Installed SSL Certificate and get Error: Apache failed to start

Discussion in 'Installation/Configuration' started by Quaxth, Dec 11, 2013.

  1. Quaxth

    Quaxth New Member

    Sorry for misplaced in wrong forum (ISPConfig 2), please delete ther and reply here! It's for ISPConfig 3, thanks.

    Just installed the SSL Class 1 Certificate and followed the Guide: http://www.howtoforge.com/securing-y...-from-startssl and get an Apache Error: Apache failed to start
    Code:
    [Wed Dec 11 20:52:44 2013] [notice] caught SIGTERM, shutting down
    [Wed Dec 11 20:52:46 2013] [error] Init: Unable to read server certificate from file /usr/local/ispconfig/interface/ssl/ispserver.crt
    [Wed Dec 11 20:52:46 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Wed Dec 11 20:52:46 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
    [Wed Dec 11 21:03:31 2013] [error] Init: Unable to read server certificate from file /usr/local/ispconfig/interface/ssl/ispserver.crt
    [Wed Dec 11 21:03:31 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Wed Dec 11 21:03:31 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
    [Wed Dec 11 21:05:45 2013] [error] Init: Unable to read server certificate from file /usr/local/ispconfig/interface/ssl/ispserver.crt
    [Wed Dec 11 21:05:45 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Wed Dec 11 21:05:45 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
    
    What I could do now?

    Thanks.
    _________
     
  2. Quaxth

    Quaxth New Member

    ***BUMP****!!!!

    I really need to know what to do next because my Mail servers are not working any more as of now!

    Was "update" ISPConfig and get the same result! How to revert back completely as withyout SSL Cert?

    Thanks.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The ssl format of a ssl cert or key file that you installed is wrong or broken. Recreate a new self signed ssl certificate as decribed in the first part of the startssl guide and restart apache. If it works, then redo the other steps of the guide.
     
  4. Quaxth

    Quaxth New Member

    Thanks Till.

    Means: recreate an SSL Cert with ISPConfig? Right?

    Thanks
     
  5. Quaxth

    Quaxth New Member

    Also: Do I need to recreate a new Cert via StartSSL or could I redownload the existing one and use again?

    Thanks.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    No, the issue is not related to ispconfig directly. The guide that you used contains instruction on how to create the sl cert.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    If you recreate a self signed ssl cert, then you have to sign it again at startssl to get a new signed ssl cert. Off course, you can try to compare the certs first, maybe you find your issue that way without creating a new ssl cert.
     
  8. Quaxth

    Quaxth New Member

    OK, was thinking is part of ISPConfig because while the process for to create the SSL Cert is just starting below the ISPConfig Logo.

    Ok will do that and see I get the Apache back working and my Mail Servers for sure!!

    Thanks.
     
  9. Quaxth

    Quaxth New Member

    OK, seems to be that Apache is working again:

    Code:
    [Thu Dec 12 15:41:10 2013] [warn] The Alias directive in /etc/apache2/conf.d/squirrelmail.conf at line 3 will probably never match because it overlaps an earlier Alias.
    [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
    [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
    [Thu Dec 12 15:41:10 2013] [warn] The Alias directive in /etc/apache2/conf.d/squirrelmail.conf at line 3 will probably never match because it overlaps an earlier Alias.
    [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
    [Thu Dec 12 15:41:10 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
    Restarting web server: apache2.
    Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -A -u 1000 -H -E -b -D -4 -Y 1 -B
    Update finished.
    
    Or did you see anything wrong?

    Thanks.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats right, the initial certificate is created by ispconfig. But thats not related to the startssl issue that you are having now. You can create a new ssl cert with ispconfig, but therefor you would have to reinstall the server and I guess that not what you want, especially as its not nescessary.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    That ok, if you can reach isconfig and your sites again.
     
  12. Quaxth

    Quaxth New Member

    As I run:
    Code:
    ls -l /usr/local/ispconfig/interface/ssl/
    i get the following:

    Code:
    total 52
    -rwxr-x--- 1 ispconfig ispconfig  2760 May  7  2008 ca.pem.1
    -rwxr-x--- 1 ispconfig ispconfig  2187 Dec 12 15:40 ispserver.crt
    -rwxr-x--- 1 ispconfig ispconfig  2171 Dec 11 16:10 ispserver.crt_bak
    -rwxr-x--- 1 ispconfig ispconfig  1850 Dec 12 15:40 ispserver.csr
    -rwxr-x--- 1 ispconfig ispconfig  3247 Dec 12 15:40 ispserver.key
    -rwxr-x--- 1 ispconfig ispconfig  3311 Dec 12 15:38 ispserver.key.secure
    -rwxr-x--- 1 ispconfig ispconfig 10824 Dec 11 20:49 ispserver.pem
    -rwxr-x--- 1 ispconfig ispconfig  2760 May  7  2008 startssl.ca.crt
    -rwxr-x--- 1 ispconfig ispconfig  4972 Dec 11 20:49 startssl.chain.class1.server.crt
    -rwxr-x--- 1 ispconfig ispconfig  2212 Apr 18  2010 startssl.sub.class1.server.ca.crt
    [email protected]:[email protected]fig3_install/install#
    
    There still the Certs from StartSSL in, do I need to delete them?

    Thanks.
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    They are not used at the moment, so it dont matter if you leave them there or delete them.
     

Share This Page