Empty SSL Request field ?

Discussion in 'ISPConfig 3 Priority Support' started by Nexus Fred, Jul 11, 2021.

  1. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Hello,
    When I try to generate a SSL cert the section "SSL Request" still empty ?


    Configuration
    VMware 15
    Ubuntu 20.04.2 LTS (Focal Fossa)) ISPConfig 3.2.5 Fresh install
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    How are you generating it?
    I tried to figure out what might be happening, and can not quite get it. Are you creating certificate for a website? You are not using Let's Encrypt cerrtificate but instead want to use self signed or purchased certificate?
    Have you read page 133 of ISPConfig 3.1 Manual?
     
  3. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Hello @Taleman,
    I can't use Let's Encrypt on a VMware install because the domain that I use do not exist (something like server1.example.com) :)
    So I try to create one self signed certificate, the "SSL Key" & "SSL Certificate" fields are filed, but the "SSL Request" remain empty.

    The only solution I found it's to create one self signed certificate on my old virtual machine on ubuntu 18.04 with ISPConfig 3.1 and copy paste all fields.

    I try to build a complete new install with the tutorial "Perfect Server Automated ISPConfig 3 Installation on Debian 10 and Ubuntu 20.04" usign the command "wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades" and I still have the same issue.

    I have another virtual machine where I have updated ubuntu 18.04 to 20.04 and ISPConfig 3.1 to 3.2 and I do not have this issue with it, but another one. The Job Queue is stuck :rolleyes:. But before that issue, it was possible to create a self signed certificate.

    My knowledge about unix is limited, I have some DOS base from my Amiga time, but I'm not familiar with all unix terms ;)
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    That's a bug in ISPConfig 3.2.5.
     
    ahrasis likes this.
  5. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Hello @till,
    what can I do to fix it ? Because if "SSL Request" remain empty, the website is not reachable at all from Chrome & Firefox. I do not have the possibility to bypass the message : "Your connection is not private. Attackers might be trying to steal your information ... bla bla bla"
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The SSL CSR field is not used nor needed to serve SSL encrypted data to the client browser. If you have issues with serving the website SSL encrypted, then your issue is not related to the CSR field being empty. The only thing that does not work at the moment is to create a CSR request inside ISPConfig to Buy a third-party SSL cert. SSL itself works fine and is unaffected, so you can still use SSL with Let's encrypt and you can still create a self-signed SSL cert in ISPConfig and you can also use any third-party SSL cert, you just have to generate the CSR and key outside of ISPConfig.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

  8. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    Ok the CSR was not the issue. :oops:
    But I found something strange.
    If I add 2 websites, the first mywebsite.tld and the second mywebsite.dev
    Then I create 2 SSL certificate with same informations for the fields State, Locality ...
    When I try to reach each domain I do not have the same message
    With *.tld I can bypass the warning message but I do not have this option with *.dev ?
    [​IMG]
     
  9. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    As your message shows, your dev site uses HSTS; if you want to connect to it using an invalid certificate, you will have to disable HSTS and get your browser to forget that HSTS was formerly in use (search for your specific browser to find how to do so).
     
  10. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    @Jesse Norell both websites have exactly the same configuration in ISPConfig.
    The only difference it's the extension. So why .dev use HSTS and not .tld ?
     
  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If you didn't use ispconfig to set that header, it could be the website itself sending that, or a .htacess file.
     
  12. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    @Jesse Norell both websites contain only the files generated by ISPConfig.
    They are 100% identical
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    It might depend on the TLD that the domain uses. If I remember correctly that I've read some time ago that some TLDs are treated differently by browsers.
     
  14. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    @till the issue is on the ".dev". The ".tld" and ".com" react as expected.
    That very strange. :eek:
     
  15. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You could have used HSTS on the site/domain in the past and your browser will remember that for as long as the HSTS header told it to (potentially years); search for how to clear that (eg. "Firefox forget HSTS").
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    Not really, see here:

    https://get.dev/

    I'll cite from Wikipedia: "The .dev top-level domain is incorporated on the HSTS preload list, requiring HTTPS on all .dev domains without individual HSTS enlistment.".
     
    Jesse Norell likes this.
  17. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Nice, I didn't realize that.
     
  18. Nexus Fred

    Nexus Fred New Member HowtoForge Supporter

    @till thanks for the intel.
    I wasted two days trying to solve this problem thinking that I had wrongly installed ISPConfig lol :D:D
     

Share This Page