Problem with RapidSSL + ISPConfig 3 + OpenVZ + Debian + MyDNS

Discussion in 'Installation/Configuration' started by spanish, Mar 1, 2013.

  1. spanish

    spanish Member HowtoForge Supporter


    I have:
    · OVH dedicated server with Debian 6 + Proxmox 2. IP =
    · OpenVZ VM with Debian 6 (kernel 2.6.32-16-pve), ISPConfig, Apache 2.2.16 and MyDNS IP =
    · Last version of CSF+LFD installed on both machines (with IP allowed).

    ISPConfig 3 is working for several years with a RapidSSL Wildcard certificate installed manually like default-ssl. This certificate is associated to and IP

    Now, I want use a standard RapidSSL in (whose DNS are configured in OVH Manager).

    I bought a OVH IPv4 FailOver (IP =

    I added IP to my interfaces and I restarted my network (following the Manual's chapter How Do I Manually Configure New IP Addresses On My System?):
    # vi /etc/network/interfaces
    auto venet0:1
    iface venet0:1 inet static

    # ifconfig
    venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr: P-t-P: Bcast: Mask:

    I added to ISPConfig 3 (System -> Server IP Addresses):
    Type: IPv4
    IP Address:
    HTTP NameVirtualHost: yes
    HTTP Ports: 80,443

    I created the DNS zone of and change records to

    I created the website of
    Auto-Subdomain: None or www (I tested both)
    SSL: Yes

    I filled the SSL fields (with a-z characters), selected "Create certificate" and saved.

    And I restarted Apache & MyDNS.

    At this moment:
    · displays (like a domain alias).
    · http[B]s[/B]:// says Forbidden. You don't have permission to access / on this server.

    # tail -f /var/log/apache2/error.log
    [...] [error] [...] client denied by server configuration: /var/www/

    No error in:

    Any idea?


    Last edited: Mar 1, 2013
  2. spanish

    spanish Member HowtoForge Supporter

    Here is the problem:
    Following Till (Your server is a vserver, so you can not configure the network from within the virtual machine. The network is configured on the host server.), I added IPv4 on host server:

    Login Proxmox -> Datacenter -> My Dedicated Server ( -> My OpenVZ VM ( -> Network -> Add -> IP address (venet) -> IP address: -> Add

    Now, http and https are OK (SSL self-signed, at the moment).

    Last edited: Mar 2, 2013
  3. spanish

    spanish Member HowtoForge Supporter

    After consume all reissues of first RapidSSL certificate, I managed to run a second RapidSSL certificate following these steps:
    1. Run self-signed SSL certificate (view supra).
    2. Generate RapidSSL CRT using our CSR and selecting Apache 2 option.
    3. Check match CRT&CSR and CRT&Key (for example, in You may have to wait a while (in my case, the first time CRT&CSR was OK but CRT&Key was KO) (after a while, both were well).
    4. In ISPConfig 3 Administration Panel, go to SSL tab, delete the self-signed CRT and paste the RapidSSL CRT in SSL Certificate field, select Save Certificate in SSL Action dropdown and click Save buttom.
    I think the keys are:
    1. Select Apache 2 option in step 2.
    2. Wait for all match in step 3 before do step 4.

  4. spanish

    spanish Member HowtoForge Supporter

    Be sure to restart Host after this (if not, you will have a network problem on the VM).

Share This Page