SSL for virtual hosts not working - error 12263

Discussion in 'Installation/Configuration' started by radim_h, Apr 12, 2007.

  1. radim_h

    radim_h Member

    Can someone help please?

    When i create SSL certificate for any site in ISPconfig, https doesnt work,
    i'm getting "error 12263" in browser

    With openssl query i'm getting
    [[email protected] /home/rh]# openssl s_client -connect
    24822:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:478:

    I have more Ip adresses and this error apears also when ispconfig_server is off,
    so it looks like some apache issue.

    I'm using Fedora6 with apache 2.2.3-5
  2. radim_h

    radim_h Member

    bit more information

    In /etc/httpd/conf/vhostsVhosts_ispconfig.conf

    Ispconfig adds for SSL sites something like:

    <IfModule mod_ssl.c>
    <Directory "/var/www/web6/web/pub">
    Options +Indexes

    But with httpd -l i see just

    Compiled in modules:

    can i change soething to make ispconfig use /usr/lib/httpd/modules/
    or do i have to recompile apache someway?
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    httpd -l lists only the compiled in modules and not the dynamically loaded modules, mod_ssl is dynamically loaded. Also the "<IfModule mod_ssl.c>" definition is always correct, it never contains a path.

    Please post the output of:

    netstat -tap
  4. radim_h

    radim_h Member

    netstat -tap

    tcp 0 0 *:899 *:* LISTEN 1989/rpc.statd
    tcp 0 0 *:mysql *:* LISTEN 2272/mysqld
    tcp 0 0 *:sunrpc *:* LISTEN 1964/portmap
    tcp 0 0 *:* LISTEN 2881/named
    tcp 0 0 *:* LISTEN 2881/named
    tcp 0 0 *:* LISTEN 2881/named
    tcp 0 0 *:* LISTEN 2881/named
    tcp 0 0 localhost.localdomai:domain *:* LISTEN 2881/named
    tcp 0 0 *:smtp *:* LISTEN 2837/master
    tcp 0 0 *:https *:* LISTEN 2724/ispconfig_http
    tcp 0 0 *:imaps *:* LISTEN 2304/dovecot
    tcp 0 0 *:pop3s *:* LISTEN 2304/dovecot
    tcp 0 0 *:pop3 *:* LISTEN 2304/dovecot
    tcp 0 0 *:imap *:* LISTEN 2304/dovecot
    tcp 0 0 *:http *:* LISTEN 2753/httpd
    tcp 0 0 *:ftp *:* LISTEN 2909/proftpd: (acce
    tcp 0 0 *:ssh *:* LISTEN 2152/sshd
    tcp 0 1776 duck.u-turnme:pptconference ESTABLISHED 2195/0

    btw>there is no file mod_ssl.c in the system, and when i install yum install mod_ssl then ispconfig doesnt start and system apache use completely different certificates then defined..
    Last edited: Apr 13, 2007
  5. falko

    falko Super Moderator ISPConfig Developer

    Did you configure ISPConfig to listen on port 443? In that case your virtual hosts can't use SSL anymore because port 443 is already in use.
  6. radim_h

    radim_h Member

    port 443

    yes i did, but ispconfig is on different IP adresses

    blahblah, deleted .))
    Last edited: Apr 13, 2007
  7. radim_h

    radim_h Member

    SOLVED - when edit /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf manually

    more https sites on port 443 works under this conditions
    (assuming i use for ISPconfig apache and for virtual host under system apache)

    1. In /root/ispconfig/httpd/conf/https.conf must be:


    #Port (uncommented or Port 80)

    <IfDefine SSL>

    2. There must by mod_ssl installed
    in /etc/https/conf.d/ssl.conf must be uncommented line
    #Listen 443

    3. In /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
    must be added directive
    "Listen" (ip adress of the web) so it looks like:

    <IfModule mod_ssl.c>
    <Directory "/var/www/web6/web/pub">
    Options +Indexes

    Then i can use more SSL certificates.


    Two Questions: .)

    1.Can i force Ispconfig to add "Listen" directive automaticaly to Vhosts_ispconfig.conf when i create SSL certificate ?? Otherwise this directive dissapear with ANY CHANGE of Any site :( :( :(
    Or ho to add it into "Apache Directives" window in page properties, which doesnt work??

    2.What do i have to add into /root/ispconfig/httpd/conf/https.conf
    to make ispconfig work on both 80 & 443 ports ? Or is it restricted somehow to work only on 443 port?
    (assuming i have reserved IP only for ispconfig apache instance)

    Last edited: Apr 13, 2007
  8. radim_h

    radim_h Member

    Question 1 solved completely .)

    Eh, i'm dummy

    all what is needed is write listen directive for each IP adress into
    /etc/httpd/conf.d/ssl.conf like

  9. falko

    falko Super Moderator ISPConfig Developer

    Listen <IP Address>:80
    Listen <IP Address>:443
    into /root/ispconfig/httpd/conf/httpd.conf and remove
    Listen 81
    . Then restart ISPConfig.

Share This Page