SSL question

Discussion in 'General' started by FredZinsli, May 16, 2018.

  1. FredZinsli

    FredZinsli New Member

    I have ispconfig3 woring on my debian stretch server.
    I have purchased the documentation and discovered that I can only have one SSL per IP. So I deleted the only working SSL and turned off SSL for all domains except for the domain I really want working with SSL.
    I created the SSL as per the manual but it doesn't work.
    I have checked with different browsers and laptops with the same result.

    Your comments would be most helpful

    Regards

    Fred
     
  2. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    you can enable the use of SNI at your server configuration => web ( modern webservers do support SNI ).
    You don't need additional IPs except you need to support web browsers from the stoneage :)
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    SNI is on by default and you can have as many SSL sites on one IP as you want due to SNI now. So all you have to do is to create SSL certs for the websites in ISPConfig with let's encrypt or manually on the SSL tab.
     
  4. FredZinsli

    FredZinsli New Member

    Ok, the issue isn't that I wan't multiple SSL on one IP. I am happy with just one SSL on one site. The issue is that I can't seem to get it to work on the domain I require it to work on.

    The primary domain that I configured ispconfig to be hosted on is the only domain that SSL works on. IE the host name of the server. I have not configured the control panel for SSL as it only has LAN access and can't be accessed from the internet (single server setup).

    The other 3 domains I have added to ispconfig for some reason I can't get SSL to work on. Only one of the 3 has an actual website. The other 2 domains will be redirected to the domain with the website. For clarity, I have been setting up SSL on a single domain, then testing, and then removing the SSL, then moving on to the next domain.

    I have followed the directions in the manual, which frankly are very elimentry and straight forward. But I am at a loss as to why I can't get it to work. I've obviously missed something but can't seem to work out what.

    Regards

    Fred
     
  5. yodaofborg

    yodaofborg New Member

    Are all your domains set the same under the IPv4-Address field? As you are adding domains, testing SSL and then turning it off, you will need to make sure all domains (that are ever going to have SSL and LE enabled) are either set to *, or to the same IP address. Mixing some with IP and some with * will break it.
     
  6. FredZinsli

    FredZinsli New Member

    OK, so I have nuked and rebuilt the server entirely. I used this to build the server. I then added some PHP versions as per this. I haven't enabled SSL for the control panel as I only access it via the LAN.

    I have installed 9 sites and enabled SSL on all of them. None of them responed to SSL. I'm a bit frustrated by this, so I will refer it to paid support and have it done porperly.

    Regards

    Fred
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    What do you mean with "and enabled SSL"? Enabling SSL is not enough to make a website respond to https requests, you also need an SSL cert for that. So you either have to create an SSL cert on the ssl tab of the website then or use let's encrypt by enabling the let's encrypt checkbox of the website. If you use letsencrypt and your server is behind a router that blocks requests to the domains from inside the LAN, then you have to disable the let's encrypt check under system > server config > web. and a prerequisite for let's encrypt is that the websites point to this server in DNS already, so let's encrypt can reach them from outside the LAN as well.
     
  8. FredZinsli

    FredZinsli New Member

    Sorry, incomplete information.
    I enabled SSL + Let's Encrypt SSL on the domain tab. I then created a cert on the SSL tab. And just for the hell of it I selected save on the SSL tab after it was created. I suspect I didn't have to save after creation.

    Regards

    Fred
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    That's a bad idea, you simply disabled LE SSL for the site with that. Either use Let's encrypt or create a self-signed SSL cert but use not both alternatives at the same time.

    To enable SSL with letsencrypt for a website, enable the SSL checkbox and the Let's encrypt checkbox and press save, that's all.

    If you want to use a self-signed ssl cert instead, then enable the SSL checkbox, go to the ssl tab, enter the cert details, select create certificate as action and press save. That's all explained in detail incl. screenshots in the manual.
     
  10. FredZinsli

    FredZinsli New Member

    Awesome. After reading your post to it's entirety I found the problem.

    I'm not doing any DNS, I simply have a A record pointing to my IP. I'm not even hosting my email, just the websites only.

    As I can't be bothered with DNS I won't bother with SSL.

    Thankyou for the insite into SSL.

    Regards

    Fred
     

Share This Page