Problem creating SSL Certificate for Specific Domain

Discussion in 'ISPConfig 3 Priority Support' started by pawan, Oct 1, 2016.

  1. pawan

    pawan Member HowtoForge Supporter

    I am starting this as a new thread as the other one was related to installation of let's encrypt.
    Now that the let's encrypt is working fine, I am still not able to create SSL using let's encrypt for domain cbsindia.in
    It is creating a rollback and a cbsindia.in.vhost.err file in site available as apache fails to start.
    The certificate is being created in SSL folder of the web folder file, which I have checked.
    What is causing problem for specific to cbsindia.in , I am not able to make out as its looks quite similar to other vhost file for which certificate is created.
    However I am attaching the cbsindia.in.vhost.err file
     

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The attached config file looks fine. The most likely reason is that letsencrypt did not create the SSL certs and in that case, apache rejects the config and it get saved with .err extension.

    Check that thes e files exist and and that the key and crt file contain a valid ssl key and ssl cert:

    /var/www/clients/client14/web27/ssl/cbsindia.in.crt
    /var/www/clients/client14/web27/ssl/cbsindia.in.key
    /var/www/clients/client14/web27/ssl/cbsindia.in.bundle
     
  3. pawan

    pawan Member HowtoForge Supporter

    Yes Till
    All the files are there in the SSL folder path you mentioned.
    What else can I check?
    On viewing the files cbsindia.in.key file
    it shows
    Private RSA Key
    Strength 2048bits

    Algorithm: RSA
    Size: 2048
    Fingerprints
    SHA1: 4A F4 B6 FB 60 B7 E6 8D DA 89 F1 D1 86 02 9D F9 20 30 A4 CB
    SHA256: 4B 9D 14 1B 18 16 28 2F 29 A6 0A 95 A7 96 D3 F4 23 E5 74 5A AE C5 8D 0D 17 DA 88 50 B7 B8 C5 B9
    and cbsindia.in.cert
    cbsindia.in
    Identity: cbsindia.in
    Verified by: Let's Encrypt Authority X3
    Expires: Wednesday 28 December 2016
     
    Last edited: Oct 1, 2016
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The files can be there but it is possible that the ssl key and cert don't belong together so that apache can not open the cert by using that key file. Remove the .err file extension from the vhost.err file and restart apache to see the error that it throws with this config.
     
  5. pawan

    pawan Member HowtoForge Supporter

    Can I remove those files and try to generate the certificate afresh.
    And if there is still problem, check the apache error?
     
  6. pawan

    pawan Member HowtoForge Supporter

    Okay problem resolved.
    You are right Till, It is very likely that there is some mismatch in the certificate.
    I have deleted all files in
    /var/www/clients/client14/web27/ssl/
    and all files related in cbsindia.in in
    /etc/letsencrypt
    and regenerated the certificate.
    It is working now fine.
     

Share This Page