Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 23rd January 2013, 09:15
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

OK sure:

ls -la /usr/local/ispconfig/interface/ssl/
Code:
total 56
drwxr-s--- 2 ispconfig ispconfig  4096 20 janv. 17:50 .
drwxr-s--- 7 ispconfig ispconfig  4096  7 sept.  2011 ..
-rw-r--r-- 1 root      ispconfig  2609 20 janv. 17:43 ispserver.crt
-rwxr-x--- 1 ispconfig ispconfig  2399 20 janv. 16:15 ispserver.crt_bak
-rwxr-x--- 1 ispconfig ispconfig  1858 20 janv. 16:15 ispserver.csr
-rwxr-x--- 1 ispconfig ispconfig  3243 20 janv. 16:15 ispserver.key
-rwxr-x--- 1 ispconfig ispconfig  3311 20 janv. 16:11 ispserver.key.secure
-rw------- 1 root      ispconfig 10824 20 janv. 17:50 ispserver.pem
-rw-r--r-- 1 root      ispconfig  2760  6 mai    2008 startssl.ca.crt
-rw-r--r-- 1 root      ispconfig  4972 20 janv. 17:50 startssl.chain.class1.server.crt
-rw-r--r-- 1 root      ispconfig  2212 17 avril  2010 startssl.sub.class1.server.ca.crt
ls -la /etc/ssl/private/
Code:
total 24
drwx--x--- 2 root ssl-cert 4096 20 janv. 18:07 .
drwxr-xr-x 4 root root     4096 21 f?vr.  2011 ..
-rw------- 1 root dovecot   891 16 janv. 11:27 dovecot.pem
-rw------- 1 root root      891 16 janv. 11:27 ks4003865.ip-142-4-212.net.key
lrwxrwxrwx 1 root root       48 20 janv. 18:07 pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem
-rw------- 1 root root     2266 16 janv. 11:27 pure-ftpd.pem_bak
-rw-r----- 1 root ssl-cert 1679  7 sept.  2011 ssl-cert-snakeoil.key
Reply With Quote
Sponsored Links
  #12  
Old 23rd January 2013, 17:59
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

is it possible that the symlink breaks the access to the ssl certificate?
Reply With Quote
  #13  
Old 23rd January 2013, 18:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,468
Thanks: 813
Thanked 5,253 Times in 4,119 Posts
Default

Normally not. But you can try to replace the symlink with the cert:

Try this:

rm /etc/ssl/private/pure-ftpd.pem
cp -pf /usr/local/ispconfig/interface/ssl/ispserver.pem /etc/ssl/private/pure-ftpd.pem

and restart pure-ftpd.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #14  
Old 23rd January 2013, 18:13
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

I did this but nothing changed apparently...

With grep ftp /var/log/syslog I still get this:

Code:
Jan 23 12:07:13 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
I don't get it :-/
Reply With Quote
  #15  
Old 23rd January 2013, 18:15
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

By the way, I restart with this command:
/etc/init.d/pure-ftpd-mysql restart

Is it correct?

I get this output when doing so:

Code:
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -u 1000 -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -b -A -8 UTF-8 -4 -H -D -E -S *,21 -B

Last edited by Fluotonic; 23rd January 2013 at 18:19.
Reply With Quote
  #16  
Old 23rd January 2013, 19:13
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Maybe I need to update PureFTPd to the latest version?
My version is 1.0.28 and I see the latest release is 1.0.36.

Do you think it could solve my problem?
Reply With Quote
  #17  
Old 23rd January 2013, 21:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,468
Thanks: 813
Thanked 5,253 Times in 4,119 Posts
Default

It is unlikely that its related to the pure-ftpd version. Did pure-ftpd work before you installed the new ssl cert? in this case, it might be that the pem file content is wrong: try to renme the .pem file to a different name and rename the pem_bak file to .pem and restart pure-ftpd to test if it works with the old file.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Fluotonic (23rd January 2013)
  #18  
Old 23rd January 2013, 21:38
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

OMG! You got it!!!

OK, so everything's OK now, everything's good but what can I do to correct this SSL certificate. I just noticed I had 3 certificates stacked on each other in this file, just after the RSA key, which seems very strange to me. Could it be the problem?

Thank you very much for your help again! You're saving me so much time and pain finding this. I bought the ISPConfig documentation but couldn't figure out a solution for this problem...

Any idea to fix this certificate?
Reply With Quote
  #19  
Old 23rd January 2013, 21:47
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
 
Default

Holly cow!!! Forget my last message, I finally found the problem!

For some reason, there was a mistake in the pile of certificates in the generated pure-ftpd.pem

After the first or second certificate, a line break was missing, which was creating a problem to read the rest of certificates insite the file, obviously :-D

Instead of

Code:
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
I had

Code:
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
I guess it,s something to let users know about. I hope my fixing will help others!

Anyway, a big big thank you Till, you saved my life!

Cheers and hail to ISPConfig ;-)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 00:15
strange fail2ban behaviour > doesn't ban specific IP Djamu Server Operation 2 13th January 2012 02:29
Mail Question: installed smf forum on centos perfect server setup with ispconfig happz Installation/Configuration 7 22nd August 2008 13:15
Question about Virtual Hosting With Proftpd And MySQL (Incl. Quota) On Debian Etch ikkem HOWTO-Related Questions 30 26th February 2008 19:38
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 12:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.