SSL and ServerAlias problems

Discussion in 'Installation/Configuration' started by claudioimai, Sep 8, 2007.

  1. claudioimai

    claudioimai New Member

    Hello.

    I've searched this forum quite a lot, and found some good pieces of information.

    Now, I have 2 problems I am trying to fix and it's getting quite urgent.

    1. I have a site, set in the Vhosts_ispconfig.conf file:

    NameVirtualHost 78.47.195.34:80
    <VirtualHost 78.47.195.34:80>
    ServerName localhost
    ServerAdmin [email protected]
    DocumentRoot /var/www/sharedip
    </VirtualHost>
    NameVirtualHost 88.198.133.14:80
    <VirtualHost 88.198.133.14:80>
    ServerName localhost
    ServerAdmin [email protected]
    DocumentRoot /var/www/sharedip
    </VirtualHost>
    .
    . (some stuff from other sites)
    .
    ######################################
    # Vhost: www.varejo29.net:80
    ######################################
    #
    #
    <VirtualHost 78.47.195.34:80>
    ServerName www.varejo29.net:80
    ServerAdmin [email protected]
    DocumentRoot /var/www/web15/web
    ServerAlias varejo29.net varejo29.jp
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /var/www/web15/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web15/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    AddType application/vnd.wap.wmlscriptc .wmlsc .wsc
    AddType text/vnd.wap.wml .wml
    AddType text/vnd.wap.wmlscript .ws .wmlscript
    AddType image/vnd.wap.wbmp .wbmp
    Alias /error/ "/var/www/web15/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web15/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web15/user/$1/web/$3
    </VirtualHost>

    THE PROBLEM:
    the domain www.varejo29.jp is set as serveralias, but whenever I try to view it, it shows me the "sharedip" page.
    If I type www.varejo29.jp/store, it shows the correct page, located at /var/www/web15/store

    Can anyone help me, or point me to the correct direction?
     
  2. claudioimai

    claudioimai New Member

    I also have problems in setting the ssl certificates

    Continuing the previous post, my main problem is:

    I have to install an SSL cert to another website, and two others.

    If I go to the site/ssl and paste the csr and crt file's contents into the corresponding textarea fields, click Save or Create, Apache seems not to be able to restart.

    Whan I check, by manually restarting Apache (etc/init.d/apache2 restart), it tells me that the certificate key was encrypted, thus asks for a password.

    Then I uploaded the server key that was created in Apache, with modSSL over the one created by ISPConfig and uploaded the CAbundle file that came with the certificate, adding the line

    SSLCertificateChainFile /var/www/web5/ssl/www_creativshost_com.ca-bundle

    to the apache settings.

    After that, Apache has restarted correctly, but I still can't access the site using https.
    In other words:

    http://www.creativshost.com works, but
    https://www.creativshost.com doesn't.

    Does anyone have a suggestion?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    No, it is not. As you can see in the vhost config, you set a alias for varejo29.jp but you did not add a alias for www.varejo29.jp

    To your SSL problem.

    You must use the CSR created by ISPConfig to create the signed SSL certificate from a SSL authority. You can not copy a SSL cert that was created with another CSR to ISPConfig as the private keys wont match.
     
  4. claudioimai

    claudioimai New Member

    ServerAlias problem

    Thanks for your reply.

    This mistake might have happened while I was messing with this file, since it is set in ISPConfig - I saved the file again by changing some settings and placing back again. And it has appeared.

    Unfortunately, it didn't work either, but I think I have sorted the real problem.

    As a newbie in these configs, I didn't realize what the advices found in the forum regarding the DNS really meant, so I will explain it again for the next guys with the same problem:

    * when the others posts asked me to check if the DNS was OK, I thought simply that it is not necessary to set an IP when one sets a domain name.
    * that's incorrect, since the name servers will ask the real IP to my name server.
    *so, what happened:

    when I changed this site's IP address in the server in order to install the SSL cert, the name server has to propagate this new DNS setting to the internet, which takes time, just as any change in the registrar.

    then, while this new IP has not been propagated, the domain still points to the old IP, and any requests for that domain will be reconized as unknown in the virtual hosts config -> and Apache sends the request to the sharedip page.

    About the SSL cert, I didn't find anything about this in the documentation, and was puzzled about the create/save/delete options.
    Now that I know what to do, I will ask for a new certificate.
    Thanks for the clarification.:eek:
     

Share This Page