SSL errors

Discussion in 'Installation/Configuration' started by shoevring, May 31, 2010.

  1. shoevring

    shoevring New Member

    Hello.

    I have a site where my customer needs one SSL certificate but it will not work.

    At starting i enabling the SSL on homepage => In SSL tab i writing the informations(Country, name osv,) and then i was finish writing i trying to create a certificate.. After what i send my CSR into godaddy, and i gets crt and bundlefile.. I copyed the data from current files into both information(ssl certificate and bundle) and then i got this error then i trying to view the site:

    ssl_error_rx_record_too_long

    Why? And thanks
     
  2. till

    till Super Moderator

    Please try to remove the content from the bundle field, select save as action, wait 2 minutes and try to access the site again with your webbrowser. Does the error message change? If yoes, plaese post the instructions that godaddy provided on how to include the bundle cert, as they mkght be different from waht ispconfig uses to include the bundle.
     
  3. shoevring

    shoevring New Member

    Hmm, i have tried to remove the content in bundle, but the error code is the same,..

    I have also tryed to restart apache but nothing changes(error code)

    Do you have any other options?
     
  4. till

    till Super Moderator

    Have you waited a few minutes? It takes some time until the change sget written.
     
  5. shoevring

    shoevring New Member

    Yes i am very sure! I can also upload the certificate in domain/ssl ??
     
  6. till

    till Super Moderator

    Theoretically yes, but it should have been written there already. I guess the problem might be related to a bug in ispconfig. Please post the output of "ls" from within the sl directory and also post the content of the vhost file of this website and the ISPConfig version that you use currently.
     
  7. shoevring

    shoevring New Member

    web1:/var/www/neohost.dk/ssl# ls
    gd_bundle.crt www..crt www..key.org www.neohost.dk.key
    neohost.dk.crt www..csr www.neohost.dk.crt www.neohost.dk.key.org
    neohost.dk.csr www..key www.neohost.dk.csr

    -----------------------------------------------------------------------

    web1:/etc/apache2/sites-available# nano neohost.dk.vhost
    GNU nano 2.0.7 File: neohost.dk.vhost

    <Directory /var/www/clients/client0/web1/web>
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    </Directory>

    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@neohost.dk"
    php_admin_value upload_tmp_dir /var/www/clients/client0/web1/tmp
    php_admin_value session.save_path /var/www/clients/client0/web1/tmp
    php_admin_value open_basedir /var/www/clients/client0/web1/web:/var/www/clients/client0/web1/tmp:/var/www/neohost.dk/we$

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^kontrolpanel.neohost.dk [NC]
    RewriteRule ^/(.*)$ http://mainweb.neohost.dk:81$1

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
    AssignUserId web1 client0
    </IfModule>


    </VirtualHost>

    ------------------------------------------------------------------------

    Iam running the last version of ispconfig 3
     
  8. Hans

    Hans Moderator

    I see that you've exactly the same problem as i had last week: The same error in your browser and the fact that the SSL-Engine is not turned on in the vhost of the site. Please don't switch on the SSL Engine manually and don'trestart Apache afterwards, otherwise Apache2 can't restart anymore and ISPConfig3 and your websites will be down!

    Probably there is something wrong with the SSL-certicate and/or the steps you took during the creation of the SSL-certicate. It might be a bug as well, because we are not the only ones who had these problems. Please, also don't click to fast in ISPConfig3 during turning on SSL and creating the certicates. Don't save your self created certicate yet. Only save the commercial certicate from your provider, which belongs to the CSR.

    You can also get that error in your browser if you don't upload all the additional certicates into the ssl folder of the web. You probably need to add additional "SSLCertificateChainFile" directives to pin the additional certicates. You can add these rules by using the options tab of the web.

    I am not sure if the my similar problems where caused by a corrupt SSL-certicate or because of a bug, because i took all the steps again with a new SSL-certicate.
     
    Last edited: May 31, 2010
  9. shoevring

    shoevring New Member

    Thanks for the reply and you too also Till,

    I have never saved the auto generated crt from ispconfig, i have changed it to my godaddy certificate...

    As i read your text i should do: Create certificate, give crt to godaddy, paste the certificate from godaddy into certificate and bundle should i not paste into the text field? After that i should(20 min) i should turn SSL on?

    // How can i in my vhost file do it so it will work manualy?

    Thanks alot for the reply both.
     
  10. till

    till Super Moderator

    Attached Files:

  11. shoevring

    shoevring New Member

    Thanks Tiill,

    Its works but not allright...

    My certificate is issued to www. but vhost link was neohost but i have set www.neohost.dk on the certificate..

    I changed the link into the vhost and restarted apache when allthing works out..
     
  12. shoevring

    shoevring New Member

    Iam trying again, sorry for a bad text..

    The new plugin working, but with problems!

    I have created my certificate like "www.neohost.dk", but in the vhost file the the link was only "neohost.dk" without www... Maybe a bug?

    But my site is working fine now with https:// and thanks both!
     
  13. till

    till Super Moderator

    Thats the bug that was fixed by the updated plugin.
     
  14. shoevring

    shoevring New Member

    Its not right, it was after i have updated the plugin.. Maybe you should check it again for a bug more.. ?
     
  15. shoevring

    shoevring New Member

    I Have one update to the problem..

    My customer tryed to deactiveate the website and turning the site on again, and the problem is coming again...

    In vhost file before editing:

    SSLEngine on
    SSLCertificateFile /var/www/clients/client0/web1/ssl/neohost.dk.crt
    SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/neohost.dk.key


    In vhost file after editing:

    SSLEngine on
    SSLCertificateFile /var/www/clients/client0/web1/ssl/www.neohost.dk.crt
    SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/www.neohost.dk.key

    The site can not see "www." and then the problem with error comes again..

    Just a notice :)
     
  16. Hans

    Hans Moderator

    Hi Till, I had new and similar problems again during the installation of SSL-certicates, but i want you to know that your apache2-plugin works for me! Thanks for the solution.
     

Share This Page