SSL - cham74 - 06-28-2011 08:24 PM
Trying to install a Self-Signed Certificate to a virtual site, however the https page times out.
the suexec log gives:
Quote:[2011-06-28 06:11:36]: uid: (vu2016/vu2016) gid: (2016/2016) cmd: php5-fcgi-starter
[2011-06-28 06:15:07]: uid: (vu2009/vu2009) gid: (2009/2009) cmd: php5-fcgi-starter
[2011-06-28 06:21:08]: uid: (vu2004/vu2004) gid: (2004/2004) cmd: php5-fcgi-starter
Created a cert following these instructions https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html (where I put for Your name as mydomain.tld)
Then followed directions here: http://isp-control.net/forum/thread-9169.html
The /etc/apache2/sites-available/ispcp-ssl file looks like this for the domain I want https for
Quote:NameVirtualHost xx.xxx.xxx.xx:443
<VirtualHost xx.xxx.xxx.xx:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
<IfModule suexec_module>
SuexecUserGroup vu2027 vu2027
</IfModule>
ServerAdmin webmaster@mydomain.tld
DocumentRoot /var/www/virtual/mydomain.tld/htdocs
ServerName mydomain.tld
ServerAlias http://www.mydomain.tld mydomain.tld *.mydomain.tld
Alias /errors /var/www/virtual/mydomain.tld/errors/
RedirectMatch permanent ^/ftp([\/]?) http://admin.hosting.domain.tld/ftp/
RedirectMatch permanent ^/pma([\/]?) http://admin.hosting.domain.tld/pma/
RedirectMatch permanent ^/webmail([\/]?) http://admin.hosting.domain.tld/webmail/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
<IfModule mod_cband.c>
CBandUser mydomain.tld
</IfModule>
# httpd awstats support BEGIN.
# httpd awstats support END.
# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/mydomain.tld/cgi-bin/
<Directory /var/www/virtual/mydomain.tld/cgi-bin>
AllowOverride AuthConfig
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.
<Directory /var/www/virtual/mydomain.tld/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/mydomain.tld/:/var/www/virtual/mydomain.tld/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/mydomain.tld/phptmp/"
php_admin_value session.save_path "/var/www/virtual/mydomain.tld/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2027 -t -i'
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/mydomain.tld/
<Directory "/var/www/fcgi/mydomain.tld">
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/mydomain.tld/htdocs>
FCGIWrapper /var/www/fcgi/mydomain.tld/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/mydomain.tld">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.
Include /etc/apache2/ispcp/mydomain.tld.conf
</VirtualHost>
Any ideas anyone. Thanks
RE: SSL - kilburn - 06-28-2011 10:15 PM
The configuration looks fine, and if apache does not complain when you start it, then the error is probably elsewhere (php?). Can you test with a static (html) file?
RE: SSL - aseques - 06-29-2011 12:46 AM
I haven't looked at your config but the most up to date documentation I mantain is the on this wiki page:
http://isp-control.net/documentation/doku.php?id=howto:defaultport
There might be some errors on the other one.
In any case, if kilburn says it's ok, it's probably fine.
RE: SSL - cham74 - 06-29-2011 12:52 AM
Thanks for the replies. Actually I cannot telnet domain 443 or connect with penssl s_client -connect domain.tld:443 however the ports are listening.
netstat -lnp | grep '443'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10523/apache2
RE: SSL - aseques - 06-29-2011 02:58 AM
(06-29-2011 12:52 AM)cham74 Wrote: Thanks for the replies. Actually I cannot telnet domain 443 or connect with penssl s_client -connect domain.tld:443 however the ports are listening.
netstat -lnp | grep '443'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10523/apache2
That has no sense, have you tried directly with the ip address instead of the domain?
Otherwise it would seem something related to the firewall or your connectivity
RE: SSL - cham74 - 06-29-2011 06:38 PM
Yes it was my hosting company's firewall blocking port 443 for the ip address. I had been told and presumed it was open their end. Thanks again for the support.
RE: SSL - aseques - 06-30-2011 04:19 PM
Never trust your ISP
|