Https not working

Discussion in 'General' started by Cris Kolkman, Sep 15, 2016.

  1. Cris Kolkman

    Cris Kolkman Member

    Hello all,

    I have a fresh CentOS 7.2 install with ISPConfig 3.1.
    Webserver is running fine etc, but when I go to the https for my site, it only shows me the Apache welcome page.
    What could be the problem?

    Thanks in advance!!
     
  2. Cris Kolkman

    Cris Kolkman Member

    It seems that when you go to the https of the same site as http, that it looks in the root html dir:
    /var/www/html
    While it should look into the same folder as the normal http.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    This means that https is not enabled for that site or bo valid ssl cert has been created for the site yet.
     
  4. Cris Kolkman

    Cris Kolkman Member

    I do have it all enabled so don't know what is going wrong.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you create an SSL cert on the SSL tab or do you use letsencrypt?
     
  6. Cris Kolkman

    Cris Kolkman Member

    I tried both, but both don't work.
     
  7. Cris Kolkman

    Cris Kolkman Member

    Maybe it's a problem with 3.1? Since it works fine with 3
     
  8. Jesse Norell

    Jesse Norell Active Member

    Check the ip address you have set for your sites, and don't mix '*' with the actual shared ip address (use one or the other).
     
  9. Cris Kolkman

    Cris Kolkman Member

    It worked before but I re-installed the server and now https is working for the ISPConfig admin page on port 8080, but it's not working anymore for the website.
    All SSL is enabled and csr, key and bundle correct at the config page.
     
  10. Cris Kolkman

    Cris Kolkman Member

    When I remove the SSL option from the site, I get the bad cert warning and when I add an exception, it shows me the website with https but without cert (so what you expect it would do).
    When I enable the SSL option, it also shows me the bad cert warning but when I add an exception, it shows me the webserver root apache welcome page (Testing 123...)
     
    Last edited: Sep 22, 2016
  11. Cris Kolkman

    Cris Kolkman Member

    After a little more digging in the error logs:

    [Thu Sep 22 16:15:26.794039 2016] [ssl:warn] [pid 11447] AH01909: RSA certificate configured for my.fqdn.eu:443 does NOT include an ID which matches the server name
     
  12. Cris Kolkman

    Cris Kolkman Member

    Changing the virtualhost in my .vhost file from *:443 to my.fqdn.eu:443 makes it show the website but still with an error.
    Checking the cert its trying to use it says my in the common name instead of my.fqdn.eu
     
  13. Jesse Norell

    Jesse Norell Active Member

    If it's self-signed, regenerate the certificate. If it's purchased I don't think I've ever come across that. Maybe my.fqdn.eu is present in a SAN?
     
  14. Cris Kolkman

    Cris Kolkman Member

    It's not a self-signed.
    I don't understand why it worked perfectly before I re-installed the server, and now the cert is working fine for https://my.fqdn.eu:8080 (ISPConfig admin page) while it is not working for https://my.fqdn.eu

    And why would https://my.fqdn.eu show the apache welcome page:
    While http://my.fqdn.eu shows me the website like it should do?
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    The ispconfig vhost on port 80 is not related to the other one on port 80, so that one works and the other one not means nothing.

    Back to your original problem:

    apache will show the default vhost when there is no better matching vhost, this means that it will be shown when there is no vhost for this domain on port 443 with a matching IP (or *).

    1) Ensure that my.fqdn.eu is not the server hostname. The server hostname points to the default vhost.
    2) Check that you enabled the SSL checkbox on the first tab of the website in ispconfig.
    3) Check that you entered the correct data into the SSL key field and SSL cert field (the data of your official SSL cert). The key and cert must match!
    4) select "save certificate" on the ssl tab and press the save button, then wait 1 minute until the change got applied.
     
  16. Cris Kolkman

    Cris Kolkman Member

    Thanks for your fast reply!!

    1) The my.fqdn.eu IS the server hostname but this also worked before, I can try to change this if needed.
    2) This SSL box is checked.
    3) This is all correct.
    4) I did this like it should be done :)
     
  17. Cris Kolkman

    Cris Kolkman Member

  18. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you have a look into the apache vhost file of the website to see if it contains a vhost portion for port 80 and one for the ssl port 443? If you need help by remote login then you should consider to contact Florian Schaal from ISPConfig business support http://www.ispconfig.org/get-support/?type=ispconfig
     
  19. Cris Kolkman

    Cris Kolkman Member

    Yeah that's the strange thing, is has both *:80 and *:443 in the vhost file.
    Again doing a server re-install at the moment with a different hostname etc. so I'll let you know what my findings are.
     
  20. Cris Kolkman

    Cris Kolkman Member

    Installed and configured a new server with a new hostname etc.
    Got the SSL working for both ISPConfig 8080 and normal website :)
    Will try to enable SSL now for postfix etc.
     

Share This Page