WildCard SSL - 3.1.13

Discussion in 'ISPConfig 3 Priority Support' started by Bob Hall, Dec 13, 2019.

  1. Bob Hall

    Bob Hall New Member HowtoForge Supporter

    Greetings;
    I have a wildcard for one of my clients subdomains XXX.mainsite.ca The wild card package contains:

    private Key
    PEM Format
    .crt file
    .p7b file
    and a bundle file

    How do I set this up for the clients site in ispconfig?

    Thank You
    Bob

    UPDATE: I opened up the files copied and pasted them into their appropriate boxes under the subdomain:
    Box 1 (SSL Key): Private Key
    Box 2(SSL Request): Empty - as it was not used to get the certificate
    Box 3 (SSL Certificate): .CRT file
    Box 4 (SSl Bundle): bundle-file

    I now get this error message when I go to the site:
    SSL_ERROR_RX_RECORD_TOO_LONG in the web browser.

    Thanks;
    Bob
     
    Last edited: Dec 13, 2019
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    That should be fine like this. Did you select 'save certificate' as action in the action field before you pressed save? If not, do that now and try again. And ensure that the ssl checkbox on the first tab of the website settings is enabled.
     
  3. Bob Hall

    Bob Hall New Member HowtoForge Supporter

    Good Morning;
    I have saved the certificates as mentioned above and checked of SSL off on the site where we are installing them. I redid it this morning and was hopeful it would work but when I go to https://subdomain.primarydomain.ca it get the error. I know the certificate does work because it is installed on an https VDI solution under a different subdomain.

    any suggestions you can offer would be awesome and thank you!
     
  4. Bob Hall

    Bob Hall New Member HowtoForge Supporter

    Good Morning (again)

    I have updated the 3 subdomains and the certificate is now working however, it redirects the page to a different location (apparently) as the pages being displayed are the default website page vs. the actual site. how do I redirect it to the actual site code vs. this new landing area?

    thanks;
    Bob
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The SSL cert does not redirect any site, when you get content of a different site than expected, then the most likely reasons are:

    1) You access a site by https that has no SSL enabled.
    2) You mixed up * and an IP address in the IPv4 fields of the sites on your server, use either * for all sites or the IPv4 address.

    I recommend that you check the generated vhost file if it really contains an SSL section.
     
    ahrasis likes this.
  6. Bob Hall

    Bob Hall New Member HowtoForge Supporter

    where are these files located? (the vhost file)
     
  7. Bob Hall

    Bob Hall New Member HowtoForge Supporter

    OK, thanks again for your patience while I work through this. I found the directory where the vhost files are saved. for each one that should be https, there is a 'domainsub.domain.ca.vhost and a .vhost.error the .vhost.error file contains the certificate information.

    is there a log or something that would tell me what is wrong?

    thanks;
    bob
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    The .err file is created when apache did not start with the new config file. What you can try is to rename the .vhost file to .vhaost.bak, then rename the .vhost.err file to .vhsot and restart apache. In case it fails and you don't get any errors, then there is a problem with the SSL cert. E.g. maybe your SSL key requires a password? In that case, you have to save the key without a password (you can do the conversion with the openssl command on Linux) as apache can't start with a password protected key.
     

Share This Page