ispCP - Board - Support
SSL - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: SSL (/thread-14271.html)

SSL - cham74 - 06-28-2011 08:24 PM

Trying to install a Self-Signed Certificate to a virtual site, however the https page times out.

the suexec log gives:

Quote:[2011-06-28 06:11:36]: uid: (vu2016/vu2016) gid: (2016/2016) cmd: php5-fcgi-starter
[2011-06-28 06:15:07]: uid: (vu2009/vu2009) gid: (2009/2009) cmd: php5-fcgi-starter
[2011-06-28 06:21:08]: uid: (vu2004/vu2004) gid: (2004/2004) cmd: php5-fcgi-starter

Created a cert following these instructions https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html (where I put for Your name as mydomain.tld)

Then followed directions here: http://isp-control.net/forum/thread-9169.html

The /etc/apache2/sites-available/ispcp-ssl file looks like this for the domain I want https for

Quote:NameVirtualHost xx.xxx.xxx.xx:443

<VirtualHost xx.xxx.xxx.xx:443>

SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key


<IfModule suexec_module>
SuexecUserGroup vu2027 vu2027
</IfModule>

ServerAdmin webmaster@mydomain.tld
DocumentRoot /var/www/virtual/mydomain.tld/htdocs


ServerName mydomain.tld
ServerAlias http://www.mydomain.tld mydomain.tld *.mydomain.tld

Alias /errors /var/www/virtual/mydomain.tld/errors/

RedirectMatch permanent ^/ftp([\/]?) http://admin.hosting.domain.tld/ftp/
RedirectMatch permanent ^/pma([\/]?) http://admin.hosting.domain.tld/pma/
RedirectMatch permanent ^/webmail([\/]?) http://admin.hosting.domain.tld/webmail/

ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser mydomain.tld
</IfModule>

# httpd awstats support BEGIN.

# httpd awstats support END.

# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/mydomain.tld/cgi-bin/
<Directory /var/www/virtual/mydomain.tld/cgi-bin>
AllowOverride AuthConfig
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.

<Directory /var/www/virtual/mydomain.tld/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/mydomain.tld/:/var/www/virtual/mydomain.tld/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/mydomain.tld/phptmp/"
php_admin_value session.save_path "/var/www/virtual/mydomain.tld/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2027 -t -i'
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/mydomain.tld/
<Directory "/var/www/fcgi/mydomain.tld">
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/mydomain.tld/htdocs>
FCGIWrapper /var/www/fcgi/mydomain.tld/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/mydomain.tld">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.

Include /etc/apache2/ispcp/mydomain.tld.conf

</VirtualHost>

Any ideas anyone. Thanks

RE: SSL - kilburn - 06-28-2011 10:15 PM

The configuration looks fine, and if apache does not complain when you start it, then the error is probably elsewhere (php?). Can you test with a static (html) file?

RE: SSL - aseques - 06-29-2011 12:46 AM

I haven't looked at your config but the most up to date documentation I mantain is the on this wiki page:
http://isp-control.net/documentation/doku.php?id=howto:defaultport
There might be some errors on the other one.
In any case, if kilburn says it's ok, it's probably fine.

RE: SSL - cham74 - 06-29-2011 12:52 AM

Thanks for the replies. Actually I cannot telnet domain 443 or connect with penssl s_client -connect domain.tld:443 however the ports are listening.

netstat -lnp | grep '443'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10523/apache2

RE: SSL - aseques - 06-29-2011 02:58 AM

(06-29-2011 12:52 AM)cham74 Wrote:  Thanks for the replies. Actually I cannot telnet domain 443 or connect with penssl s_client -connect domain.tld:443 however the ports are listening.

netstat -lnp | grep '443'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10523/apache2
That has no sense, have you tried directly with the ip address instead of the domain?
Otherwise it would seem something related to the firewall or your connectivity

RE: SSL - cham74 - 06-29-2011 06:38 PM

Yes it was my hosting company's firewall blocking port 443 for the ip address. I had been told and presumed it was open their end. Thanks again for the support.

RE: SSL - aseques - 06-30-2011 04:19 PM

Never trust your ISP Tongue