ssl not working for any virtual server

5 posts / 0 new

Topic locked

#1 Fri, 11/20/2015 - 05:37

iateadonut

ssl not working for any virtual server

I just migrated all my virtualmin virtual servers to a new VPS.

No SSL configuration is working. I have confirmed that apache config's look correct and that the cert and key matches.

I created a new website testssl.com (using my dnsmasq to point to it) and created a self-signed certificate. This is also giving me an error.

mod_ssl is installed on centOS 7. I'm not sure where to go from here.

#2 Fri, 11/20/2015 - 09:00

andreychek

Howdy,

What error do you receive when trying to access an SSL site on your server?

-Eric

#3 Fri, 11/20/2015 - 20:19

iateadonut

From the browser: An error occurred during a connection to www.testssl.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

command line: openssl s_client -connect testssl.com:443 CONNECTED(00000003)

140597097715360:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 295 bytes

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE

Expansion: NONE

#4 Fri, 11/27/2015 - 11:06

iateadonut

The test site is naomilisa.com

Here's how I generated the certificate:

openssl genrsa -out ~/ssl.key 2048

openssl req -new -sha256 -key ~/ssl.key -out ~/ssl.csr

openssl x509 -req -days 1500 -in ssl.csr -signkey ssl.key -out ssl.cert

I did this because the certificate generated by virtualmin was giving me the error:

[Fri Nov 27 16:32:09.520648 2015] [ssl:warn] [pid 5813] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

So, apache starts no problem with no errors for this domain.

Here is the output of nmap:

nmap naomilisa.com|grep 443

443/tcp open https

output of netstat: netstat -tuplen | grep 443 tcp6 0 0 :::443 :::* LISTEN 0 4753154 4961/httpd

Like I said before, the output for openssl check is: openssl s_client -connect naomilisa.com:443 CONNECTED(00000003) 140373833934496:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 295 bytes

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE

This is the apache virtualhost: SuexecUserGroup "#515" "#515"

ServerName www.naomilisa.com

ServerAlias *.naomilisa.com

ServerAlias webmail.naomilisa.com

ServerAlias admin.naomilisa.com

DocumentRoot /home/naomilisa/public_html

ErrorLog /var/log/virtualmin/naomilisa.com_error_log

CustomLog /var/log/virtualmin/naomilisa.com_access_log combined

ScriptAlias /cgi-bin/ /home/naomilisa/cgi-bin/

ScriptAlias /awstats/ /home/naomilisa/cgi-bin/

DirectoryIndex index.html index.htm index.php index.php4 index.php5

Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI

allow from all

AllowOverride All

Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

AddType application/x-httpd-php .php

AddHandler fcgid-script .php

AddHandler fcgid-script .php5

FCGIWrapper /home/naomilisa/fcgi-bin/php5.fcgi .php

FCGIWrapper /home/naomilisa/fcgi-bin/php5.fcgi .php5

Require all granted

allow from all

AllowOverride All

Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

Require all granted

RewriteEngine on

RewriteCond %{HTTP_HOST} =webmail.naomilisa.com

RewriteRule ^(.*) https://naomilisa.com:20000/ [R]

RewriteCond %{HTTP_HOST} =admin.naomilisa.com

RewriteRule ^(.*) https://naomilisa.com:10000/ [R]

RemoveHandler .php

RemoveHandler .php5

php_admin_value engine Off

IPCCommTimeout 31

FcgidMaxRequestLen 1073741824

Alias /dav /home/naomilisa/public_html

Alias /pipermail /var/lib/mailman/archives/public

DAV on

AuthType Basic

AuthName "naomilisa.com"

AuthUserFile /home/naomilisa/etc/dav.digest.passwd

Require valid-user

ForceType text/plain

Satisfy All

RemoveHandler .php

RemoveHandler .php5

RewriteEngine off

AuthName "naomilisa.com statistics"

AuthType Basic

AuthUserFile /home/naomilisa/.awstats-htpasswd

require valid-user

RedirectMatch /cgi-bin/mailman/([^/.])(.cgi)?(.) https://naomilisa.com:10000/virtualmin-mailman/unauthenticated/$1.cgi$3

RedirectMatch /mailman/([^/.])(.cgi)?(.) https://naomilisa.com:10000/virtualmin-mailman/unauthenticated/$1.cgi$3

SSLEngine on

SSLCertificateFile /home/naomilisa/ssl.cert

SSLCertificateKeyFile /home/naomilisa/ssl.key

#5 Fri, 11/27/2015 - 13:51

iateadonut

Borg and andreychek were patient enough with me in the #virtualmin chat room. I really have no idea why this was causing the issue, if anyone cares to enlighten me.

Anyway, I did this command so I could see ALL my access logs and then went to the site: [root@ns2 virtualmin]# pwd

/var/log/virtualmin

[root@ns2 virtualmin]# find ./ -iname '*access_log' | xargs tail -f {} \;

and i got responses like this:

==> ./signup.edenwired.com_access_log <==

my.ip.add.ress - - [27/Nov/2015:19:24:01 +0000] "\x16\x03\x01\x01<\x01" 400 226 "-" "-"

This is not the site I was going for, but it was misdirecting me for whatever reason.

So, I went to the virtual server it was misdirecting me to, turned on ssl for it and configured it, and after I did that the original site started working.

Topic locked