The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL doesn't work on new server. Is Apache listening on port 443?

Discussion in 'EasyApache' started by tomfra, Sep 29, 2007.

  1. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    I've just moved some accounts from old server to a new one throught the WHM Transfer. On the new server there is Apache 2.2.x installed.

    I installed a self-signed SSL certificate on one domain through WHM. All went OK, no errors at all. But when I access https://DOMAIN.COM or https://DEDICATED_DOMAIN_IP, it doesn't work. I get simply "Page cannot be displayed" or "Connection Error" error message.

    I checked the apache logs, including the error log and domain log and there is even no record about the connection attempts. It seems almost as if Apache was not listening on port 443?

    At the very end of httpd.conf is this:

    Code:
    <IfDefine SSL>
        SSLMutex  file:/usr/local/apache/logs/ssl_mutex
        SSLPassPhraseDialog  builtin
        SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
        SSLSessionCacheTimeout  300
    </IfDefine>
    
    <IfDefine SSL>
    
    <VirtualHost 123.123.123.123:443>
        ServerAdmin webmaster@DOMAIN.COM
        DocumentRoot /home/USERNAME/public_html
        ServerName DOMAIN.COM
        UserDir public_html
        <IfModule mod_suphp.c>
            suPHP_UserGroup USERNAME USERNAME
        </IfModule>
        <IfModule !mod_disable_suexec.c>
            SuexecUserGroup USERNAME USERNAME
        </IfModule>
        CustomLog /usr/local/apache/domlogs/DOMAIN.COM-bytes_log "%{%s}t %I .\n%{%s}t %O ."
        ScriptAlias /cgi-bin/ /home/USERNAME/public_html/cgi-bin/
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/DOMAIN.COM.crt
        SSLCertificateKeyFile /etc/ssl/private/DOMAIN.COM.key
        ErrorLog /usr/local/apache/domlogs/DOMAIN.COM-ssl_data_log
        CustomLog /usr/local/apache/domlogs/DOMAIN.COM-ssl_log combined
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    
    </IfDefine>
    
    Perhaps there could be a problem with this section? It was added directly by WHM.

    Any help is very appreciated!

    Tomas
     
  2. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    This will be resolved in the next set of builds.

    You need to edit the apache init scripts and modify the startssl strings.

    Edit Line 84 of /usr/local/apache/bin/apachectl & line 102
    of /etc/init.d/httpd

    The startssl section should be:

    startssl|sslstart|start-SSL)
    $HTTPD -k start -DSSL
    ERROR=$?
    ;;

    Once finished editing, run '/etc/init.d/httpd stop' then '/etc/init.d/httpd startssl' and SSL will be enabled.

    If you are unsure of making these modification, submit a ticket and I'll be happy to make the changes for you.

    Please note, this only affects Apache 2.x.
     
  3. tomfra

    tomfra Well-Known Member

    Joined:
    Sep 30, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    That worked! Only the "-DSSL" part was missing in fact.

    Thanks!

    Tomas
     
  4. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    Yes, a slight change was made earlier this week which caused this to happen. The developers have resolved it, however the build hasn't been pushed out yet, should be out early next week. Until then, gotta make the change manually.
     
  5. joeyiv

    joeyiv Member

    Joined:
    Sep 11, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    was this introduced with build 11.12.0-CURRENT_17349? When will the fix be out?
     
  6. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    Yes, this was introduced with build 17349. The fix has been pushed to EDGE and should make it's way to CURRENT soon.
     
  7. joeyiv

    joeyiv Member

    Joined:
    Sep 11, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Just to make sure - the problem I'm having is that my ssl seems to be broken. No sites that require https:// will work. This is what should result based on the bug that was introduced, right?

    Should I have any problems upgrading to EDGE to fix this bug? Also, should I then have problems when I downgrade back to CURRENT? Thanks for your help!
     
  8. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    I don't recommend upgrading to EDGE as it isn't recommended for production use.

    However this can easily be fixed by editing the init files as I posted earlier.

    If you are unsure of making this change, submit a ticket at https://tickets.cpanel.net/submit/index.cgi?reqtype=tickets and pm me the ticket number and I'll be happy to make the change for you.
     
  9. joeyiv

    joeyiv Member

    Joined:
    Sep 11, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Yeah - I couldn't seem to find the first directory that you said needed to be changed. I just submitted a support ticket - but the site told me that you couldn't accept pmessages. Where can I find the ticket number? the ip for my server is 208.73.37.43 Thank you very much for your help! I have a theater site that uses an SSL and their tickets are supposed to go on sale today... Thanks again.
     
  10. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    Not sure whats up with the private message system.

    But you should of received a ticket number when you submitted the ticket. If you have this, post it here so I can take a look at the ticket.
     
  11. joeyiv

    joeyiv Member

    Joined:
    Sep 11, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Should I have received it in an email? I haven't received anything not did I see anything - Sorry. It just gave me a message that said that something had been authenticated and that I would receive a higher priority...
     
  12. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    You should have received an email indicating what your ticket ID number is.
     
  13. joeyiv

    joeyiv Member

    Joined:
    Sep 11, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    i never received an email - and there is nothing in my junk folder either. should I submit another ticket maybe? Thanks again.
     
  14. cPanel Scott

    cPanel Scott cPanel Systems Engineering Manager
    Staff Member

    Joined:
    Jul 31, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hi joeyiv,
    I've sent you a PM asking you for additional information.

    Thank you,

    Scott O'Neil
    Systems Administrator, cPanel
     
  15. joeyiv

    joeyiv Member

    Joined:
    Sep 11, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Todd,

    Here is my ticket #: 215305

    Thank you very much!
     
  16. S-Combs

    S-Combs Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the fix Todd, it helped me as well. I did notice however that restarting httpd via WHM afterwards will restart without SSL support again. I had to run the stop/startssl mentioned above again.
     
  17. S-Combs

    S-Combs Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    This now seems to be resolved after updating to 11.15.0-C17483 today




    EDIT: I posted incorrect upgrade version earlier (forgot to reload frame :P)
     
    #17 S-Combs, Oct 3, 2007
    Last edited: Oct 3, 2007
  18. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    Yup. The fix for this has been pushed out in the latest EDGE and CURRENT updates.
     
  19. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Nowadays, I am running:

    WHM 11.11.0 cPanel 11.16.0-R18546
    FEDORA 6 i686 on standard - WHM X v3.1.0

    The init.d script for httpd shows:

    Yesterday, Apache was running, but https sites were down.. if you tried to connect to https it shows message like if port were not being listened, you know...

    After "service httpd restart" several times, it was just the same.... I needed to execute "killall -9 httpd;service httpd startssl", and then https went up.

    Can you please give me a clue what were happening and why restarting httpd through script did not nothing about it??

    Added info few hours after
    --------------------------------------
    Look at this:

    mmmmm... this is getting me crazy. SSL falls and non chkservd nor automatically (via cronjob each 2 hours) httpd restart scripts could fix it..

    Do I need to killall -TERM httpd proccesses each 2 hours to be sure SSL would be running OK??? All visitors each two hours would see their loadings being interrupted.. I do not think it is the best sollution.

    Thanks.
     
    #19 fenixer, Feb 21, 2008
    Last edited: Feb 21, 2008
  20. nvvetal

    nvvetal Registered

    Joined:
    Apr 19, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    And what about Apache 1.34 ? I have exactly the same error!
     
Loading...

Share This Page