The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Issues

Discussion in 'General Discussion' started by awells, Jun 6, 2006.

  1. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I want to create a self-signed certificate for a retail site I'm working on. I plan on using a real one later, but I want to use a self-signed one for now because I will be moving it to another domain before the site goes live. When I installed the certificate through WHM, is supposedly installed correctly, but when I accessed the site through https://, it would time out. What's worse is when I try to uninstall the certificates through cPanel, it says, "The Certificate for retail.agstesting.com cannot be fully deleted, because it is installed in the system ssl directory!". I haven't found a way to delete them through WHM either. Where should I go from here?
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You mean you can't afford $19.99 for a 1-year SSL certificate from GoDaddy?

    Sounds like you've probably spent that much in lost time already (easy to do with SSL!), you might be best to just go buy one! Also - your test configuration is then going to be closer to your production configuration. And for all useful purposes, a $19.99 certificate works exactly the same as a $140 certificate.
     
  3. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I am aware that the yearly certificates aren't that much, however, if I can't set up a self-signed certificate, I'm thinking I will have the same problem with a paid one.

    Notice how https://www.retail.agstesting.com/ times out. I setup a certificate as retail.agstesting.com and www.retail.agstesting.com. None of them work. Is there a way to delete the certificates and keys from the server when I get the error mentioned in the OP? I do have root access.
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Have you assigned the site a dedicated IP? If not, that's your problem. When an SSL request comes in Apache works out what site it's for by the IP it came in on. This is, I suspect, largely because the request itself is encrypted so it can't determine from that where it should go.

    Other than that, I'd just go through carefully and check things like the IP address you used when setting the cert up, and then try reinstalling it. You can delete SSL certs from one of the menu entries in WHM under SSL.

    Also, make sure you do install everything in the SSL fields as mentioned in the documentation you get when you buy the certificate (which *is* one reason you should consider getting a real cert rather than a self-signed cert!). You're not Scottish are you?? :P
     
  5. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I do have a dedicated IP on this website. I will try that again. Thanks for the help.
     
  6. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Ok, I went through the process of spending the $19.99 for the certificate, and I ran into the same problem as I did with the self-signed certificate.

    For information purposes only the site I'm having trouble with is https://www.andysgeneralstore.com/. I'm guessing that somethings wrong with my server SSL configuration. I do have root access.

    Please have a look at it and offer some advice.
     
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    OK ... it seems like Apache isn't even listening for SSL (https - port 443) on that IP. It might be as simple as missing one of the directives for the site. I'd go through /etc/httpd/conf/httpd.conf and compare the directives for that site and a site that isn't working. Also, try deleting the SSL part and reinstalling it. You could also try changing the site IP. If the site IP you gave when you installed the certificate doesn't match the IP for andysgeneralstore.com that would give these symptoms.
     
  8. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I've tried deleting the account and starting from scratch, and nothing. I don't think it's listening on the SSL port for any IP. Is there a service or something that has to be running for it to work? I've tried different domains and different IPs.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Do you have SSL working on the same server for any other domain? Compare the configs.

    I think you may be missing a NameVirtualHost directive at a guess - search for port 443. The SSL versions of the sites have their own config block in httpd.conf.
     
  10. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I could not get SSL working on any site. I'm thinking it's a server-wide problem. I did check the config file, and there were entries for the SSL virtual hosts.
     
  11. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I'm just guessing at this stage, but do you have a section in your httpd.conf looking like:

    <IfDefine SSL>
    Listen 80
    Listen 443
    </IfDefine>

    Also, have you tried restarting Apache? (service httpd restart) and rebooting? I'm sure you have, but if not, it would be a good place to start. Also check your apache config in WHM to ensure you have ssl switched on, that could be a problem!
     
  12. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I've tried restarting httpd, and I just rebooted my server. No luck. Here is what the httpd.conf entry looks like.

    [​IMG]

    What's the setting you talk about in WHM? I wasn't able to find any setting to turn SSL on or off.
     
  13. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Under "Software" -> "Apache Update" there's an entry:

    SSL Module (Version 2.8.27)

    Obviously that should have a tick beside it. A long shot, but at this stage it's all worth checking. Did you check the other things I mentioned in the last post, ie the Listen 443?
     
  14. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Also, is there anything funny in the apache logs when apache starts up? Check carefully because this will probably provide you with an instant answer. Also go to the logs first when something doesn't work.
     
  15. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Nothing looks like a problem in the logs except for this statement:

    It literally appears in the log file every few seconds. It's in there hundreds of thousands of times since Mar 11, 2006. Is that anything significant?
     
  16. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I can't remember what causes that, but it's benign, I've had it before and it didn't stop SSL working. Did you check out all the other things we've discussed?
     
  17. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    and in case u r running APF make sure you have port 443 open ! ;)

    pico /etc/apf/conf.apf
    scroll down and add 443 to
    Common ingress (inbound) TCP ports
    and
    Common egress (outbound) TCP ports

    and after the edit dont forget to restart APF with
    apf -r
     
    #17 gorilla, Jun 13, 2006
    Last edited: Jun 13, 2006
  18. awells

    awells Member

    Joined:
    Mar 18, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Well it turns out I am running APF, and no, it didn't have port 443 on the list. Adding it did the trick! Thank you both so much for the help!
     
Loading...

Share This Page