I have a problem with getting the correct SSL certificate to be used by the virtual host/domain, I’ve installed a GoDaddy SSL Certificate in the Manage SSL Certificate I put the files on the server in the home directory and selected these using the File on server method in the Update Certificate and Key all appeared to work OK and in the CA Certificate it shows GoDaddy however in the Current Certificate tab it still says Self-signed. When I try and view a file in the website with https it complains saying the certificate isn’t valid and when I view the certificate in the browser it appear to the the self signed for the server IP not the GoDaddy one?
Operating system CentOS Linux 5.10 Webmin version 1.660 Virtualmin version 4.03.gpl GPL
It’s difficult to say what the exact issue might be, but one thing you could try is to re-add the certificate.
First, I’d suggest making a backup of the various “ssl.*” files in your Virtual Server home directory.
Once you do that, try going into Server Configuration -> Manage SSL Certificates -> Apply Signed Certificate, and there, try copying and pasting your SSL certificate into the textbox there.
Tried commenting out in case it helped and rebooted now see to have a critical issue where apache won’t start (so tried uncommenting again makes no difference) getting the message
Failed to start apache :
Starting httpd: [Wed Mar 05 16:04:34 2014] [warn] module version_module is already loaded, skipping
[Wed Mar 05 16:04:34 2014] [warn] VirtualHost 46.38.190.35:80 overlaps with VirtualHost 46.38.190.35:80, the first has precedence, perhaps you need a NameVirtualHost directive
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
OK I’ve managed to get Apache running again however I have the continued issue of the site not seeming to be using the correct SSL certificate is there somewhere that might include a server self-signed certificate that would take precedence over the one for the virtual host i believe the server is using the file held here /etc/pki/tls/certs ?
Also I’ve found in the logs…
[Wed Mar 05 17:29:17 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 05 17:29:17 2014] [warn] RSA server certificate CommonName (CN) `XX.XX.189.235’ does NOT match server name!?
The IP stated in the logs does not match the actual server IP XX.XX.190.35 the IP `XX.XX.189.235’ appears to be coming from the localhost.crt from this path /etc/pki/tls/certs as I’ve decoded the cert using https://www.sslshopper.com/certificate-decoder.html and this confirms the incorrect IP?
OK I’ve tried every which way I can see of doing this now and the only way I’ve been able to get the ‘correct’ certificate to be used is to edit the /etc/httpd/conf.d/ssl.conf directly and hard code the sites certificates into this. Any ideas why it won’t work via Virtualnin?