SSL for virtual hosts not working - error 12263

Discussion in 'Installation/Configuration' started by radim_h, Apr 12, 2007.

  1. radim_h

    radim_h Member HowtoForge Supporter

    Can someone help please?

    When i create SSL certificate for any site in ISPconfig, https doesnt work,
    i'm getting "error 12263" in browser

    With openssl query i'm getting
    [[email protected] /home/rh]# openssl s_client -connect www.mydomain.org:443
    CONNECTED(00000003)
    24822:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:478:

    I have more Ip adresses and this error apears also when ispconfig_server is off,
    so it looks like some apache issue.

    I'm using Fedora6 with apache 2.2.3-5
     
  2. radim_h

    radim_h Member HowtoForge Supporter

    bit more information

    In /etc/httpd/conf/vhostsVhosts_ispconfig.conf

    Ispconfig adds for SSL sites something like:

    <IfModule mod_ssl.c>
    <VirtualHost 82.xxx.xx.xx:443>
    <Directory "/var/www/web6/web/pub">
    Options +Indexes
    </Directory>
    ServerName www.xxxx.org:443

    But with httpd -l i see just

    Compiled in modules:
    core.c
    prefork.c
    http_core.c
    mod_so.c

    can i change soething to make ispconfig use /usr/lib/httpd/modules/mod_ssl.so
    or do i have to recompile apache someway?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    httpd -l lists only the compiled in modules and not the dynamically loaded modules, mod_ssl is dynamically loaded. Also the "<IfModule mod_ssl.c>" definition is always correct, it never contains a path.

    Please post the output of:

    netstat -tap
     
  4. radim_h

    radim_h Member HowtoForge Supporter

    netstat -tap

    tcp 0 0 *:899 *:* LISTEN 1989/rpc.statd
    tcp 0 0 *:mysql *:* LISTEN 2272/mysqld
    tcp 0 0 *:sunrpc *:* LISTEN 1964/portmap
    tcp 0 0 38.mydomain.cz:domain *:* LISTEN 2881/named
    tcp 0 0 mail2.mydomain.cz:domain *:* LISTEN 2881/named
    tcp 0 0 server2.mydomain.cz:domain *:* LISTEN 2881/named
    tcp 0 0 admin.mydomain.cz:domain *:* LISTEN 2881/named
    tcp 0 0 localhost.localdomai:domain *:* LISTEN 2881/named
    tcp 0 0 *:smtp *:* LISTEN 2837/master
    tcp 0 0 *:https *:* LISTEN 2724/ispconfig_http
    tcp 0 0 *:imaps *:* LISTEN 2304/dovecot
    tcp 0 0 *:pop3s *:* LISTEN 2304/dovecot
    tcp 0 0 *:pop3 *:* LISTEN 2304/dovecot
    tcp 0 0 *:imap *:* LISTEN 2304/dovecot
    tcp 0 0 *:http *:* LISTEN 2753/httpd
    tcp 0 0 *:ftp *:* LISTEN 2909/proftpd: (acce
    tcp 0 0 *:ssh *:* LISTEN 2152/sshd
    tcp 0 1776 server2.mydomain.cz:ssh duck.u-turnme:pptconference ESTABLISHED 2195/0

    btw>there is no file mod_ssl.c in the system, and when i install yum install mod_ssl then ispconfig doesnt start and system apache use completely different certificates then defined..
     
    Last edited: Apr 13, 2007
  5. falko

    falko Super Moderator ISPConfig Developer

    Did you configure ISPConfig to listen on port 443? In that case your virtual hosts can't use SSL anymore because port 443 is already in use.
     
  6. radim_h

    radim_h Member HowtoForge Supporter

    port 443

    yes i did, but ispconfig is on different IP adresses
    ...

    blahblah, deleted .))
     
    Last edited: Apr 13, 2007
  7. radim_h

    radim_h Member HowtoForge Supporter

    SOLVED - when edit /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf manually

    Hurrah
    more https sites on port 443 works under this conditions
    (assuming i use 82.xxx.xxx.47 for ISPconfig apache and 82.xxx.xxx.36 for virtual host under system apache)

    1. In /root/ispconfig/httpd/conf/https.conf must be:

    BindAddress 82.xxx.xxx.47

    #Port (uncommented or Port 80)

    <IfDefine SSL>
    Listen 82.xxx.xxx.47:443
    </IfDefine>

    2. There must by mod_ssl installed
    in /etc/https/conf.d/ssl.conf must be uncommented line
    #Listen 443

    3. In /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
    must be added directive
    "Listen 82.xxx.xxx.36:443" (ip adress of the web) so it looks like:

    <IfModule mod_ssl.c>
    Listen 82.xxx.xxx.xxx:443
    <VirtualHost 82.xxx.xxx.36:443>
    <Directory "/var/www/web6/web/pub">
    Options +Indexes
    </Directory>


    Then i can use more SSL certificates.

    =================

    Two Questions: .)

    1.Can i force Ispconfig to add "Listen 82.xxx.xxx.xxx:443" directive automaticaly to Vhosts_ispconfig.conf when i create SSL certificate ?? Otherwise this directive dissapear with ANY CHANGE of Any site :( :( :(
    Or ho to add it into "Apache Directives" window in page properties, which doesnt work??


    2.What do i have to add into /root/ispconfig/httpd/conf/https.conf
    to make ispconfig work on both 80 & 443 ports ? Or is it restricted somehow to work only on 443 port?
    (assuming i have reserved IP only for ispconfig apache instance)


    Radim
     
    Last edited: Apr 13, 2007
  8. radim_h

    radim_h Member HowtoForge Supporter

    Question 1 solved completely .)

    Eh, i'm dummy

    all what is needed is write listen directive for each IP adress into
    /etc/httpd/conf.d/ssl.conf like
    Listen 82.xxx.xxx.36:443
    Listen 82.xxx.xxx.37:443

    :)
     
  9. falko

    falko Super Moderator ISPConfig Developer

    Put
    Code:
    Listen <IP Address>:80
    Listen <IP Address>:443
    into /root/ispconfig/httpd/conf/httpd.conf and remove
    Code:
    Listen 81
    . Then restart ISPConfig.
     

Share This Page