Added IP address, Apache broken

Discussion in 'Installation/Configuration' started by FumarMata, Apr 23, 2012.

  1. FumarMata

    FumarMata New Member

    Hello,

    I wanted to install an SSL certificate. I was following the instructions in

    http://www.howtoforge.com/securing-...h-a-free-class1-ssl-certificate-from-startssl

    Where I did it to point 2, but not 3 (StartSSL site was not working), so I went to the ISPConfig manual and I read that I have to associate the certificate to a single IP, not to the *. I look at my domain and see that it's associated to the * instead of the IP, that is not there.

    So I go to ISPConfig and add a new IP. From then on, Apache has stopped working and the logs don't show anything meaningful to me:

    /var/log/apache2/error.log
    Code:
    ...
    [Mon Apr 23 12:19:02 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Mon Apr 23 12:19:02 2012] [warn] RSA server certificate CommonName (CN) `Marc Sallent' does NOT match server name!?
    [Mon Apr 23 12:19:02 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
    [Mon Apr 23 12:19:02 2012] [notice] Digest: generating secret for digest authentication ...
    [Mon Apr 23 12:19:02 2012] [notice] Digest: done
    [Mon Apr 23 12:19:02 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Mon Apr 23 12:19:02 2012] [warn] RSA server certificate CommonName (CN) `Marc Sallent' does NOT match server name!?
    [Mon Apr 23 12:19:02 2012] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
    [Mon Apr 23 12:21:02 2012] [notice] caught SIGTERM, shutting down
    DBI connect('database=dbispconfig;host=localhost:3306','ispconfig',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) at /usr/local/ispconfig/server/scripts/vlogger line 257
    
    The last error with a date is when apache stopped working
    The "DBI Connect..." is when I rebooted the server

    When I try to reboot I get this, but nothing is printed in the log:
    Code:
    root@server1:/var/log/apache2# apachectl restart
    httpd not running, trying to start
    Action 'restart' failed.
    The Apache error log may have more information.
    root@server1:/var/log/apache2# 
    
    Can you help me? All my sites are down :(

    Thanks in advance,

    marc
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely you have a broken ssl cert on your server. Delete the vhost file symlink in /etc/apache2/sites-enabled/ for the website that you tried to add the new ssl cert and then restart apache. Then login to ispconfig and disable ssl for that site so that the site gets available too again. Then create a new ssl cert for the site in ispconfig, ensure that you use short description in the ssl fields and no special chars as openssl can fail otherwise.
     
  3. FumarMata

    FumarMata New Member

    It didn't work, I removed the symlinks (moved them to a ./bak folder, is it the same?) and I still get the same result
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Then the problem must be related to the startssl config steps that you did before and not the configuration changes in ispconfig. I guess you you did not notice the problem before as apache was not restarted.

    Please try to undo the other config changes you did for startssl and then try to restart apache.
     
  5. FumarMata

    FumarMata New Member

  6. till

    till Super Moderator Staff Member ISPConfig Developer

    To completely disable ssl for ispconfig, edit the file:

    /etc/apache2/sites-available/ispconfig.vhost

    add a # in front of the lines:

    SSLEngine On
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    ## must be re-added after an ISPConfig update!!!
    SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class1.server.ca.crt

    and then restart apache.
     
  7. FumarMata

    FumarMata New Member

    I commented them all (the last one was not in the file) and I still get the same result.
    It's strange that the log shows -nothing- at all
    !Thanks so much for your help!!!!
     

Share This Page