SSL Certificate Error ssl_error_rx_record_too_long ISPconfig 2 Debian

Discussion in 'Installation/Configuration' started by n0fx, Mar 9, 2012.

  1. n0fx

    n0fx New Member

    ISPConfig: v2.2.32
    Debian: 5

    I currently have ISPConfig v2.2.32 installed and it's been working for 2 years. I only have one website setup that I'm using with ISPConfig and it's running debian as the base OS.

    I set it up a while ago and I don't remember setting up https:// to the site. Is there any way I can check to see if https:// has been setup for the site? I tried to locate any *.crts on the disk and I did see some but it seems to be the default ones installed with ISPConfig. The server is definitely listening to port 443, when I ran netstat.

    When I load the browser and point to it with the DNS or IP of the server, I get this error:

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)

    This is my search for *.crt with locate command:

    debianbox:/etc/apache2# locate *.crt |more -l
    /etc/postfix/ssl/smtpd.crt
    /etc/ssl/certs/ca-certificates.crt
    /home/admispconfig/ispconfig/web/phpmyadmin/libraries/auth/swekey/musbe-ca.crt
    /root/ispconfig/httpd/conf/ssl.crt
    /root/ispconfig/httpd/conf/ssl.crt/ca-bundle.crt
    /root/ispconfig/httpd/conf/ssl.crt/ca.crt
    /root/ispconfig/httpd/conf/ssl.crt/server.crt
    /root/ispconfig/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt
    /root/ispconfig/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt
    /root/ispconfig/httpd/conf/ssl.crt/snakeoil-dsa.crt
    /root/ispconfig/httpd/conf/ssl.crt/snakeoil-rsa.crt
    /usr/share/ca-certificates/brasil.gov.br/brasil.gov.br.crt
    /usr/share/ca-certificates/cacert.org/cacert.org.crt
    /usr/share/ca-certificates/cacert.org/class3.crt
    /usr/share/ca-certificates/cacert.org/root.crt
    /usr/share/ca-certificates/debconf.org/ca.crt
    /usr/share/ca-certificates/gouv.fr/cert_igca_dsa.crt
    /usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt
    /usr/share/ca-certificates/mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
    /usr/share/ca-certificates/mozilla/AOL_Time_Warner_Root_Certification_Authority_
    1.crt
    /usr/share/ca-certificates/mozilla/AOL_Time_Warner_Root_Certification_Authority_
    2.crt

    I really don't remember if SSL was setup. I might want to setup SSL for the server but I'm not sure how to. I'm just going to buy the SSL cert from Godaddy with these instructions: http://www.howtoforge.com/forums/showthread.php?t=45255&highlight=godaddy ssl.

    Any input would be appreciated, thanks.
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You can check your Vhosts_ispconfig.conf file to see if SSL is enabled for your website.
     
  3. n0fx

    n0fx New Member

    So, if I check the Vhosts_ispconfig.conf file and I don't see anything to 443, then that means it wasn't configured with SSL right? I looked and all I see is references to port 80, which is the standard port for the web.

    Thanks!
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Yes, that's right.

    To create an SSL vhost, you must check the SSL checkbox in ISPConfig and then create an SSL certificate on the SSL tab.
     
  5. n0fx

    n0fx New Member

    Purchasing a SSL from a big registrar than self generating the cert

    Well, that's strange. The SSL checkbox was already configured (checkbox enabled) when I checked it the other day, it's just that there is no certificate inside that I can locate in the shell.

    So, if I wanted to enable it on my site (I only have one site), I would go to the SSL tab and a self generated one? When I go that route, that means that the certificate wouldn't be valid then. I want to buy a SSL certificate, say for instance, from Godaddy and put it in, how would I go about doing that?
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

  7. n0fx

    n0fx New Member

Share This Page