/ssl
- edit /etc/apache2/sites-available/ispconfig.vhost as to point to /usr/local/ispconfig/interface/ssl
or what is the correct way?

Last edited by eko_taas; 18th April 2011 at 17:50. Reason: Added "SSLEngine On" as mentioned earlier by benlake
Reply With Quote
  #6  
Old 18th April 2011, 18:33
eko_taas eko_taas is offline
Member
 
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Default

Seems that upgrade has also changed /etc/apache2/sites-available/ispconfig.vhost as earlier changes not any more there

Code:
...
  # SSL Configuration
  #SSLEngine On
  #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
...
So removed comments and copied
Code:
# cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
l# cd /usr/local/ispconfig/interface/ssl/
 /usr/local/ispconfig/interface/ssl# ls
ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
# /etc/init.d/apache2 restart
And WOW, SSL working again....
Code:
https://server1.example.com:8080/
https://example.com:8080/webmail/
Thanks for help, please correct manual as well (if needed )

I future I hope that upgrade would not touch these basic things....
Reply With Quote
The Following 2 Users Say Thank You to eko_taas For This Useful Post:
falko (19th April 2011), micko_escalade (24th April 2011)
  #7  
Old 24th April 2011, 04:34
micko_escalade micko_escalade is offline
Senior Member
 
Join Date: Jan 2006
Posts: 123
Thanks: 7
Thanked 3 Times in 3 Posts
 
Default

Run into same issue as eko_taas but just to make it clear I had to copy all files using
Code:
cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
Then from the manual page 297 this:
Code:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ispserver.crt
SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key
inside /etc/apache2/sites-available/ispconfig.vhost

un-commenting

Code:
  # SSL Configuration
  #SSLEngine On
  #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
Did now solve my issue.

Last edited by micko_escalade; 24th April 2011 at 04:43.
Reply With Quote
The Following User Says Thank You to micko_escalade For This Useful Post:
ande (29th May 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 22:49.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.