#1  
Old 4th November 2012, 23:54
BitSprocket BitSprocket is offline
Junior Member
  
Join Date: Nov 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default SSL Certificate install trouble
All,

I have install per your Perfect Ubuntu 12.10 server howto and am having an issue with getting my certificate to work properly.

I've entered the ip address and am not using a wildcard and I have verifed that the certs are in-fact in the /var/www/sitename/ssl directory. SSL is checked on the proper page but when browsing to https://mysite.com I get a 701 error and the apache2 error log reads :

Code:
client denied by server configuration: /var/www/
I can get to the non https site just fine but can't get the server configured to pull files from the proper location.

I've tried deleting the domain and re-creating it with no luck. It also seems that the virtual host file in /var/www/apache2/sites-enabled makes no mention of port 443 or ssl.

Thanks for your help!
Reply With Quote
Sponsored Links
  #2  
Old 5th November 2012, 11:24
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,896
Thanks: 693
Thanked 4,190 Times in 3,207 Posts
Default
Please remove the ssl cert that you copied to the ssl folder manually and then create a nwe ssl cert in ispconfig on the ssl tab of the website, wait a few minutes and test again. If the site works with the self signed ssl cert, replace the ssl cert and key file in the ssl folder with the cert and key of your other ssl cert and restart apache.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 5th November 2012, 16:08
BitSprocket BitSprocket is offline
Junior Member
  
Join Date: Nov 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default
Thanks till. Late last night (before your post) I found a solution that works but I wanted to get your opinion. It's very different than the one you mentioned. I added a clause to the mysite.com.vhost file in /etc/apache2/sites-available and it looks like this:

Code:
<Directory /var/www/mysite.com>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/mysite/web
  
    ServerName mysite.com
    ServerAlias www.mysite.com
    ServerAdmin webmaster@mysite.com

    ErrorLog /var/log/ispconfig/httpd/mysite.com/error.log

    Alias /error/ "/var/www/mysite.com/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
    </IfModule>

    <Directory /var/www/mysite.com/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client0/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    <IfModule mod_suexec.c>
      SuexecUserGroup web1 client0
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/mysite.com/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client0/web1/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web1 client0
    </IfModule>

    <IfModule mod_dav_fs.c>
	  # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/client0/web1/webdav>
	    <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      DavLockDB /var/www/clients/client0/web1/tmp/DavLock
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>
<VirtualHost *:443>
      DocumentRoot /var/www/mysite.com/web
  
    ServerName mysite.com
    ServerAlias www.mysite.com
    ServerAdmin webmaster@mysite.com

    ErrorLog /var/log/ispconfig/httpd/mysite.com/error.log

    Alias /error/ "/var/www/mysite.com/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
    </IfModule>

    <Directory /var/www/mysite.com/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client0/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    <IfModule mod_suexec.c>
      SuexecUserGroup web1 client0
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/mysite.com/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client0/web1/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web1 client0
    </IfModule>

    <IfModule mod_dav_fs.c>
	  # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/client0/web1/webdav>
	    <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      DavLockDB /var/www/clients/client0/web1/tmp/DavLock
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>
SSLEngine on
SSLCertificateFile /var/www/clients/client0/web1/ssl/mysite.com.crt
SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/mysite.com.key
SSLCACertificateFile /var/www/clients/client0/web1/ssl/mysite.com.bundle

</VirtualHost>
Paying particular attention to the section starting <VirtualHost *:443> I know wildcards are less than ideal as it seems to apply to all my sites now (producing the browser warning of course) but it works properly for the site I need. The other sites don't use ssl anyway so I'm not concerned.

Thoughts?
Reply With Quote
  #4  
Old 5th November 2012, 16:37
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,896
Thanks: 693
Thanked 4,190 Times in 3,207 Posts
Default
Never edit a vhost file manually as all manual settings that you do in that file will get removed automatically anyway.

If you use * or the Ip depends on your apache version, the IP works always, * works only on latest apache versions and enables ssl for sni only which is not understood by older internet explorer versions.

Please do what I described above, ispconfig will then create the ssl vhost automatically, it has not created it before because either one of your manually copied ssl certs were wrong or had a wrong name, so apache was not able to strat with the ssl certs you provided and ispconfig had to do a rollback and remove the ssl vhost again.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 5th November 2012, 16:39
BitSprocket BitSprocket is offline
Junior Member
  
Join Date: Nov 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default
Thanks for the advice till. And for the quick reply!
Reply With Quote
Reply

Bookmarks

Tags
701, ssl

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Issue configuring an SSL domain with current certificate jbd123 Installation/Configuration 1 9th July 2012 10:34
Some problems after upgrade OS lenny to squeeze matiasCU Installation/Configuration 3 31st May 2011 22:53
Adding SSL certificate to Site snowfly Installation/Configuration 2 31st May 2011 12:54
SSL certificate Jorem Installation/Configuration 10 7th February 2011 00:32
SSL install: cannot find new certificate JamesD Installation/Configuration 1 14th April 2010 07:05


All times are GMT +2. The time now is 05:10.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.