Making SSL work again

J

Jeff_Crowling

Hello to all nice people over here agai

We nave a colocated server which was up and running with 8.1.1 FreeBSD 6.1 81070423.15, but was down for the last couple of months, and now we plugged it in again.

We have all websites up and running on our new IP x.x.x.60 but still have some major problems.

1. when I run /usr/local/etc/rc.d/apache2 reload I get

Code: 
Performing sanity check on apache2 configuration:
[Mon Nov 16 08:49:05 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
[Mon Nov 16 08:49:05 2009] [warn] NameVirtualHost *:0 has no VirtualHosts
Syntax OK
Performing a graceful restart
[Mon Nov 16 08:49:05 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
[Mon Nov 16 08:49:05 2009] [warn] NameVirtualHost *:0 has no VirtualHosts

Can someone guide me to solve this - but this is not so urgent as the next issue

2. we have domain.com which is now working in http://domain.com on ip x.x.x.61 now in the past the domain was working with another ip on our server and SSL worked fine, but now https is not working anymore and we get Unable to connect when trying to access https://domain.com -again it worked in the past and all we changed is IP.

I edited in /usr/local/www/vhosts/domain.com/conf/ the httpd.include file to be

Code: 
# ATTENTION!
# DO NOT MODIFY THIS FILE OR ANY PART OF IT. THIS CAN RESULT IN IMPROPER PLESK
# FUNCTIONING OR FAILURE, CAUSE DAMAGE AND LOSS OF DATA. IF YOU REQUIRE CUSTOM
# MODIFICATIONS TO BE APPLIED TO THE CONFIGURATION, PLEASE, PERFORM THEM IN THE
# FOLLOWING FILE(S):
# /usr/local/www/vhosts/domain.com/conf/vhost.conf
# /usr/local/www/vhosts/domain.com/conf/vhost_ssl.conf
# /usr/local/www/vhosts/domain.com/subdomains/<subdomain-name>/conf/vhost.conf


NameVirtualHost x.x.x.61:443


<IfModule mod_ssl.c>

<VirtualHost x.x.x.61:443>
	ServerName   domain.com:443
	ServerAlias  www.domain.com
	UseCanonicalName Off
		SuexecUserGroup         cac psacln
	ServerAdmin  ouremail@gmail.com
	DocumentRoot /usr/local/www/vhosts/domain.com/httpsdocs
	CustomLog  /usr/local/www/vhosts/domain.com/statistics/logs/access_ssl_log plesklog
	ErrorLog     /usr/local/www/vhosts/domain.com/statistics/logs/error_ssl_log
<IfModule mod_userdir.c>
	UserDir /usr/local/www/vhosts/domain.com/web_users
</IfModule>
	ScriptAlias  /cgi-bin/ /usr/local/www/vhosts/domain.com/cgi-bin/
	Alias  /plesk-stat /usr/local/www/vhosts/domain.com/statistics/
	<Location  /plesk-stat/>
		Options +Indexes
	</Location>
	<Location  /plesk-stat/logs/>
		Require valid-user
	</Location>
	Alias  /webstat /usr/local/www/vhosts/domain.com/statistics/webstat
	Alias  /webstat-ssl /usr/local/www/vhosts/domain.com/statistics/webstat-ssl
	Alias  /ftpstat /usr/local/www/vhosts/domain.com/statistics/ftpstat
	Alias  /anon_ftpstat /usr/local/www/vhosts/domain.com/statistics/anon_ftpstat
	Alias  /awstats-icon /usr/local/psa/awstats/wwwroot/icon
	SSLEngine on
	SSLVerifyClient none
#	SSLCertificateFile /usr/local/psa/var/certificates/cert-D3iROV
	SSLCertificateFile /usr/local/etc/apache2/www.domain.com.crt
#	SSLCertificateFile /usr/local/etc/apache2/httpd.pem
#	SSLCACertificateFile /usr/local/psa/var/certificates/cert-c7nQ2R
#	SSLCACertificateFile /usr/local/etc/apache2/www.domain.com.crt
	SSLCertificateChainFile /usr/local/etc/apache2/gd_bundle.crt
	SSLCertificateKeyFile /usr/local/etc/apache2/server.key
	<Directory /usr/local/www/vhosts/domain.com/httpsdocs>
	<IfModule mod_perl.c>
	<Files ~ (\.pl$)>
		SetHandler perl-script
		PerlHandler ModPerl::Registry
		Options ExecCGI
		allow from all
		PerlSendHeader On
	</Files>
	</IfModule>
	<IfModule sapi_apache2.c>
		php_admin_flag engine on
		php_admin_flag safe_mode off
		php_admin_value open_basedir "/usr/local/www/vhosts/domain.com/httpsdocs:/tmp"
	</IfModule>
	<IfModule mod_php5.c>
		php_admin_flag engine on
		php_admin_flag safe_mode off
		php_admin_value open_basedir "/usr/local/www/vhosts/domain.com/httpsdocs:/tmp"
	</IfModule>
	<IfModule mod_python.c>
	<Files ~ (\.py$)>
		SetHandler python-program
		PythonHandler	mod_python.cgihandler
	</Files>
	</IfModule>
	<IfModule mod_fcgid.c>
		AddHandler fcgid-script .fcgi
		Options +FollowSymLinks +ExecCGI
	</IfModule>
		SSLRequireSSL
		Options -Includes +ExecCGI
	</Directory>
	<Directory /usr/local/www/vhosts/domain.com/web_users>
	<IfModule sapi_apache2.c>
		php_admin_flag engine off
	</IfModule>
	<IfModule mod_php5.c>
		php_admin_flag engine off
	</IfModule>
	</Directory>
</VirtualHost>

