I have a stable server running Virtualmin with 9 sites on it. 3 are currently using SSL and have their own IP addresses - all working fine.
I’ve added a new site (naturapetstaging.com) which works ok. I’ve assigned it a new IP address which works fine. Its IP restricted for testing purposes btw.
I’ve then set SSL website enabled? and IP-based virtual FTP enabled? in its features but SSL is not working:
On accessing the site using https/naturapetstaging.com I get
Secure Connection Failed
An error occurred during a connection to naturapetstaging.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The error log shows:
[Tue Jan 17 12:00:05 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jan 17 12:00:05 2012] [warn] RSA server certificate CommonName (CN) `www.naturapetstaging.com' does NOT match server name!?
As the site is for testing I’m happy using a self signed cert. I tried recreating one but I still get the same error.
I’ve gone through all the Virtualmin settings for a working site (e.g. animalhealthstore.com.au) and compared them to the non working naturapetstaging.com and the naturapetstaging.com ones look right.
...
114.111.133.225:* is a NameVirtualHost
default server naturapetstaging.com (/etc/apache2/sites-enabled/naturapetstaging.com.conf:1)
port 80 namevhost naturapetstaging.com (/etc/apache2/sites-enabled/naturapetstaging.com.conf:1)
port 443 namevhost naturapetstaging.com (/etc/apache2/sites-enabled/naturapetstaging.com.conf:48)
...
The naturalpetproducts.com.au was using the 225 IP and naturapetstaging.com was previously a non SSL site but the grep implies to me that the only place that this IP is now used is with naturapetstaging but it must be set somewhere else too…
Virtualmin shouldn’t add an entry like that… it should always add it in the format:
x.y.z.q:port
So deleting that one line is good.
Also, you may want to look in /etc/apache2/sites-enabled, to make sure there’s no VirtualHost line in the .conf files there which matches that incorrect line.