Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th May 2012, 11:43
deltaxfx deltaxfx is offline
Junior Member
 
Join Date: May 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPConfig 3 secured with StartSSL, what about main domain?

Hello,

I have what is probably an easy question, but I have read through a bunch of tutorials and even purchased the manual and haven't seen an answer. I followed the Securing Your ISPConfig 3 Installation With A Free Class1 SSL Certificate From StartSSL and it worked awesome, just like the rest of your tutorials. But my question is, since that SSL certificate is for mydomain.com, I would be able to use that on my actual website as well, right?

Here is what I think I would do, please let me know if this is correct,
  • in the panel, go to Sites
  • select mydomain.com (my ISPConfig server and all services are running on myserver.mydomain.com and the StartSSL cert is level 1 for mydomain.com and myserver.mydomain.com)
  • tick the SSL box
  • assign it the same IP as the server itself (1.1.1.1:8080 is ISPconfig, so 1.1.1.1 for this site?)
  • finally, copy/paste what I received from StartSSL into the appropriate boxes on the SSL tab

Thanks for any help, and if there is a tutorial that describes doing this please just point me there!
Reply With Quote
Sponsored Links
  #2  
Old 29th May 2012, 11:51
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,434
Thanks: 813
Thanked 5,209 Times in 4,085 Posts
Default

Thats described in the manual, see chapter:

5.4.1 How Do I Import An Existing SSL Certificate Into A Web Site
That Was Created Later In ISPConfig?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 29th May 2012, 12:20
deltaxfx deltaxfx is offline
Junior Member
 
Join Date: May 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you. I did read that part, that's where I got the info for copying/pasting the cert into the panel. I suppose my questions should have been more directly, is it correct to use the same IP for my ISPConfig panel and my website with the same name, mydomain.com (because SSL requires a unique IP)?
Reply With Quote
  #4  
Old 29th May 2012, 13:42
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,434
Thanks: 813
Thanked 5,209 Times in 4,085 Posts
Default

As long as you did not use port 443 for the ispcpnfig login (the default port for the ispconfig login is port 8080), then you can use the same IP address for the website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 30th May 2012, 14:53
deltaxfx deltaxfx is offline
Junior Member
 
Join Date: May 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I messed something up.
I followed the instructions in section 5.4.1. I set the IP for example.com to be the same as the ISPConfig IP (ISPConfig is using the default 8080), ticket the SSL box, and created a certificate as directed (5.4.1 directs you to 5.4 to make the self signed certificate to get started).
ls -l /var/www/example.com/ssl showed .crt, .csr, .key, and .key.org files, I went to the HTTPS version of the site and got the firefox error as expected, and viewed the certificate and it had the current date on it so I knew it was the one I just made.
I copied the crt, csr, and key from /usr/local/ispconfig/interface/ssl to /var/www/example.com/ssl and renamed them to match the files that were created earlier. Pasted the .csr and .crt contents into the appropriate boxes on the SSL tab of ISPConfig, and reloaded the webpage, but there was no change. So I restarted apache, and now I just get connection timed out errors when trying to access example.com either http or https. Also, I can't get to my ISPConfig panel anymore either, not even by accessing it via IP address.
Apache appears to be running though:
18664 pts/0 R+ 0:00 grep /usr/sbin/httpd

Any ideas before I do a clean wipe and start over?

Thanks again!
Reply With Quote
  #6  
Old 30th May 2012, 17:13
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,434
Thanks: 813
Thanked 5,209 Times in 4,085 Posts
Default

There is no need to reinstall, just disable the vhost where you created the ssl cet by deleting the link with the domain name in /etc/apache2/sites-enabled/ and then restart apache.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 31st May 2012, 11:58
deltaxfx deltaxfx is offline
Junior Member
 
Join Date: May 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Deleted the link the SSL cert was setup on, but no dice. Could it be an issue with setting the IP address for that site? Setting it the same as for ISPConfig?
Reply With Quote
  #8  
Old 31st May 2012, 12:04
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,434
Thanks: 813
Thanked 5,209 Times in 4,085 Posts
Default

Quote:
Deleted the link the SSL cert was setup on, but no dice.
Then you must have changed something else in apache as deleting the link removes the whole site from the apache configuration.

Quote:
Could it be an issue with setting the IP address for that site? Setting it the same as for ISPConfig?
No, as ISPConfig runs on a different port.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 31st May 2012, 15:23
deltaxfx deltaxfx is offline
Junior Member
 
Join Date: May 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ok, well, I reloaded everything and got back to a base install of ISPConfig, and setup my first site on it. I am running my own nameserver as well, setup with the howto on this site.

Right now I have self signed certificates working just fine for the control panel (mydomain.com:8080) and mydomain.com.

Back to the nameserver thing and one site per IP for SSL, in my DNS zone for mydomain.com I have A records for 'mail' and 'www' with the same IP as the record for 'mydomain.com.' (ns1 and ns2 are a different IP). Should I change mail and www to another IP?
Reply With Quote
  #10  
Old 7th June 2012, 11:58
deltaxfx deltaxfx is offline
Junior Member
 
Join Date: May 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Does anyone have an answer for this? What records in a zone should have the static IP that is being used for an SSL site?
Reply With Quote
Reply

Bookmarks

Tags
ispconfig 3, ssl certificate

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
send/receive mail outside of server grandslamjmh Installation/Configuration 12 18th February 2012 17:56
Problems with my 'Perfect Server' chillifire Server Operation 3 6th January 2010 12:26
Ftp problems timeout reny2000 General 6 23rd December 2009 11:09
ISPConfig for a local mailserver, connected with the ISPConfig main mailserver voltron81 Installation/Configuration 12 17th November 2009 13:54
mail from server not sending because main domain is not hosted by ispconfig plathw Installation/Configuration 12 18th September 2008 18:39


All times are GMT +2. The time now is 12:51.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.