</IfModule>

<VirtualHost x.x.x.61:80>
	ServerName   domain.com:80
	ServerAlias  www.domain.com
	UseCanonicalName Off
	SuexecUserGroup         cac psacln
	ServerAdmin  "ouremail@gmail.com"
	DocumentRoot /usr/local/www/vhosts/domain.com/httpdocs
	CustomLog  /usr/local/www/vhosts/domain.com/statistics/logs/access_log plesklog
	ErrorLog   /usr/local/www/vhosts/domain.com/statistics/logs/error_log
<IfModule mod_userdir.c>
	UserDir /usr/local/www/vhosts/domain.com/web_users
</IfModule>
	ScriptAlias  /cgi-bin/ /usr/local/www/vhosts/domain.com/cgi-bin/
	Redirect permanent /plesk-stat https://domain.com/plesk-stat
	Redirect permanent /webstat https://domain.com/webstat
	Redirect permanent /webstat-ssl https://domain.com/webstat-ssl
	Redirect permanent /ftpstat https://domain.com/ftpstat
	Redirect permanent /anon_ftpstat https://domain.com/anon_ftpstat
	Redirect permanent /awstats-icon https://domain.com/awstats-icon
	<IfModule mod_ssl.c>
		SSLEngine off
	</IfModule>
	<Directory /usr/local/www/vhosts/domain.com/httpdocs>
	<IfModule mod_perl.c>
	<Files ~ (\.pl$)>
		SetHandler perl-script
		PerlHandler ModPerl::Registry
		Options ExecCGI
		allow from all
		PerlSendHeader On
	</Files>
	</IfModule>
	<IfModule sapi_apache2.c>
		php_admin_flag engine on
		php_admin_flag safe_mode off
		php_admin_value open_basedir "/usr/local/www/vhosts/domain.com/httpdocs:/tmp"
	</IfModule>
	<IfModule mod_php5.c>
		php_admin_flag engine on
		php_admin_flag safe_mode off
		php_admin_value open_basedir "/usr/local/www/vhosts/domain.com/httpdocs:/tmp"
	</IfModule>
	<IfModule mod_python.c>
	<Files ~ (\.py$)>
		SetHandler python-program
		PythonHandler	mod_python.cgihandler
	</Files>
	</IfModule>
	<IfModule mod_fcgid.c>
		AddHandler fcgid-script .fcgi
		Options +FollowSymLinks +ExecCGI
	</IfModule>
		Options -Includes +ExecCGI
	</Directory>
	<Directory /usr/local/www/vhosts/domain.com/web_users>
	<IfModule sapi_apache2.c>
		php_admin_flag engine off
	</IfModule>
	<IfModule mod_php5.c>
		php_admin_flag engine off
	</IfModule>
	</Directory>
	Include /usr/local/www/vhosts/domain.com/conf/vhost.conf
</VirtualHost>

but still get same problem of Unable to connect when entering https://www.domain.com

Note : used x.x.x.60 , x.x.x.61 , and domain.com just for privacy reasons.

Urgent help is needed from the kind people in this forum,

Kind Regards
 
Make sure 'NameVirtualHost' and <VirtualHost> containers contain the same entry.

E.g.
Code: 
NameVirtualHost *:80
...
<VirtualHost *:80>
...
</VirtualHost>

or
Code: 
NameVirtualHost x.x.x.60:80
...
<VirtualHost x.x.x.60:80>
...
</VirtualHost>

You appear to have done this for the SSL sites; make sure you've done it for vhosts.

Other than that, the sitename should resolve to the IP address, and the SSL certificate must contain the new IP address to work.
 
Hi thanks for the quick reply

In /usr/local/www/vhosts/domain.com/conf/ there is a vhost.conf file that only have :
Code: 
<Directory /usr/local/www/vhosts/domain.com/httpdocs>
         php_admin_value open_basedir none
	 php_admin_flag safe_mode off
</Directory>
but I think it is ok since it worked in the past , is there any other file I should try to check with this ?


Also about you saying
SSL certificate must contain the new IP address to work.
Click to expand...
The SSL is with Godaddy so should I go and do it from Godaddy Panel or it is something I should configure on our server ? and if so do you know where ?

Sorry for beeing noob and thanks a lot for you help
 
I'm sure GoDaddy has some online information about generating and placing SSL certificates wrt Apache servers ;)

If your virtual hosts (assuming you have any) are not in the separate httpd-vhosts.conf, they are likely in the httpd.conf file itself.

Note: the error messages you posted may also mean you have no virtual hosts at all, just one single website. In that case you don't need to configure them, of course.
 
I'm sorry, I switched two different concepts. SSL certificates are issued for hostnames (website names), not IP addresses. As soon as DNS resolves to the new IP address, the SSL certificate should work as before.
 
Wait a minute, I seem to have a deja-vu here. Are the two domains (the http one and the https one) of the same name? If so, they will both resolve to the same IP address, so they should both run on x.x.x.60.

If you want (e.g.) http on x.x.x.60:80 and https on x.x.x.61:443, you will need to use different hostnames for these sites.

There's nothing wrong with running both http and https on the same IP address, of course.
 
You must log in or register to reply here.
Back
Top