Topic: ssl.key issues

[katumba]

a web designer told me that the server needed a new key and crt from CA in order for the site to be secure. I followed the steps from here:
http://mirror.contribs.org/smeserver/contribs//nickcritten/howtos/ssl.htm

with no errors. Now, the site won't come up at all. I can ping it, and ssh into it just fine. Where can i look to start troubleshooting?

thanks.

[byte]

Have a look in the log files i.e.

/var/log/httpd

[katumba]

[Thu Dec 07 12:52:53 2006] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock
Configuration Failed

This is what I got from that file.

[byte]

[Thu Dec 07 12:52:53 2006] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock
Configuration Failed

Seen this before, take a look at this bug...

http://bugs.contribs.org/show_bug.cgi?id=2035

*edit* Please post your findings to the bug report.

[katumba]

[Thu Dec 07 12:52:53 2006] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock
Configuration Failed

Seen this before, take a look at this bug...

http://bugs.contribs.org/show_bug.cgi?id=2035

*edit* Please post your findings to the bug report.

That script fixed it. thanks!!!

[byte]

That script fixed it. thanks!!!

It shouldn't need that script to fix it as it's not fixed it for anyone else, what we really need is people to report to bug tracker and explain what they did so the core devs can decide a proper fix in the sme code.

[katumba]

hmm. well, restarting httpd got the web site back up, but on reboot it's still down. Oh well, i'll just reimage it.

thanks.

[CharlieBrady]

hmm. well, restarting httpd got the web site back up, but on reboot it's still down. Oh well, i'll just reimage it.

That's both unnecessary, and will only get you back to where you started. What did the 'web designer' believe was insecure about the original setup?

[katumba]

Thats my original thinking. here is the first email:

"I need to get an SSL certificate installed on the website.com web server.  If there is some sort of control panel (PLESK?) we can log into to generate a CSR, then we can take care of this, if not we are going to need your assistance setting this up."

my reply:

"The server already generates its own ssl cert.  There is no need to generate one.
You can view it by typing: less /etc/httpd/conf/ssl.csr/server.csr
After logging into it with putty or something similar."

His answer:

"We generally do not like to configure servers that are not our own for liability reasons.  Is it available for you to handle the SSL purchase\install?

If you would like us to handle the purchase, then you can email me the CSR, and I can email you back the certificate to install.

Let me know,"

So, that's what i'm up against...

[william_syd]

I followed the steps from here:
http://mirror.contribs.org/smeserver/contribs//nickcritten/howtos/ssl.htm

Did you end up doing it as per this how to ?

http://mirror.contribs.org/smeserver/contribs//nickcritten/howtos/ssl7.htm

[katumba]

No, I didn't see that how-to. I tried the one in my first post. That one seems better, though.

[katumba]

I followed the steps from here:
http://mirror.contribs.org/smeserver/contribs//nickcritten/howtos/ssl.htm

Did you end up doing it as per this how to ?

http://mirror.contribs.org/smeserver/contribs//nickcritten/howtos/ssl7.htm

Any help with this would be great. I just ran the instruction from that how-to listed above after reimaging the box. It gives out normal http docs ok, however errors out on https stuff...

[william_syd]

I don't use that howto so I'm unable to help.

There are other threads that discuss that howto but I don't remember if there was any mention of a problem with the final howto.

Logs are your friend. They may give an insight into whats going wrong.