Adding SSL to a Site

Discussion in 'Installation/Configuration' started by Mario90, May 20, 2014.

  1. Mario90

    Mario90 New Member

    Hi,
    i've just purchased a RapidSSL certificate and i would like to install it on my site.
    I did not understand how to install the certificate by using the ISPConfig panel.
    I could do it manually modifying the conf files for the site but i would like to know the correct procedure on the panel.
    Thank you very much.
     
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Open the website in ISPConfig and check the "SSL" checkbox. Then switch to the SSL tab.
    Copy the contents of the crt file you got into the certificate field and if you got further "CA" cert files, add their contents to the Bundle field.
    If you did not use ISPConfig to generate your CSR you also have to copy the content of your key file that you used to create the CSR to the Key field.
    Then choose "Save certificate" from the select box below and click "save".
     
  3. Mario90

    Mario90 New Member

    Done that, but it does not work.
    I get a mydomain.com.vhost.err file in sites-available of my apache install.
    Also i get a .err file in mydomain/ssl directory for .bundle, .key and .crt

    What to do now?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Then either the key, cert or bundle is not correct. ispconfig creates a .err file when apache failed to start with the ssl cert.
     
  5. Mario90

    Mario90 New Member

    How to check which is wrong, then? I just copypasted the certificate, the bundle that RapidSSL sent me.
    Then i opened my privatekey.key file and copypasted everything like before.
    It's too strange...

    Do i need also the SSL Request,maybe?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The ssl request is not required. The most likely reason for such a failure is that the ssl key and ssl cert do not match or in other words, the ssl cert was created with a different key.

    it would have been much easier if you would have created the ssl key, csr and self signed ssl cert in ispconfig as that prevents the problem that you have now with manually created certs.
     
  7. Mario90

    Mario90 New Member

    Of course I keeped my .csr request and .key certificate.
    How can i check that the key is correct for the .crt received?
     
  8. Mario90

    Mario90 New Member

  9. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Are the files in correct form?
    Code:
    -----BEGIN CERTIFICATE-----
    MIIHcjCCBlqgAwIBAgID.....
    ....
    -----END CERTIFICATE-----
    and for the key

    Code:
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEAxZaZY.....
    ....
    -----END RSA PRIVATE KEY-----
     
  10. Mario90

    Mario90 New Member

    Yes, it's all correct.
     
  11. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Is mod_ssl enabled?
    Try a2enmod ssl.
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    you can try to rename the .err files (remove the .err) and then restart apache and check the error.log and command prompt for errors.
     
  13. Mario90

    Mario90 New Member

    Followed your hint and the certificate worked correctly at the first try!
    Thank you very much!
     
  14. Mario90

    Mario90 New Member

    :mad:
    The solution seemed to work...by restarting apache with "service apache2 restart" everything went correctly till this night.
    This night at 0:30 i found apache service broken up.

    What was the cause?
    ISPConfig cron did a sync on all my services and generated .err for each VHOST file in my /etc/apache2/sites-available folder :eek:
    I noticed by running the sync on my own after restarting apache manually by shell.
    How to resolve then?
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

  16. Mario90

    Mario90 New Member

    I understood the problem. Certificate cannot run because ISPConfig does not know the unencrypting password for my key.
    When i restarted manually apache2 it prompted me the unencryption password.
    Where should i write the unencryption password for ISPConfig?
    If this is not possibile, how can i get the unencrypted .key file?
     

Share This Page