*:443 not reachable?

Discussion in 'Installation/Configuration' started by SparkyRih, Jan 3, 2013.

  1. SparkyRih

    SparkyRih Member

    I've read a lot of threads o nthis forum, but non of them have a clear answer for my issue...

    So I have a SSL certificate, installed it for one of my websites in the ISPConfig 3 contorlpanel... I also enabled SSL on the main config screen of the website...

    But whenever I go to https://domain.nl(:443) IE gives me the error:

    Internet Explorer cannot display the webpage.

    /etc/apache2/apache2.conf is listening to port 443... but why is it still not working?
  2. ChrisZ

    ChrisZ New Member

    This is the only thing I can think of off the top of my head. Did you specify "443" when ISPConfig asked which port to make the interface available on?

  3. SparkyRih

    SparkyRih Member

    Good question...
    Where can I check this?
  4. ChrisZ

    ChrisZ New Member


    I hope this helps! :)
  5. SparkyRih

    SparkyRih Member

    I guess you misunderstand my issue...
    I'm able to login to the ISPConfig control panel (over port 8080, with an unsigned certificate, I'm fine with that)...

    I'm trying to add an SSL certificate to one of the websites which is hosted on that server via ISPConfig...
    The settings in ISPConfig seem right, I pasted the SSL cert into the second large field on the SSL tab of the website (including the ---begin, end--- delimiters), I enabled SSL on the main tab of that website, and if I go to my FTP server I can see that it did save the *.crt file correctly in the /ssl folder (if I open the file, it is the certificate signed by GeoTrust)...

    I also tried to add this directive via ISPConfig

    SSLCertificateChainFile /var/www/domain.ext/ssl/domain.ext.crt

    After saving, when I go to the /etc/apache2/sites-availabledomain.ext.vhost I can see that that directive is presont on the last line (within the vhost tags)
    I still end up with IE not being able to open any page (if I use https, http is fine)...

    Edit: also tried editing the vhost tag from *:80 to *:443 or ext.ip.address:443 orr just *)...but nothing...
    Last edited: Jan 4, 2013
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Please do not edit any of the apache config files manually, if you did any changes already, undo them as tehy will prevent the ssl website to work later. The procedure to install a ssl certificate in a website is:

    1) Select the IP address in the site settings instead of *. If the IP does not show up, add it under System > Server IP.
    2) Enable the ssl checkbox in the site settings.
    3) Create a ssl certificate on the ssl certificate tab. If you have already created a cert that does not work, then delete this cert by selecting delete as action and press on save before you create a new ssl cert. Now test that the ssl site works with the self signed ssl cert.
    4) If you want to use a signed ssl cert, then use the csr that ispconfig shows in the first field. Dont use any other csr as the crt and key will not match later and the sl site will fail.
  7. SparkyRih

    SparkyRih Member

    Config is back to defaults...

    Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...

    But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...

    Apache gives this error though: [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

    But that's probably pretty much the same thign as you're telling me, but I thought maybe it's still usefull for anyone...

    Edit: I did do what you told me, I added the fixed IP instead of the *, enabled SSL, createda a self signed certificate via the SSL tab, saved it, still nothing...
    Last edited: Jan 4, 2013
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Just dont mix * and IP. If you switch all sites to use the IP, it will work again.

    Then you will have to replace cert and key manually in the ssl folder. But the ssl authority should also resign your cert for free based on the csr created in ispconfig. Thats nemed rekeying.

    Did you delete the cert before you created a new one?
  9. SparkyRih

    SparkyRih Member

    I got it to work for a minute with a self signed cert, but when I try te add my own cert (replacing the key manually) it does not work anymore...

    The virtualhost with ip:443 was added (by ISPConfig) in the vhosts file of the website, but now the virtual host is not created anymore...

    1. Created self signed cert: working

    After this
    1. Deleted the self signed certificate
    2. Inserted the real certificate data in the certificate field, saved (gave the system some time, and waited for the *.crt file to appear in the ssl folder)...
    3. added the www.domain.ext.key file manually to the ssl dir...

    Edit: So it works now, agian with a self signed cert, now I replaced the files in the ssl dir, but it keeps using the self signed cert...

    Edit 2: Got it... I removed al the certs from the ssl dir, and uploaded my own stuff, now it takes the signed certificate... and it just works perfect :)

    Thanks for the help!
    Last edited: Jan 4, 2013
  10. ChrisZ

    ChrisZ New Member

    Yes, I sure did. I'm sorry. I actually thought, at first, that's what you meant and then read it again. :)

Share This Page