Fail to open ISPConfig site: firefox 8182

Discussion in 'Installation/Configuration' started by BigB, Jul 21, 2005.

  1. BigB

    BigB New Member

  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Is ISPConfig running? Execute

    Code:
    netstat -tap
    and look if ISPConfig is running on port 81. If not, restart ISPConfig:
    Code:
    /etc/init.d/ispconfig_server restart
    BTW, you did try to connect on port 81, didn't you (it's https://url_of_your_server:81)? :D

    It's also possible that the firewall on your desktop is blocking access to port 81. Shut down your firewall and try again.
     
  3. BigB

    BigB New Member

    yes it is running, however the certificates the setup generated seem to be faulty, is there a way to restart that part of the setup or an other way to re-generate those certificates?
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Try this:

    Code:
    openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
    openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
    openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
    openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
    chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key
    Restart ISPConfig afterwards.
     
  5. m u r

    m u r New Member

    Well, firefox at least gives me the option now. It still says, "This certificate is not in the trusted root database." Is that normal?
     
  6. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes, because it is an self signed certificate. If you dont want to have this messgae you must buy an SSL Certificate from an SSL Authority.
     
  7. KenMcGinnis

    KenMcGinnis New Member

    How to remove SSL from port 81.

    I have the SSL working for port 81, admin console, no problem. However, I want to have a cert on port 80 (192.168.0.195:80) but I can't because there already is a cert for that IP. How to remove the https: access and use http: ?
     
  8. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    change the file /root/ispconfig/httpd/conf/httpd.conf and the Server URL in the ispconfig configuration in /home/admispconfig/ispconfig/lib/config.inc.php

    When you switch the controlpanel httpd to port 80, you must have an IP only for the controlpanel httpd and configure the admin server to only to listen to that IP. And your main apache server must be configured to listen on all IP's except the IP from the controlpanel httpd.
     
  9. hairydog2

    hairydog2 New Member

    Is there a step-by-step description of how to install a bought certificate into a working ISPConfig setup?

    I'm thinking about the certificate for the Admin login, not the public server.
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

  11. hairydog2

    hairydog2 New Member

    Thank you. I really appreciate your quick and helpful replies.

    If paid-for software was as well supported as ISPConfig, life would be so much easier!
     
  12. hairydog2

    hairydog2 New Member

    Hmm. I've hit a snag. When I paste in the csr, I get:

    "UK is an Invalid Country - do you mean GB?"

    The answer to that question is "Yes" but there is nowhere for me to put that. So I guess I need to generate the csr again, properly this time.

    Suppose I need to do all that "openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024" and so on mentioned above.

    I'm not sure what I am supposed to put in place of "yourpassword" for that.

    Trial and error with certificates seems to be getting me just errors!
     
  13. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You can make up a new password and replace yourpassword with it.
     
  14. hairydog2

    hairydog2 New Member

    And it doesn't matter if that doesn't match any other passwords? Will I need it later (after the certificate is issued?) or can I forget it?
     
  15. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You should write it down!:) I think you need it if you want to change the certificate for some reason (i.e. change of company name or stuff like that) before it expires. I think your CA (e.g. instantssl.com) wants to see that password then, but I'm not quite sure.
     
  16. hairydog2

    hairydog2 New Member

    I now have a second IP assigned, and I have added it in /etc/network/interfaces by adding a section that says:

    auto eth0:1
    iface eth0:1 inet static
    address 80.bb.cc.ddd
    netmask 255.255.255.255
    pointopoint 80.bb.cc.1
    gateway 80.bb.cc.1

    (Originally, I used auto eth0 and that seemed to give an error.) After a network restart, I seem to be able to ping the new IP.

    I did that, but after I'd restarted the Apache server using 'apachectl restart' it only gave a blank window when I tried to go to the control panel.

    Can you give specific details about what needs to be changed in these files?

    Is it necessary to have it listen to multiple IPs if the server only has one IP? I can't work out where to control which IP the apache2 server is listening on. There seem to be so many configuration files for it! Even if I found where, I know how to make it listen on all (*) or on specific IPs, but how do I exclude one IP?
     
  17. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You can use the Listen directive. For example, you can write
    Code:
    Listen 127.0.0.1:80
    Listen <your public ip>:80
    You see, it's allowed to have multiple Listen directives.

    In /root/ispconfig/httpd/conf/httpd.conf you have to replace all occurences of port 81 with the new port number, the same goes for /home/admispconfig/ispconfig/lib/config.inc.php.
     
  18. hairydog2

    hairydog2 New Member

    I'm not really clear about where the Listen directives need to go. There seem to be several possible places for it in Apache2. But that's to control where Apache2 listens to normal website connections.

    The other two files refer to the Apache1 ISPConfig admin server, don't they? I need to be able to specify a different IP for that as well as changing the port. Do I need to actually specify a port number if I want it to use the standard https port?
     
  19. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Run
    Code:
    httpd -V
    and you'll see which file is the Apache2 configuration file. Many distributions split this file up, so you might see some "Include" lines in the main configuration file. You might have to search these included files also for the Listen directive.

    Yes.
    Yes.
     
  20. nenad

    nenad ISPConfig Developer ISPConfig Developer

    When I try to recreate certificate I receive this error in shell:

    shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
     

Share This Page