ssl configuration error with apache2

Discussion in 'ISPConfig 3 Priority Support' started by Md. Mohib Billah, Nov 12, 2015.

  1. Md. Mohib Billah

    Md. Mohib Billah Member HowtoForge Supporter

    Till Bro,
    Please help. Now i am trying to configure ssl in my domain with apache2. I configure in vhost-ssl.conf file my domain.key and domain.crt file. But apache2 service not restart. This showing failed. I past apache2 error log in bellow --
    mail:~ # tail /var/log/apache2/error_log
    [Thu Nov 12 17:50:32.496727 2015] [authz_core:error] [pid 57659] [client 180.234.71.135:48911] AH01630: client denied by server configuration: /usr/share/apache2/error/HTTP_NOT_FOUND.html.var
    [Thu Nov 12 18:13:02.368192 2015] [mpm_prefork:notice] [pid 41763] AH00170: caught SIGWINCH, shutting down gracefully
    [Thu Nov 12 18:13:02.545205 2015] [suexec:notice] [pid 2106] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
    [Thu Nov 12 18:13:02.556656 2015] [ssl:warn] [pid 2106] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Nov 12 18:13:02.556668 2015] [ssl:warn] [pid 2106] AH01909: RSA certificate configured for server.example.com:1000 does NOT include an ID which matches the server name
    [Thu Nov 12 18:13:02.556780 2015] [ssl:warn] [pid 2106] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Nov 12 18:13:02.556792 2015] [ssl:warn] [pid 2106] AH01909: RSA certificate configured for server.example.com:443 does NOT include an ID which matches the server name
    [Thu Nov 12 18:13:02.556801 2015] [ssl:emerg] [pid 2106] AH02238: Unable to configure RSA server private key
    [Thu Nov 12 18:13:02.556833 2015] [ssl:emerg] [pid 2106] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    [Thu Nov 12 18:13:02.556838 2015] [ssl:emerg] [pid 2106] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error_log for more information
    Please help me please.
    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    A file with the name vhost-ssl.conf is not used on a ISPConfig server.so I assume that you dont use ISPConfig?

    This error means that the ssl key and ssl cert that you use do not belong together. You have to use the key file that you generated together with the csr file that this cert is based on.
     
  3. Md. Mohib Billah

    Md. Mohib Billah Member HowtoForge Supporter

    Till Bro,
    Thanks for your replay. I am using ISPConfig server for mail . Please write me what file edit for ssl or what is the proper way to configure ssl in my domain
    Thanks again.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. Md. Mohib Billah

    Md. Mohib Billah Member HowtoForge Supporter

    till bro,
    Thanks for your replay. But sorry to say I won't install ssl in ispconfig interface. I want to install ssl in my main domain. as like https://example.com.
    Please help me
    Thanks
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, in this case you dont have to edit a file at all. Just login to ispconfig, go to the settings of that domain in the sites module, enable the ssl checkbox there, then go to the ssl tab of that domain and create the ssl cert. You can find the detailed steps in the ispconfig manual (hat you can download as howtoforge subscriber at howtoforge).
     

Share This Page