Problem with RapidSSL + ISPConfig 3 + OpenVZ + Debian + MyDNS

Discussion in 'Installation/Configuration' started by spanish, Mar 1, 2013.

  1. spanish

    spanish HowtoForge Supporter

    Hello,

    I have:
    · OVH dedicated server with Debian 6 + Proxmox 2. IP = 0.0.0.0
    · OpenVZ VM with Debian 6 (kernel 2.6.32-16-pve), ISPConfig 3.0.4.2, Apache 2.2.16 and MyDNS 1.2.8.27. IP = 1.1.1.1
    · Last version of CSF+LFD installed on both machines (with IP 2.2.2.2 allowed).

    ISPConfig 3 is working for several years with a RapidSSL Wildcard certificate installed manually like default-ssl. This certificate is associated to domain1.es and IP 1.1.1.1

    Now, I want use a standard RapidSSL in domain2.es (whose DNS are configured in OVH Manager).

    I bought a OVH IPv4 FailOver (IP = 2.2.2.2).

    I added IP 2.2.2.2 to my interfaces and I restarted my network (following the Manual's chapter How Do I Manually Configure New IP Addresses On My System?):
    # vi /etc/network/interfaces
    ...
    auto venet0:1
    iface venet0:1 inet static
    address 2.2.2.2
    netmask 255.255.255.255

    # ifconfig
    ...
    venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:2.2.2.2 P-t-P:2.2.2.2 Bcast:0.0.0.0 Mask:255.255.255.255
    UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1


    I added 2.2.2.2 to ISPConfig 3 (System -> Server IP Addresses):
    Type: IPv4
    IP Address: 2.2.2.2
    HTTP NameVirtualHost: yes
    HTTP Ports: 80,443


    I created the DNS zone of domain2.es and change 1.1.1.1 records to 2.2.2.2

    I created the website of domain2.es:
    IPv4: 2.2.2.2
    Auto-Subdomain: None or www (I tested both)
    SSL: Yes


    I filled the SSL fields (with a-z characters), selected "Create certificate" and saved.

    And I restarted Apache & MyDNS.

    At this moment:
    · http://domain2.es displays http://domain1.es (like a domain alias).
    · http[B]s[/B]://domain2.es says Forbidden. You don't have permission to access / on this server.

    # tail -f /var/log/apache2/error.log
    [...] [error] [...] client denied by server configuration: /var/www/domain2.es/web/

    No error in:
    /var/log/apache2/ssl_error.log
    /var/log/ispconfig/httpd/domain2.es/error.log

    Any idea?

    Thanks!

    Manuel
     
    Last edited: Mar 1, 2013
  2. spanish

    spanish HowtoForge Supporter

    Here is the problem:
    Following Till (Your server is a vserver, so you can not configure the network from within the virtual machine. The network is configured on the host server.), I added IPv4 2.2.2.2 on host server:

    Login Proxmox -> Datacenter -> My Dedicated Server (0.0.0.0) -> My OpenVZ VM (1.1.1.1) -> Network -> Add -> IP address (venet) -> IP address: 2.2.2.2 -> Add

    Now, http and https are OK (SSL self-signed, at the moment).

    :)
     
    Last edited: Mar 2, 2013
  3. spanish

    spanish HowtoForge Supporter

    After consume all reissues of first RapidSSL certificate, I managed to run a second RapidSSL certificate following these steps:
    1. Run self-signed SSL certificate (view supra).
    2. Generate RapidSSL CRT using our CSR and selecting Apache 2 option.
    3. Check match CRT&CSR and CRT&Key (for example, in http://sslchecker.com/matcher). You may have to wait a while (in my case, the first time CRT&CSR was OK but CRT&Key was KO) (after a while, both were well).
    4. In ISPConfig 3 Administration Panel, go to SSL tab, delete the self-signed CRT and paste the RapidSSL CRT in SSL Certificate field, select Save Certificate in SSL Action dropdown and click Save buttom.
    I think the keys are:
    1. Select Apache 2 option in step 2.
    2. Wait for all match in step 3 before do step 4.
    Regards,

    Manuel
     
  4. spanish

    spanish HowtoForge Supporter

    Be sure to restart Host after this (if not, you will have a network problem on the VM).
     

Share This Page