Updated to 3.0.3.3 and SSL/8080 stopped working

Discussion in 'Installation/Configuration' started by eko_taas, Apr 16, 2011.

  1. eko_taas

    eko_taas New Member

    SSL/8080 was working earlier OK, but after updating to 3.0.3.3 (at my own risk used from panel (system / Remote actions / Do ISPConfig-update ), went OK, but also after restart ISPConfig thru SSL stopped working (unsecured OK). Otherwise seems to work OK (shows 3.0.3.3 when logged in).

    I checked as per manual 6.2. ("6.2 Enabling SSL For The ISPConfig Web Interface") and all looks the same as earlier:
    - certificates exists
    - a2enmod ssl" gives "Module ssl already enabled"
    - SSL engine extra lines in file still exists

    so:
    - http://server1.example.com:8080 => works
    - https://server1.example.com:8080 => gives below
    When re-starting machine, everything looks OK, but when manually restart of apache shows error
    Code:
    # /etc/init.d/apache2 restart
    Restarting web server: apache2apache2: apr_sockaddr_info_get() failed for server1.example.com
    ...
     ... waiting apache2: apr_sockaddr_info_get() failed for server1.example.com
    ...
    #
    Any idea?

    Webmin (with SSL) still OK (done as HOWTO)
    http://www.howtoforge.net/easy-roundcube-over-ssl-and-webmin-with-fail2ban-for-ispconfig-3-on-debian-squeeze
     
  2. falko

    falko Super Moderator

    Can you post your /etc/apache2/sites-available/ispconfig.vhost file?
     
  3. benlake

    benlake New Member

    When I upgraded my ispconfig.vhost had been reverted to non-SSL version, and the error you are getting is exactly what would happen if you specified https:// when connecting to a port not speaking SSL. So most likely it isthe config now has SSLEngine On commented out.
     
  4. till

    till Super Moderator

    This happens if your ssl certificates are in a wrong location or have wrong filenames. ISPConfig espects the ssl certs for the interface here:

    /usr/local/ispconfig/interface/ssl/ispserver.crt
    /usr/local/ispconfig/interface/ssl/ispserver.key
     
  5. eko_taas

    eko_taas New Member

    Mistake on manual then?

    Manual ("Version 1.1 for ISPConfig 3.0.3", chapter 6.2) asks to create ssl-certificates on diff. place
    Now (as done per manual on org installation before update):
    Code:
     /usr/local/ispconfig/interface/ssl# cd /etc/apache2/ssl
     /etc/apache2/ssl# ls
    ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
    ...
    /usr/local/ispconfig/interface/ssl# ls
    (empty...)
    
    This setup worked in earlier version...

    Now do I'll have to
    - copy /etc/apache2/ssl to /usr/local/ispconfig/interface/ssl
    - edit /etc/apache2/sites-available/ispconfig.vhost as to point to /usr/local/ispconfig/interface/ssl
    or what is the correct way?
     
    Last edited: Apr 18, 2011
  6. eko_taas

    eko_taas New Member

    Seems that upgrade has also changed /etc/apache2/sites-available/ispconfig.vhost as earlier changes not any more there

    Code:
    ...
      # SSL Configuration
      #SSLEngine On
      #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    ...
    So removed comments and copied
    Code:
    # cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
    l# cd /usr/local/ispconfig/interface/ssl/
     /usr/local/ispconfig/interface/ssl# ls
    ispserver.crt  ispserver.csr  ispserver.key  ispserver.key.secure
    # /etc/init.d/apache2 restart
    And WOW, SSL working again....
    Code:
    https://server1.example.com:8080/
    https://example.com:8080/webmail/
    Thanks for help, please correct manual as well (if needed ;) )

    I future I hope that upgrade would not touch these basic things....
     
  7. micko_escalade

    micko_escalade New Member

    Run into same issue as eko_taas but just to make it clear I had to copy all files using
    Code:
    cp /etc/apache2/ssl/* /usr/local/ispconfig/interface/ssl/
    Then from the manual page 297 this:
    Code:
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/ispserver.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ispserver.key
    inside /etc/apache2/sites-available/ispconfig.vhost

    un-commenting

    Code:
      # SSL Configuration
      #SSLEngine On
      #SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    
    Did now solve my issue.
     
    Last edited: Apr 24, 2011

Share This Page