Updated to 3.0.3.3 and SSL/8080 stopped working

Discussion in 'Installation/Configuration' started by eko_taas, Apr 16, 2011.

  1. eko_taas

    eko_taas New Member

    SSL/8080 was working earlier OK, but after updating to 3.0.3.3 (at my own risk used from panel (system / Remote actions / Do ISPConfig-update ), went OK, but also after restart ISPConfig thru SSL stopped working (unsecured OK). Otherwise seems to work OK (shows 3.0.3.3 when logged in).

    I checked as per manual 6.2. ("6.2 Enabling SSL For The ISPConfig Web Interface") and all looks the same as earlier:
    - certificates exists
    - a2enmod ssl" gives "Module ssl already enabled"
    - SSL engine extra lines in file still exists

    so:
    - http://server1.example.com:8080 => works
    - https://server1.example.com:8080 => gives below
    When re-starting machine, everything looks OK, but when manually restart of apache shows error
    Code:
    # /etc/init.d/apache2 restart
    Restarting web server: apache2apache2: apr_sockaddr_info_get() failed for server1.example.com
    ...
     ... waiting apache2: apr_sockaddr_info_get() failed for server1.example.com
    ...
    #
    Any idea?

    Webmin (with SSL) still OK (done as HOWTO)
    http://www.howtoforge.net/easy-roundcube-over-ssl-and-webmin-with-fail2ban-for-ispconfig-3-on-debian-squeeze
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Can you post your /etc/apache2/sites-available/ispconfig.vhost file?
     
  3. benlake

    benlake New Member

    When I upgraded my ispconfig.vhost had been reverted to non-SSL version, and the error you are getting is exactly what would happen if you specified https:// when connecting to a port not speaking SSL. So most likely it isthe config now has SSLEngine On commented out.
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    This happens if your ssl certificates are in a wrong location or have wrong filenames. ISPConfig espects the ssl certs for the interface here:

    /usr/local/ispconfig/interface/ssl/ispserver.crt
    /usr/local/ispconfig/interface/ssl/ispserver.key
     
  5. eko_taas

    eko_taas New Member

    Mistake on manual then?

    Manual ("Version 1.1 for ISPConfig 3.0.3", chapter 6.2) asks to create ssl-certificates on diff. place
    Now (as done per manual on org installation before update):
    Code:
     /usr/local/ispconfig/interface/ssl# cd /etc/apache2/ssl
     /etc/apache2/ssl# ls
    ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
    ...
    /usr/local/ispconfig/interface/ssl# ls
    (empty...)
    
    This setup worked in earlier version...

    Now do I'll have to
    - copy /etc/apache2/ssl to /usr/local/ispconfig/interface/ssl
    - edit /etc/apache2/sites-available/ispconfig.vhost as to point to /usr/local/ispconfig/interface/ssl
    or what is the correct way?
     
    Last edited: Apr 18, 2011
  6. eko_taas

    eko_taas New Member

    Seems that upgrade has also changed /etc/apache2/sites-available/ispconfig.vhost as earlier changes not any more there

    Code:
    ...
      # SSL Configuration
      #SSLEngine On
      #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    ...
    So removed comments and copied
    Code:
    # cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
    l# cd /usr/local/ispconfig/interface/ssl/
     /usr/local/ispconfig/interface/ssl# ls
    ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
    # /etc/init.d/apache2 restart
    And WOW, SSL working again....
    Code:
    https://server1.example.com:8080/
    https://example.com:8080/webmail/
    Thanks for help, please correct manual as well (if needed ;) )

    I future I hope that upgrade would not touch these basic things....
     
  7. micko_escalade

    micko_escalade New Member

    Run into same issue as eko_taas but just to make it clear I had to copy all files using
    Code:
    cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
    Then from the manual page 297 this:
    Code:
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/ispserver.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key
    inside /etc/apache2/sites-available/ispconfig.vhost

    un-commenting

    Code:
      # SSL Configuration
      #SSLEngine On
      #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    
    Did now solve my issue.
     
    Last edited: Apr 24, 2011

Share This Page