After SSL server down

Discussion in 'Installation/Configuration' started by conny2540, Mar 14, 2019 at 10:41 AM.

  1. conny2540

    conny2540 New Member

    After I tried to install SSL certificate to my VPS the httpd is down.
    I used this tutorial (BTW ln -s commando is not found, so I stopped here), but already renamed the .bak-files to their correct name again, as failed).

    Error: - Line 63 is not available on /000-sipconfig.vhost
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sit
    AH00526: Syntax error on line 63 of /etc/apache2/sites-enabled/000-ispconfig.vhost:
    SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty.
    Action 'configtest' failed.
    What should I do ? How can I undo or correct the error ? I'm on Ubuntu 16.04.
     
    Last edited: Mar 14, 2019 at 11:13 AM
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ensure that /usr/local/ispconfig/interface/ssl/ispserver.crt is really a file and not a symlink and that it contains the old certificate.

    Regarding the original problem, you probably did not got an LE SSL cert in the first step and when you set the symlinks to this non existing cert, then apache fail. Check why LE did not issue a certificate: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
     
  3. conny2540

    conny2540 New Member

    Certificate was not issued. It is only one for one of the two domains on the server.
    I also tried to copy the content from file ispserver.crt-190314093543 to ispserver.crt file which indeed was empty (so I presume a symlink). Now I have no errors in the log, but apache refuse to restart. If I add the content there and save, it will safe as a file or not ?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Delete ispserver.crt and then craete it again with the correct content inside.
     
  5. conny2540

    conny2540 New Member

    Done. No chance to restart the apache.
    [Thu Mar 14 09:35:50.186091 2019] [access_compat:error] [pid 2034] [client 60.191.38.77:18978] AH01797: client denied by server configuration: /var/$
    [Thu Mar 14 10:10:04.867081 2019] [mpm_prefork:notice] [pid 2020] AH00169: caught SIGTERM, shutting down
    [Thu Mar 14 11:10:06.884246 2019] [ssl:emerg] [pid 7521] AH02562: Failed to configure certificate xxxxxxx:8080:0 (with chain), check /usr/$
    [Thu Mar 14 11:10:06.897230 2019] [ssl:emerg] [pid 7521] SSL Library Error: error:0906D066 :EM routines :EM_read_bio:bad end line
    [Thu Mar 14 11:10:06.897271 2019] [ssl:emerg] [pid 7521] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file :EM lib
    AH00016: Configuration Failed
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    check the key and bundle file too and ensure that you do not have a wrong line at the end of the certificate file.
     
  7. conny2540

    conny2540 New Member

    The problem here seems to be another. I'm on a VPS at OVH, when I try to force certificate than I get this error:
    There were too many requests of a given type :: Error creating new order :: too many certificates already issued for: ovh.net: see https://letsencrypt.org/docs/rate-limits/
     
  8. conny2540

    conny2540 New Member

    How to remove all what was done before ? I'm unable to restart the apache. BTW I don't want to remove the certificate from the domains, only from vps.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to use your own hostname, not a subdomain from ovh. LE will not issue certs for ovh subdomains.

    That's what I explained above in this thread. Delete the symlinks and copy back the original files. if you don't have the original files anymore, then you can do an ispconfig update, select git-stable as update source and then choose to recreate new ssl certs during update.
     
  10. conny2540

    conny2540 New Member

    ISPConfig update not possible. It stucks on second point - backup. I choose yes. nothing happens.
    Made also this: sudo rm -rf /usr/local/ispconfig/interface/ssl/ispserver.cert and restarted apache. No luck. No errors but apache wont restart httpd
     
    Last edited: Mar 14, 2019 at 11:57 AM
  11. conny2540

    conny2540 New Member

    Thank you, finally I manged it. Deleted all in ISPConfig/SSL folder, run the ispconfig update, created new SSL certificate (by choosing no - default, it was not possible to access ISPConfig anymore !!), and now all running again.
     

Share This Page