I enabled SSL and auto subdomain www. on my Website's configuration page. Then I clicked "SSL", filled in my information and clicked "Create Certificate". Waited 2-3 minutes, no certificate info listed on the page. Is there a permission problem or mis-configuration somewhere? Does the website SSL info have to *exactly* match ISPConfig SSL certificate info? Extra: Just need a CSR from web domain SSL page for Godaddy SSL.
This isnt a solution to your problem...are you paying for the godaddy SSL certificate??? If you are, stuff that and get a free one from Letsencrypt.
If you want to have letsencrypt-certificate for free, don't touch the SSL-tab, just enable ssl and enable letsencrypt. The SSL tab usually works like this: you enter your details, and choose request certificate, you give this certificate request to someone you are paying too much money for high level secure certificate, he provides you with the cert which you then put in the other boxes and save/install. Edit: as adamjedgar stated, don't go for any authority who's owned or accompanied with Symantec at the moment, because of trust issues, google kicks their certs out of the browser, symantec sells the part of the company, who knows what'll happen
Thanks very much for your reply. The problem is the SSL tab won't create a website CSR for me to submit to Godaddy. I've followed tutorials for creating SSL with Ispconfig3 and they all start with the simple process of adding info and clicking "create certificate". Nothing appears after I click "create certificate"! Yes, I'm aware of trust issues. Godaddy informed me they are correcting problems with old certificates if necessary. All new certificates are to standard.
hmm just tried that, entering data up to country, choose create certificate on bottom, save, wait and uhm yeah, check your webdomains ssl/ folder for the needed files - should have updated that into the according fields but somehow fails
In which ISPConfig version did you test that? Detailed info can be obtained by using debug mode: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
he, interesting it works now as expected dunno why latest ispconfig, just did a perfect setup this morning might have been an issue of clicking too much around in website-tab, it requests changes everytime you switch tabs, it may have confused the schedule?
All changes are put into a log which is processed sequentially, so the processing part could not be the problem here. But what might have happened is that you created a cert, switched back to ssl tab immediately, waited (the background process saved the cert into the database fields), you then switched to another tab and that way you overwrote the cert in the database with an 'empty' cert. The cert in the website is not affected by that, so it shuld be included into the site and existed in the ssl folder anyway (unless you have chosen 'save certificate' in the action select box. Btw. auto save when switching tabs can be disabled under system > interface config, in case you don't like the defaultbehaviorr.
oh I like the behaviour but it causes issues on rara circumstances which was likely exact what happened issue sits on front of screen this time
Hi Till, Ztk.me I followed the debugging process. Warnings were listed for symlinks. The SSL process could not complete. Note, I had to modify my links due to server partitioning. Everything has worked fine for months until now! Can this be edited in Server Config->Web->Wesite Path or Website Symlinks? Maybe change server security level to permit this operation? Log: Code: 06.10.2017-12:40 - WARNING - Action aborted, file is a symlink: /var/www/clients/client1/web2/ssl/random_file 06.10.2017-12:40 - WARNING - Action aborted, file is a symlink: /var/www/clients/client1/web2/ssl/openssl.conf 06.10.2017-12:40 - WARNING - Action aborted, file is a symlink: /var/www/clients/client1/web2/ssl/www.site.com.key.org
well, /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php starting from line 252 is using $app->system->functions like mkdir/file_get_contents which do have an unused param which would them to allow symlinked files to be altered, however it's not used so this would need to be modified. Other thing would be to change the path where the files really are in ... many configurations or you might succeed by temporarily changing the document_root for the given site in the database for the time of the operation. But you aswell might just create a ssl request for yourself ... uhm dunno, same issue might come with saving ssl cert using interface. You'd need to manually insert the ssl data in your web_domain table for that domain I guess, unless @till knows better since he's deeper into the code he's written.
I checked Server Config-> Web for paths and directories. I remember updating these *after* creating some websites when I had to change partitions. Here are the current settings (remember, I updated to the following): Website basedir /home/www Website path /home/www/clients/client[client_id]/web[website_id] Website symlinks /home/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/ Next I checked my problem website's document root: /var/www/clients/client1/web2 Compared to a test site abc123.com I created now: /home/www/clients/client1/web3 SSL creation worked for abc123.com! It seems the older site's document root needs to be changed. Or can I provide an alternate root for the old site in server config? (Should be in /home/www/clients/client1 dir like test site)
check your document_root and php_open_basedir tuple in web_domain table in dbispconfig database, change that for ssl creation
Ok, will see if Till responds. There might be a ISPconfig change which could fix this. Otherwise, will backup and edit DB. I'm on a production server, have to be careful.
Is there a way to change website's document root after it has been active for many months? See my replies below. It seems sites with my old /var/www/... root do NOT create SSLs. But the new ones under /home/www/... worked.
honestly, I don't see an issue with tampering in the database in this case for the process of SSL creation. If you want to change it permantly you have to edit your /etc/passwd ( easy to guess what needs to be changed, search for the webx user and change the path accordingly ) if you have cronjobs or other specific stuff set, you might want to peak into these tables aswell and spot any path if it exists. to let ISPConfig write the new vhost-file go to Tools -> Resync and check Websites
I tried this now. It worked. Also re-synced websites. Will monitor the system closely to see if there are any problems. Do you recommend changing paths on php_openbase_dir in the DB? They are still the old /var/www. They seem to work fine, though.
you can change php paths in ispconfig tab anyway, should do the proper actions to update all files aswell. I'd change them since symlinks can cause all sorts of issues, there have been some in the opcode cache in the past, not applicable to this case but who knows what's yet to come
