SSL on ISPConfig

Discussion in 'Installation/Configuration' started by marm26, Jan 1, 2009.

  1. marm26

    marm26 New Member

    Hello everybody.

    I just purchased an SSL certificate from I followed the steps outlined here:

    to install the certificate on my server. However I can't get this to work. when I enter the browser cant connect to my server. The exact error firefox is giving me is:

    Failed to Connect
    Firefox can't establish a connection to the server at

    Is this a problem with the SSL installation? It looks like a DNS related problem to me. How can i fix this?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Are you able to connect to without dns?
    2) Please post the output of the command:

    nestat -tap
  3. marm26

    marm26 New Member

    Hi Till.

    nestat -tap returns the following:

    Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name
    tcp 0 0 *:npmp-gui *:* LIST EN 2125/rpc.statd
    tcp 0 0 *:mysql *:* LIST EN 2503/mysqld
    tcp 0 0 *:sunrpc *:* LIST EN 2076/portmap
    tcp 0 0 *:hosts2-ns *:* LIST EN 7110/ispconfig_http
    tcp 0 0 *:ftp *:* LIST EN 14289/proftpd: (acc
    tcp 0 0 BBB.BBB.BBB.BB:domain *:* LIST EN 9030/named
    tcp 0 0 AAA.AAA.AAA.AAA:domain *:* LIST EN 9030/named
    tcp 0 0 ess000665.localdomai:domain *:* LIST EN 9030/named
    tcp 0 0 ess000665.localdomain:ipp *:* LIST EN 2390/cupsd
    tcp 0 0 *:smtp *:* LIST EN 14354/master
    tcp 0 0 ess000665.localdomain:rndc *:* LIST EN 9030/named
    tcp 0 0 *:imaps *:* LIST EN 2532/dovecot
    tcp 0 0 *:pop3s *:* LIST EN 2532/dovecot
    tcp 0 0 *:pop3 *:* LIST EN 2532/dovecot
    tcp 0 0 *:imap *:* LIST EN 2532/dovecot
    tcp 0 0 *:http *:* LIST EN 7575/httpd
    tcp 0 0 *:ssh *:* LIST EN 2375/sshd
    tcp 0 0 localhost6.localdomain:rndc *:* LIST EN 9030/named
    tcp 0 1892 ::ffff:AAA.AAA.AAA.AAA:ssh p4FD5FB21.dip.t-:telefinder ESTA BLISHED 18000/0

    What do you mean when you say: "can you connect to without dns?" I was talking about the dns records for i have set up in ispconfig. If i disable this off course i wont be able to connect anymore??? However i don't really know what i am doing here. Kind of new to linux...

    Some more information: I am using centos 5.2 and I used the perfect server setup guide for centos from how to forge. From the beginning i could not get ispconfig runing on a SSL secured connection. So i reinstalled again and after it didnt work i went for the option without SSL which is perfectly working now. I added suPHP to the inital setup.

    ISPConfig is runnig on IP AAA.AAA.AAA.AAA and the domain I installed the new godday ssl certificate for is runing on a different IP (BBB.BBB.BBB.BB). When i type https://AAA.AAA.AAA.AAA:81 i get the following error: "SSL received a record that exceeded the maximum permissible length.(Error code: ssl_error_rx_record_too_long)".

    I tried to reinstall the certificate already but with no result at all.

    For the goddady SSL I just get an "cant connect to my server" error. I can connect to but not to

    Hope that helps. Actually i would like to have both ssl certificates working. I would have reinstalled but i tried that before without any success...
  4. marm26

    marm26 New Member

    Ok here is some follow up info. It turns out mod_ssl wasn't properly installed. I guess that's a typical newbie mistake. I simply did yum install mod_sll , then i restarted apache and my godaddy certificates on my second ip are perfectly working now :)

    However I still have problems with the isp config controll panel. I did this:

    Restarted ispconfig but i still get the same error message in firefox:
    Secure Connection Failed
    An error occurred during a connection to XXX:XXX:XXX:XX:81.
    SSL received a record that exceeded the maximum permissible length.
    (Error code: ssl_error_rx_record_too_long)

    Not sure whats causing this. One thing that might be important to mention. My main IP has no domain attached to it. So i just inserted my ip for the common name when i requested the SSL certificate. I tried leaving all blank as well with no success.

    Not sure what else i could try. Any help with this would be greatly appreciated. Loging into my ispconfig panel wihout ssl in place doenst sound like a great idea to me...
    Last edited: Jan 4, 2009
  5. marm26

    marm26 New Member

    Now this is strange. I can now connect to the ip ispconifg is set up on with:

    Everything seems to work. I get an apache centos test page. Now this seems ok to me as it is already better then an SSL error. But shouldn't i be seeing the same page as with http://IP-here which is the ispconfig shared ip page?

    Anyways if i try to connect to https://IP-here:81 i get the same error as before. (same IP just added :81 to get to ispconfig login.)


    Any suggestions?
  6. falko

    falko Super Moderator ISPConfig Developer

    Please recreate the cert and accept all default values. It should work then.
  7. marm26

    marm26 New Member

    Thanks Falko.

    I recreated the Certificate but i am still getting the same error message. Is there anything else i could try?
  8. falko

    falko Super Moderator ISPConfig Developer

    Did you choose HTTPS or HTTP during the ISPConfig installation?
  9. marm26

    marm26 New Member

    As stated abouve I choose http during the installation cause i couldn't get https to work (mod_sll wasn't properly installed). So I should change to https?

    Ok gone try that and come back with the results in a few minutes. Up to now I thought choosing http only means that ispconfig goes to http://myIP:81 with default settings. I thought i could still manually insert the https://...

    I guess i was wrong. Thanks again for you help Falko. Gone get back to you with the results soon...
  10. marm26

    marm26 New Member

Share This Page