SSL Issue - Unable to connect to any site

Discussion in 'Installation/Configuration' started by Menzor, May 24, 2007.

  1. Menzor

    Menzor New Member

    Hello,

    The issue I am experieancing is that i can not get to any ssl pages on any site, although ISPConfig works correctly using https://. The error that appears in FireFox is
    Unable to Connect Firefox can't establish a connection to the server at www.mywebsite.com

    I am a new ISPConfig user.

    I followed the install procedures outlined in
    http://www.howtoforge.com/installing_a_lamp_system_with_fedora_core_6

    The install went very smooth with out issue. I could be wrong, but i believe during the restart of appache in the instructions, i was asked all the questions for an SSL key.

    I then went on to work through the site and set some configurations using ISPConfig through https:// connection with out any issue.

    I restarted my server, I only have SSH access to the box, and discovered that it was not restarting. I called the data center and discovered that apache was waiting for a pass phrase. As no one can see this prompt, the data center had to enter the password in.

    I then decrypted and chmoded the key so that apache would no longer ask for the pass phrase.

    At this point i then decided to test and see if i could view an SSL page. I could not, upto this point i had not checked. Which seemed odd because ISPConfig was running ssl and was working fine.

    I then looked through the forums here and discovered that i should have created my key in ISPConfig. So i tried creating a key in ISPConfig.

    Still no ssl access.

    tried
    openssl genrsa -des3 -passout pass:menzor -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
    openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
    openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
    openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
    chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

    tried looking to see if SSL is running
    use command netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:etlservicemgr *:* LISTEN 3668/perl
    tcp 0 0 *:mysql *:* LISTEN 2684/mysqld
    tcp 0 0 *:781 *:* LISTEN 2295/rpc.statd
    tcp 0 0 *:sunrpc *:* LISTEN 2270/portmap
    tcp 0 0 *:hosts2-ns *:* LISTEN 9533/ispconfig_http
    tcp 0 0 209.51.199.46:domain *:* LISTEN 10017/named
    tcp 0 0 209.51.199.45:domain *:* LISTEN 10017/named
    tcp 0 0 209.51.199.44:domain *:* LISTEN 10017/named
    tcp 0 0 www.seconddomain.com:domain *:* LISTEN 10017/named
    tcp 0 0 server1.firstdomain.c:domain *:* LISTEN 10017/named
    tcp 0 0 localhost:domain *:* LISTEN 10017/named
    tcp 0 0 localhost:ipp *:* LISTEN 2545/cupsd
    tcp 0 0 localhost:rndc *:* LISTEN 10017/named
    tcp 0 0 *:smtp *:* LISTEN 9742/master
    tcp 0 0 *:imaps *:* LISTEN 2713/dovecot
    tcp 0 0 *:pop3s *:* LISTEN 2713/dovecot
    tcp 0 0 *:pop3 *:* LISTEN 2713/dovecot
    tcp 0 0 *:imap *:* LISTEN 2713/dovecot
    tcp 0 0 *:http *:* LISTEN 9668/httpd
    tcp 0 0 *:ftp *:* LISTEN 10038/proftpd: (acc
    tcp 0 0 *:ssh *:* LISTEN 2563/sshd
    tcp 0 0 server1.firstdomain.com:ipp *:* LISTEN 2545/cupsd
    tcp 0 0 server1.firstdomain.com:rndc *:* LISTEN 10017/named
    tcp 0 1036 server1.firstdomain.com:ssh S01060013465e3aba.wp.:59903 ESTABLISHED 8403/0

    I don't see anything SSL listening to port 443
    Try restarting apache with ssl
    apachectl -D SSL -k start
    Already running

    Apache error log from /var/log/httpd/error_log
    [Thu May 24 01:52:53 2007] [error] an unknown filter was not added: PHP
    [Thu May 24 01:52:53 2007] [error] an unknown filter was not added: PHP
    [Thu May 24 07:30:28 2007] [error] an unknown filter was not added: PHP
    [Thu May 24 07:30:28 2007] [error] an unknown filter was not added: PHP
    [Thu May 24 08:50:23 2007] [notice] caught SIGTERM, shutting down
    [Thu May 24 08:50:23 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin
    /suexec)
    [Thu May 24 08:50:23 2007] [notice] Digest: generating secret for digest authent
    ication ...
    [Thu May 24 08:50:23 2007] [notice] Digest: done
    [Thu May 24 08:50:23 2007] [notice] Apache/2.2.4 (Unix) DAV/2 PHP/5.1.6 configur
    ed -- resuming normal operations
    [Thu May 24 09:21:15 2007] [notice] caught SIGTERM, shutting down
    [Thu May 24 09:21:15 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin
    /suexec)
    [Thu May 24 09:21:15 2007] [notice] Digest: generating secret for digest authent
    ication ...
    [Thu May 24 09:21:15 2007] [notice] Digest: done
    [Thu May 24 09:21:15 2007] [notice] Apache/2.2.4 (Unix) DAV/2 PHP/5.1.6 configur
    ed -- resuming normal operations

    Any help is appreciated

    Thank you
     
  2. till

    till Super Moderator

    You mix up the ssl setup for the controlpanel webserver and the webserver for your websites. You must create a SSL certificate for the website in ISPConfig by enabling SSL in the site settings, hit save, then go to the SSL tab of the site and reate a certificate.
     
  3. Menzor

    Menzor New Member

    Thank you for the reply

    Steps taken

    1. As site had ssl enabled, uncheck SSL box on control panel..save
    2. Re-check SSL Box on control panel...save
    3. Goto SSL Tab in control panel, select action, create certificate (although I notice that all the fields country, province .....are filled in already including both the SSL Request, and the SSL Certificate:) ...save

    Result:
    try to browse to https://
    Firefox: Unable to connect: Firefox can't establish a connection to the server

    Restart Apache
    Firefox: Unable to connect: Firefox can't establish a connection to the server

    Restart ISPConfig
    /etc/init.d/ispconfig_server restShutting down ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl stop: httpd stopped
    ISPConfig system stopped!
    Starting ISPConfig system...
    /root/ispconfig/httpd/bin/apachectl startssl: httpd started
    ISPConfig system is now up and running!

    try to browse to https://
    Firefox: Unable to connect: Firefox can't establish a connection to the server

    I am not sure but from the netstat i posted does it look like SSL is running? I know everything else says it is. Not sure.
     
  4. till

    till Super Moderator

    You apache server seems not to listen on the https port. Please reconfigure the apache webserver as described in the perfects etup guide for your linux distribution.
     
  5. Menzor

    Menzor New Member

    Solved

    I figured it out after trying for hours, turns out the solution is really simple.

    If installing on a Fedora core bare bones install (the way i recieved it from the data center) make sure mod_ssl is installed!

    Thank you all for helping!

    Great app by the way!
     

Share This Page