SSL errors

Discussion in 'Installation/Configuration' started by shoevring, May 31, 2010.

  1. shoevring

    shoevring New Member


    I have a site where my customer needs one SSL certificate but it will not work.

    At starting i enabling the SSL on homepage => In SSL tab i writing the informations(Country, name osv,) and then i was finish writing i trying to create a certificate.. After what i send my CSR into godaddy, and i gets crt and bundlefile.. I copyed the data from current files into both information(ssl certificate and bundle) and then i got this error then i trying to view the site:


    Why? And thanks
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please try to remove the content from the bundle field, select save as action, wait 2 minutes and try to access the site again with your webbrowser. Does the error message change? If yoes, plaese post the instructions that godaddy provided on how to include the bundle cert, as they mkght be different from waht ispconfig uses to include the bundle.
  3. shoevring

    shoevring New Member

    Hmm, i have tried to remove the content in bundle, but the error code is the same,..

    I have also tryed to restart apache but nothing changes(error code)

    Do you have any other options?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you waited a few minutes? It takes some time until the change sget written.
  5. shoevring

    shoevring New Member

    Yes i am very sure! I can also upload the certificate in domain/ssl ??
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Theoretically yes, but it should have been written there already. I guess the problem might be related to a bug in ispconfig. Please post the output of "ls" from within the sl directory and also post the content of the vhost file of this website and the ISPConfig version that you use currently.
  7. shoevring

    shoevring New Member

    web1:/var/www/ ls
    gd_bundle.crt www..crt www..csr www..key


    web1:/etc/apache2/sites-available# nano
    GNU nano 2.0.7 File:

    <Directory /var/www/clients/client0/web1/web>
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all

    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]"
    php_admin_value upload_tmp_dir /var/www/clients/client0/web1/tmp
    php_admin_value session.save_path /var/www/clients/client0/web1/tmp
    php_admin_value open_basedir /var/www/clients/client0/web1/web:/var/www/clients/client0/web1/tmp:/var/www/$

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^ [NC]
    RewriteRule ^/(.*)$$1

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
    AssignUserId web1 client0



    Iam running the last version of ispconfig 3
  8. Hans

    Hans Moderator ISPConfig Developer

    I see that you've exactly the same problem as i had last week: The same error in your browser and the fact that the SSL-Engine is not turned on in the vhost of the site. Please don't switch on the SSL Engine manually and don'trestart Apache afterwards, otherwise Apache2 can't restart anymore and ISPConfig3 and your websites will be down!

    Probably there is something wrong with the SSL-certicate and/or the steps you took during the creation of the SSL-certicate. It might be a bug as well, because we are not the only ones who had these problems. Please, also don't click to fast in ISPConfig3 during turning on SSL and creating the certicates. Don't save your self created certicate yet. Only save the commercial certicate from your provider, which belongs to the CSR.

    You can also get that error in your browser if you don't upload all the additional certicates into the ssl folder of the web. You probably need to add additional "SSLCertificateChainFile" directives to pin the additional certicates. You can add these rules by using the options tab of the web.

    I am not sure if the my similar problems where caused by a corrupt SSL-certicate or because of a bug, because i took all the steps again with a new SSL-certicate.
    Last edited: May 31, 2010
  9. shoevring

    shoevring New Member

    Thanks for the reply and you too also Till,

    I have never saved the auto generated crt from ispconfig, i have changed it to my godaddy certificate...

    As i read your text i should do: Create certificate, give crt to godaddy, paste the certificate from godaddy into certificate and bundle should i not paste into the text field? After that i should(20 min) i should turn SSL on?

    // How can i in my vhost file do it so it will work manualy?

    Thanks alot for the reply both.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Attached Files:

  11. shoevring

    shoevring New Member

    Thanks Tiill,

    Its works but not allright...

    My certificate is issued to www. but vhost link was neohost but i have set on the certificate..

    I changed the link into the vhost and restarted apache when allthing works out..
  12. shoevring

    shoevring New Member

    Iam trying again, sorry for a bad text..

    The new plugin working, but with problems!

    I have created my certificate like "", but in the vhost file the the link was only "" without www... Maybe a bug?

    But my site is working fine now with https:// and thanks both!
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats the bug that was fixed by the updated plugin.
  14. shoevring

    shoevring New Member

    Its not right, it was after i have updated the plugin.. Maybe you should check it again for a bug more.. ?
  15. shoevring

    shoevring New Member

    I Have one update to the problem..

    My customer tryed to deactiveate the website and turning the site on again, and the problem is coming again...

    In vhost file before editing:

    SSLEngine on
    SSLCertificateFile /var/www/clients/client0/web1/ssl/
    SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/

    In vhost file after editing:

    SSLEngine on
    SSLCertificateFile /var/www/clients/client0/web1/ssl/
    SSLCertificateKeyFile /var/www/clients/client0/web1/ssl/

    The site can not see "www." and then the problem with error comes again..

    Just a notice :)
  16. Hans

    Hans Moderator ISPConfig Developer

    Hi Till, I had new and similar problems again during the installation of SSL-certicates, but i want you to know that your apache2-plugin works for me! Thanks for the solution.

Share This Page