Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin 

Post new topic Reply to topic
Author Message
PostPosted: Thu Jul 08, 2010 8:19 pm 
Offline
Senior Newbie

Joined: Mon Aug 31, 2009 7:56 pm
Posts: 6
I'm having trouble with apache after installing SSL cert #2 on my CentOS 5.5 server.

Here are my server specs:
CentOS 5.5
Virtualmin GPL (all modules up to date)
OpenSSL
Apache2.2

Here are my steps so far:
I got a third IP from linode.
Configured it on eth0:1 moved private IP to eth0:2
Purchased 5domain UCC cert from GoDaddy.
Configured it as I've done many times before. Godaddy confirms that it's installed correctly according to their testing tool.
Configured VirtualHost as follows:


Code:
NameVirtualHost XX.XX.XX.56:443
<VirtualHost XX.XX.XX.56:443>
SuexecUserGroup #501 #502
ServerName ifmasa.org
ServerAlias www.ifmasa.org
ServerAlias webmail.ifmasa.org
ServerAlias admin.ifmasa.org
DocumentRoot /home/williamswebsites.com/public_html
ErrorLog /var/log/virtualmin/ifmasa.org_error_log
CustomLog /var/log/virtualmin/ifmasa.org_access_log "combined"
ScriptAlias /cgi-bin/ /home/williamswebsites.com/domains/ifmasa.org/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory "/home/williamswebsites.com/public_html">
Options -Indexes +IncludesNOEXEC +FollowSymLinks
allow from all
AllowOverride All
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.ifmasa.org
RewriteRule ^(.*) https://ifmasa.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.ifmasa.org
RewriteRule ^(.*) https://ifmasa.org:10000/ [R]
SSLEngine on
SSLCertificateFile /home/williamswebsites.com/domains/ifmasa.org/ssl.cert
SSLCertificateKeyFile /home/williamswebsites.com/domains/ifmasa.org/ssl.key
SSLCertificateChainFile /home/williamswebsites.com/domains/ifmasa.org/gd_bundle.crt
SSLCACertificateFile /home/williamswebsites.com/domains/ifmasa.org/ssl.ca
</VirtualHost>


Now if I go to https://www.ifmasa.org I get the following:
Quote:
Secure Connection Failed

An error occurred during a connection to www.ifmasa.org.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)


However if I go to http://www.ifmasa.org:443 apache shows me the index. This leads me to believe that something is wrong with apache not the cert.

Any ideas? or questions for more info?

Thanks!


Top
 Profile  
 
PostPosted: Thu Jul 08, 2010 8:44 pm 
Offline
Senior Member

Joined: Sun Oct 30, 2005 7:52 pm
Posts: 97
Have you taken a look at:

http://library.linode.com/web-servers/a ... l-centos-5


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 08, 2010 8:53 pm 
Offline
Senior Newbie

Joined: Mon Aug 31, 2009 7:56 pm
Posts: 6
Yes. I've installed SSL certs before and I'm about 95% sure that it's not the cert. I think it's something in apache, maybe in the httpd.conf file that I haven't thought of.

Any more ideas?

Anyone ever seen that error message before?

Why would apache be serving that index on the 443 port? Also, what directory is it showing because there are no files there?

Is it possible that there is another conf file with VirtualHosts in it that I'm missing? If so, where should I look?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 08, 2010 9:42 pm 
Offline
Senior Member

Joined: Fri May 02, 2008 8:44 pm
Posts: 1071
https://www.ifmasa.org/ is loading all right for me. Fixed?

By the way, that Firefox error means that your server was trying to serve plain HTTP on port 443.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 08, 2010 10:11 pm 
Offline
Senior Newbie

Joined: Mon Aug 31, 2009 7:56 pm
Posts: 6
Kinda fixed. It's weird. I changed it from <VirtualHost 72.14.191.56:443> to <VirtualHost *:443> and it started working but I have another virtual server above it that uses the IP address instead of * and it works fine. Maybe I don't have my new IP address configured correctly on the server.

Is there anywhere else I need to configure it other than the eth0:1 file?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 08, 2010 10:32 pm 
Offline
Senior Member

Joined: Fri Sep 21, 2007 4:12 pm
Posts: 78
From what I recall, that error message is what happens when you have an HTTP response to an HTTPS request.

So yeah, fixing up your virtualhosts would absolutely have an effect. Nothing to do with your ethernet configuration.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 08, 2010 10:38 pm 
Offline
Senior Newbie

Joined: Mon Aug 31, 2009 7:56 pm
Posts: 6
Both of you are right. The HTTP response was coming from the "default" server despite the VirtualHost xx.xx.xx.xx:443 directive.

Only by using the wildcard could I superceed the defaul server. I still am not satisfied that this is the best answer but for now it works and I need to move on to other things. I'll keep an eye here though if anyone has anymore suggestions as to the root cause. Maybe I should post my entire httpd.conf file for you guys to look through?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 08, 2010 10:40 pm 
Offline
Senior Newbie

Joined: Mon Aug 31, 2009 7:56 pm
Posts: 6
Also, THANKS everyone for helping me think through this. Helpful fellow Linoders is one of the many things that makes Linode so great!


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jul 10, 2010 11:40 pm 
Offline
Senior Member

Joined: Fri Sep 21, 2007 4:12 pm
Posts: 78
Whoops, missed that hybinet already told you why that was happening.

In any case, yes, posting your full httpd.conf would be invaluable.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS
Powered by phpBB® Forum Software © phpBB Group

Home | Manager | Contact Us | Jobs | Terms of Service | Privacy Policy | ™ © 2003-2012 Linode, LLC. All rights reserved.