Installing an SSL certificate crashes apache

Discussion in 'Installation/Configuration' started by dimas, Mar 21, 2013.

  1. dimas

    dimas Member

    Good day everyone, I have a problem with installing an SSL certificate bought from Comodo for one of my clients (ISPConfig 3.0.4.6, Debian Squeeze 64-bit, Perfect Setup).

    I'm doing it with the client's credentials - and it turns out that a client can crash apache for the whole server!

    Anyway, this is what I did. First I checked the "SSL" mark, created a certificate, and sent CSR to Comodo. When the certificate was ready, I pasted the certifcate and SSL Bundle (as received from Comodo) to the corresponding fields, with the SSL action "Save certificate".

    Then after a little time apache just crashes (and it can't be manually restarted), with the following error log:

    Code:
    [email protected]:/var/log/apache2# tail -f error.log
    [Thu Mar 21 17:58:03 2013] [notice] Digest: generating secret for digest authentication ...
    [Thu Mar 21 17:58:03 2013] [notice] Digest: done
    [Thu Mar 21 17:58:03 2013] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.4.12-1~dotdeb.1 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
    [Thu Mar 21 17:58:51 2013] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /etc/apache2/htdocs
    [Thu Mar 21 17:59:02 2013] [notice] caught SIGTERM, shutting down
    [Thu Mar 21 17:59:03 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
    [Thu Mar 21 17:59:03 2013] [notice] Digest: generating secret for digest authentication ...
    [Thu Mar 21 17:59:03 2013] [notice] Digest: done
    [Thu Mar 21 17:59:03 2013] [notice] Apache/2.2.16 (Debian) DAV/2 mod_fcgid/2.3.6 PHP/5.4.12-1~dotdeb.1 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
    [Thu Mar 21 18:02:01 2013] [notice] caught SIGTERM, shutting down
    
    Please kindly help!
     
  2. dimas

    dimas Member

    The problem is now solved.

    It originally arose because Comodo issued their certificate based upon a slightly different spelling of the company's name - accordingly, the original CSR and the .key file didn't match with the issued certificate.

    I asked Comodo to re-issue the certificate, and now everything works like a charm.

    But still there is a matter that I touched upon previously - it looks like any client can totally hang apache for the whole server if the wrong data is pasted in the SSL fields from inside the ISPConfig client's panel.
     

Share This Page