HTTPS points to default in ssl.conf

Discussion in 'Installation/Configuration' started by rbartz, Aug 4, 2017.

  1. rbartz

    rbartz Member

    On Centos 6.9 Perfect Server setup (up from 6.5 original) with Ispconfig 3.1.6, the original install did not include CertBot. Of course, the letsencrypt for websites did not create anything.

    I followed the Certbot installation in later Centos Perfect Server setups and checking letsencrypt SSL does its thing. It connects, creates and installs and links the certificates in the site's SSL, and adds all the proper lines to the /etc/httpd/conf/sites-available/domain.com.vhost. httpd tests and restarts, no problem.

    However, when I go to https://domain.com it loads the default SSL Certificate in /etc/httpd/conf.d/ssl.conf which of course is not the right one. The correct one is specified in the /etc/httpd/conf/sites-available/domain.com.vhost file. The domain works as expected but of course the secure warning are there.

    I tried to RE-update ispconfig 3 using ispconfig_update.sh thinking maybe that might reset the configs in some way but of course, it will not run since the latest version is already installed.

    Is there something else I need to do to configure apache or certbot or letsencrypt to work together?

    Richard
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    Does it also load the default website? If so, check that you use either '*' or the ip address everywhere for your sites, and don't mix them. If you get the right site but wrong certificate, it's a different problem, maybe paste the sites-enabled vhost file for the domain and 'apachectl -S' output as a starting point.
     
  3. rbartz

    rbartz Member

    Thank you Jesse. It did load the correct website but not the right certificate.
    I managed to fix it just a little while ago. One of the things that I hate is when someone fixes something and then just closes the question without saying what they did. I did get it to work properly, so I will finish this with what I did.
    First of all, the original perfect server setup (couple of years ago) did not have certbot or letsencrypt. Later versions of ispconfig 3 had letsencrypt but there was no certbot installed. So I used a later Perfect Server setup to install the certbot. Then I restarted everything and it seemed to work except for that site.
    There was no SSL on that site before but there was some information in the SSL tab of the website so I removed all references in SSL to any certificates and use the delete certficate save in the SSL tab just in case. Then I unchecked letsencrypt and ssl and saved again. Then I rechecked letsencrypt and ssl and it reinstalled the letsencrypt certificate and it all works correctly now.
    Thanks to the development team for a fine piece of software.
    Richard
     
    Jesse Norell likes this.
  4. Steffan

    Steffan Member

    i have the same problem.
    The only way it works for me now is to first create a ssl certificate in the SSL tab.
    After that is done, enable letsencrypt.
    Then it works fine. No idee why.
     

Share This Page