SSL Install Issue

BlueVirtual.Com

Verified User
Joined
Jan 25, 2005
Messages
15
I am trying to help a customer out with installing an SSL cert. First, he says he generated the CSR with the DA interface, but I have yet to find any trace of the csr anywhere on the system. Does DA remove the CSR at some point?

Secondly, after installing the cert and key, it doesn't seem to create a key file for the domain or a cert file? Are these stored somewhere else?

Lastly, the httpd.conf in the users directory doesn't contain the SSL lines

SSLCertificateFile /path/to/file.crt
SSLCertificateKeyFile /path/to/file.key

Why? Obviously it's not going to work unless these are in there, but I assume if I manually add them, it will just be overwriten on the next change?
 
DA handles cert installs properly.

If the cert hasn't already been purchased I'd say redo the request, from the DA control panel.

If it has been, then the key file should show up in the control panel's SSL page. If it doesn't, then it's lost and you'll need to regenerate the cert.

Some CAs (including us) will revoke the cert and reissue a replacement at no charge if a mistake is brought to the CA's attention within the week.

Jeff
 
Thanks for trying to help, but that didn't answer a single one of my questions. I need to know where it stores this stuff and why it isn't inserting the correct SSL lines in the httpd.conf.
 
DA stores domain certs, keys, etc., as follows:

/usr/local/directadmin/data/users/uzername/domains/

It will store these files related to the cert:

host.domain.ext.cacert
host.domain.ext.cert
host.domain.ext.key

DA does NOT store the CSR.

Presuming the site is set up on it's own IP# and for secure SSL, DA will write the proper path lines in the virtual host directive at

/usr/local/directadmin/data/users/username/httpd.conf

and to the host.domain.ext.conf file at:

/usr/local/directadmin/data/users/ezsecure/domains/host.domain.ext.conf

It's because DA does NOT store the CSR, and because it's easy enough to overwrite the saved key with another one by inadvertently creating a new CSR, that I suggest starting over.

Jeff
 
Thanks for the help. That was informative. However, this site does have it's own IP and is allowed SSL. The httpd.conf has no SSL directives in it though. I have tried disbabling and re-enable SSL but that didn't add anything to the conf file. Any help?
 
I suppose you could add the lines manually, but I don't know why they're not there.

Do you have virtual host directive block for :443, the SSL port?

Do you have the files in the right place?

Did you do the install manually or through DA in the first place?

Jeff
 
Okay, more info. When I start the httpd service, I get this.

[warn] NameVirtualHost 64.207.216.66:443 has no VirtualHosts

That is the IP assigned to the site I am trying to setup SSL for.

What the heck does that mean?
 
It means apache does not have any virtualhosts setup for that IP address :p
In otherwords, the domain your trying to setup with ssl is not really using that IP address and is most likely on a different one.
You can find out very quickly by opening that domains httpd.conf from /usr/local/directadmin/data/users/username/httpd.conf
If the virtualhost is not binding to the IP you just gave, that could be a part of your problem ;)
 
That's for port 80, whats port 443 binding to for that virtualhost?

For example, it should look like this
Code:
<VirtualHost 64.207.216.66:443>
 
It doesn't have anything like that.


# Auto generated apache config file by DirectAdmin version 1.23.0
# Modifying this file is not recommended as any changes you make will be
# overwritten when the user makes any changes to his/her website

# Frontpage requires these parameters in every httpd.conf file or else
# it won't work.
Port 80
ServerRoot /etc/httpd


<VirtualHost 64.207.216.66:80>


ServerName www.bnbaccom.com
ServerAlias www.bnbaccom.com bnbaccom.com
ServerAdmin [email protected]
DocumentRoot /home/bnbaccom/domains/bnbaccom.com/public_html
ScriptAlias /cgi-bin/ /home/bnbaccom/domains/bnbaccom.com/public_html/cgi-bin/

UseCanonicalName OFF

User bnbaccom
Group bnbaccom
CustomLog /var/log/httpd/domains/bnbaccom.com.bytes bytes
CustomLog /var/log/httpd/domains/bnbaccom.com.log combined
ErrorLog /var/log/httpd/domains/bnbaccom.com.error.log

<Directory /home/bnbaccom/domains/bnbaccom.com/public_html>
Options +Includes -Indexes
php_admin_flag engine ON
php_admin_flag safe_mode OFF
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
</Directory>



#php_admin_value open_basedir /home/bnbaccom/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/

</VirtualHost>
 
Perhaps the account does not have ssl enabled ;)
I have attached a file with a domain configuration that is currently working properly with ssl on my server.
There are basically two virtualhost entries, one for standard http and one for secure https. (80 & 443)
 

Attachments

  • sample.txt
    2.2 KB · Views: 291
God hates me :)

I just found another place to turn SSL on. Under domain management. That fired it right up. Thanks for everyones help and I apologize for wasting your time.
 
BlueVirtual.Com said:
God hates me :)

I just found another place to turn SSL on. Under domain management. That fired it right up. Thanks for everyones help and I apologize for wasting your time.
I just had the exact same problem, so thanks for posting this. Without it, I'd have been lost for a while.
 
Back
Top