ispCP - Board - Support
Install SSL certificate to a customer domain - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: Install SSL certificate to a customer domain (/thread-9169.html)

Install SSL certificate to a customer domain - Diego - 01-12-2010 08:54 AM

How to enable that?

Using this guide doesn't helped much.
Thanks

RE: Install SSL certificate to a customer domain - kilburn - 01-12-2010 05:17 PM

Ispcp does not support SSL certificates as of now. Therefore, you have to manually setup it, which is described in many howtos. Keep in mind that when upgrading the panel, your modifications might have to be reapplied.

Basic schema of what to do:
1. Add Listen "YOUR.SRV.IP.ADDR:443" below wherever "Listen YOUR.SRV.IP.ADDR:80" is.
2. Copy the whole "<VirtualHost YOUR.SRV.IP.ADDR:80>...</VirtualHost>" corresponding to the website that you want to SSL-enable
3. Paste it into a new file "/etc/apache2/sites-available/ispcp-ssl"
4. Replace ":80" by ":443" in this new file
5. Add the required SSL directives, such as (these files should be provided by whoever sold you the certificate):
Code:
SSLEngine On
SSLCertificateFile /etc/ssl/certs/SERVER_NAME.crt
SSLCertificateKeyFile /etc/ssl/certs/SERVER_NAME.key
6. execute "a2ensite ispcp-ssl"
7. execute "a2enmod ssl"
8. Restart apache and enjoy your newly-enabled ssl site

Final note: keep in mind that you can only enable one SSL site per IP address, so do *not* copy the whole ispcp.conf and replace every :80 with :443 expecting that all the websites will be ssl-enabled, because it will *not* work.

RE: Install SSL certificate to a customer domain - mwlake - 02-12-2010 06:19 PM

Kilburn,
I have made a request in the "Setup and Installations" forums section for this exact problem.
I need to install a Purchased CA Certificate to my Website. Could you write an instruction HOWTO for this procedure. The above reply implies there may be steps missing, "Basic schema of what to do". Your help would be greatly appreciated.

RE: Install SSL certificate to a customer domain - kilburn - 02-12-2010 06:42 PM

I said "basic schema" because it explains the basic steps of what you should do to install the certificate, but doesn't provide detailed copy/paste tested instructions. Have you tried to understand what these steps are doing? Have you checked them against other "how to setup ssl in apache" howtos? Is there any specific thing you don't understand?

It's not that difficult...

RE: Install SSL certificate to a customer domain - Diego - 04-07-2010 03:09 PM

Hello kilburn, sorry for bring this up again, it's just that I did everything you said, a thought it's not working as expected.
Here is my .conf file
Quote:NameVirtualHost 188.40.134.xxx:443

<VirtualHost 188.40.134.xxx:443>

# SSL Directives
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com.key

<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>

ServerAdmin admin@example.com
DocumentRoot /var/www/virtual/example.com/htdocs

ServerName example.com
ServerAlias http://www.example.com example.com *.example.com

Alias /errors /var/www/virtual/example.com/errors/

RedirectMatch permanent ^/ftp([\/]?) http://admin.example.com/ftp/
RedirectMatch permanent ^/pma([\/]?) http://admin.example.com/pma/
RedirectMatch permanent ^/webmail([\/]?) http://admin.example.com/webmail/

ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser example.com
</IfModule>

# httpd awstats support BEGIN.

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /stats http://localhost/stats/example.com
ProxyPassReverse /stats http://localhost/stats/example.com

<Location /stats>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.+)\?config=([^\?\&]+)(.*) $1\?config=example.com&$3 [NC,L]
</IfModule>
AuthType Basic
AuthName "Statistics for domain example.com"
AuthUserFile /var/www/virtual/example.com/.htpasswd
AuthGroupFile /var/www/virtual/example.com/.htgroup
Require group statistics
</Location>

# httpd awstats support END.

# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/example.com/cgi-bin/
<Directory /var/www/virtual/example.com/cgi-bin>
AllowOverride AuthConfig
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.

<Directory /var/www/virtual/example.com/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/example.com/:/var/www/virtual/example.com/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/example.com/phptmp/"
php_admin_value session.save_path "/var/www/virtual/example.com/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2001 -t -i'
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/example.com/
<Directory "/var/www/fcgi/example.com">
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/example.com/htdocs>
FCGIWrapper /var/www/fcgi/example.com/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/example.com">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.

Include /etc/apache2/ispcp/example.com.conf

</VirtualHost>

thanks for your time

RE: Install SSL certificate to a customer domain - kilburn - 04-07-2010 03:44 PM

... and /var/log/apache2/suexec.log says....? (the apache config is OK, so I bet it's a permission thing).

RE: Install SSL certificate to a customer domain - Diego - 04-08-2010 10:09 AM

changed
Quote:<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>

to
Quote:<IfModule suexec_module>
SuexecUserGroup vu2001 vu2001
</IfModule>

and worked like a charm Big Grin
Thanks!!

RE: Install SSL certificate to a customer domain - Snooops - 10-14-2010 06:00 PM

Hi,
is there a implementation now on the gui of ispcp? I really need a gui for it Wink

RE: Install SSL certificate to a customer domain - RouterRat - 08-28-2011 09:52 AM

So my virtual host, should have a unique IP address right?

Because it has a shared IP address right now and if I enable SSL on that ip, it would enable it for the control panel right?

RE: Install SSL certificate to a customer domain - kilburn - 08-30-2011 09:46 AM

You can enable SSL for a single website if you wish (it will *not* enable SSL for the panel, only for the website that you copy to this new ispcp-ssl file).

If you want SSL for both the panel and a website, then you need two different IPs.