SSL cert configured / created but not served, default SSL cert used only

Discussion in 'Installation/Configuration' started by ronee, Sep 21, 2012.

  1. ronee

    ronee Member HowtoForge Supporter


    We've been working with ISPconfig and CentOS 6.3 with Apache.

    We have duplicated this issue on more than one installation.

    Issue is as follows:

    - ISPconfig control panel configured with SSL on port 8080
    - New SSL cert created or existing imported
    - Website configured for SSL and assigned to a specific IP

    Despite all the above, the self signed cert created and used for ISPConfig on port 8080 is served up for the configured website and not the cert created or imported for that specific site.

    What does work as a hack is to replace the self signed cert normally located in /etc/pki/tls/certs and /etc/pki/tls/private but obviously this does not scale. Another hack is to modify /etc/httpd/conf.d/ssl.conf.

    Have also reviewed the ISPConfig manual and not found any further data on this.

    Would appreciate any advice on resolving this issue.

  2. pititis

    pititis Member

    Try to check if other website is using * instead ip addresses
  3. ronee

    ronee Member HowtoForge Supporter

    Unfortunately that did not resolve the issue.

    We have several servers running ispconfig3 all running CentOS 6. Some have this problem and some do not. We have looked extensively and not found what the difference/cause is.

    We just deployed two new servers, one behaves as expected, the other exhibits the following behavior: -- correct site served -- default site - apache test page served, also cert used is the self signed cert used by ispconfig on port 8080

    In grepping the vhosts files in /etc/httpd/conf/sites-available for the string '443' the only hit is on the ispconfig vhosts file.

    We had to deploy a site so we manually modified our file and added a section starting with <VirtualHost IP:443>

    The contents of that section was a duplicate of the <VirtualHost IP:80> section with the addition of SSLEngine on and the various SSL file statements within the <IfModule mod_ssl.c> section.

    Further modifications to that website within ispconfig did not overwrite the above change.

    This resolved the issue but we don't really understand why this and the other described symptoms happen.

    We've perused the ispconfig 3 manual and did not find anything there that would explain this.

    We found some other threads that describe this behavior that do not have a described resolution (or not one that worked for us) including:

    Would appreciate any input on this.
  4. ronee

    ronee Member HowtoForge Supporter

    As mentioned in other threads, modifying the file is not workable as the changes will be overwritten.

    Instead we have created an additional file which seems to work OK on a temporary basis.

    Thanks in advance to anyone who might shed some light on resolving this.
  5. falko

    falko Super Moderator ISPConfig Developer

    In ISPConfig 3.0.5, it will be possible to import an existing certificate.
  6. ronee

    ronee Member HowtoForge Supporter

    Hi Falko,

    That's good to hear however in this last instance the SSL cert was created and managed entirely in ispconfig and not imported. Also, the issue in this recent case goes beyond just the cert itself as https requests to the site in question reached the apache test page instead due to the missing content that had to be included in the httpd.conf. We had to manually work around this.

    Also, in other cases we created the cert in ispconfig and then replaced the files as described in the manual -- however in some cases apache would simply persistently serve the self signed cert used for ispconfig ui on port 8080 no matter what we did. In other cases this did not happen and all was well.

    Would be great if some light could be shed on this.


Share This Page