SSL certificate error after Nodeworx upgrade to 5.0.13-574

General Interworx Control Panel Info General Inquries
, ,
1

Hi,

I’ve the following problem, after the Nodeworx was automatically upgraded to version 5.0.13-574.

My SSL certificates are not working. (2 domains)
The self signed Nodeworx certificate is good.

In browser: https://secure.mydomain.com -> This webpage is not available.

Log: [Fri Feb 21 10:06:37 2014] [warn] RSA server certificate CommonName (CN) `secure.mydomain.com’ does NOT match server name!?

What should I do? My Client is angry, because he use https for the Owncloud installation, and now it’s not working too :frowning:

Please help me, where should I find the solution…

Thank you!

Zsozso

2

Hi wakelite

I think your issue maybe SNI, it caught me out as well.

Please see this post which should explain SNI.

I hope that helps a little

Many thanks

John

http://forums.interworx.com/showpost.php?p=25038

3

Hi John,

Thank you for quick reply!

I’ve 2 ip-s assigned to my server. The second ip is dedicated, has 4 domain names on it, but only 1 domain use SSL.cert. : secure.mydomain.com
In the settings the SNI is enabled. I tried now to disable it, restart web server, nothing has changed :S

Before the update was working everything well with SSL-s… I don’t know, what another thing was happened with my server, to do this…

So I think, this is not SNI related thing… What do you think?

Regards,

Zsozso

4

Hi zsozso

I’m sorry it was not SNI, but to be honest, the update should not have affected your SSL I don’t think. Have you checked your siteworx accounts to see if anyone has installed a SSL without you knowing, as that is what happened to me.

Did the update install correctly, if you check your logs it should be listed, if not, I’ll need to look up the commands to clean update interworx.

It is hard to fully know without first running some external tests on the domain, ie SSL check from qualssl, and to see what is shown in a browser when trying to access it. If you want to pm me the domain I’ll check for you externally or you can.

I’m thinking though, you may want to try to reinstall the SSL to see if that corrects the issue or you maybe best advised to open a support ticket with interworx.

I’m sorry I cannot be more helpful, but I hope it helps a little

Many thanks

John

5

Hi zsozso

I’m sorry, I’ve been thinking about this and please can I ask the following

When you say 2 ip, 1 dedicated with 4 domains on it, do you mean you use both ip for shared reseller accounts

I ask this because I thought on a true dedicated ip, you could only have 1 domain, but could have pointers etc…

Please can you check to make sure if there is only 1 SSL setup on ip

If more then 1, turning off SNI would not change anything I don’t think, sorry and you would need to remove all SSL apart from the SSL you want to use

Lastly, sorry, the SSL in question which is failing, was this used as the server SSL at all.

I think your SSL is working, just giving the wrong SSL

I hope that helps a little and I’ll check in hour, I’ve just something to do now sorry

Many thanks

John

6

Hi,

My server ip settings are:

xxx.xxx.xxx.210 “Master” ip, Shared, eth0, has a lot of Siteworx account on it, has self signed SSL.
xxx.xxx.xxx.212 Dedicated, eth0:0, has 1 siteworx account, 1 master domain (has SSL on secure.masterdomain.com) and 3 secondary domain (no SSL)

In the Interworx logs/upgrade.log there is nothing…

I’ll send a PM with the real domain…

Thank you

7
  • d2d4j has exceeded their stored private messages quota and cannot accept further messages until they clear some space. :)
8

Hi zsozso

I’m so sorry, I have just flushed my mailbox and sent you a pm.

Sorry

Many thanks

John

9

Hi zsozso

Many thanks, and I’ve just done some quick tests which seem to show your https is not enabled.

Please can you ssh into your server and run this command

Service httpd restart

Once you’ve done this I can retest.

I hope that’s alright and the command restarts apache

Many thanks

John

10

Hi Zsozso

I’m sorry, I have to go for now, but please see pic showing SSL not enabled, which is the reason for your issue (most likely).

I have seen this before, and stop/start service usually clears it, so you may want to ssh and do the following commands just in case

service httpd stop - all apache should stop

service httpd start - please note if there any errors as it starts

test your website in a browser

Also, the log extract you posted is not an error, it is a warn, which will not cause https to not start, and is a common warn message I believe

If the above does not resolve your issue, and you have checked your https ports in firewall and on webserver, you would be best advised ot open a support a ticket with interworx (interworx.com/support I think it is)

I hope that helps a little, and the https is not enabled on both your domains/ip’s

Many thanks

John

testdomain.jpg
testdomain.jpg962×383 78.2 KB

11

Hi, after the upgrade the system has restarted… maybe then the ssl not started…?

Now I’ve done the restart in ssh, and everything is fine with it! Thank you! :slight_smile:
I’ve restarted the web server through Nodeworx panel 3 times today, but nothing has changed… next time, I do this with ssh of course :smiley:

Thank you again,

Regards
Zsozso

12

Hi zsozso

I’m so pleased it’s now resolved and you should only use ssh to stop/start if there’s an issue. In general, it works lovely, it’s just occassionally you may need to do it, particularly if it involves SSL , but as I said, mostly it works lovely.

Many thanks

John

13

i need some help about ssl. my nodeworx on version v5.0.14 VPS no more ssl after update… i getting this error

[Mon Apr 28 01:09:32 2014] [notice] caught SIGTERM, shutting down
[Mon Apr 28 01:09:43 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Mon Apr 28 01:09:44 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Apr 28 01:09:44 2014] [warn] RSA server certificate wildcard CommonName (CN) *.vds.asia' does NOT match server name!? [Mon Apr 28 01:09:45 2014] [warn] RSA server certificate wildcard CommonName (CN) *.vds.asia’ does NOT match server name!?
[Mon Apr 28 01:09:45 2014] [notice] Apache/2.2.26 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_watch/4.3 configured – resuming normal operations

my ssl info
[TABLE=“width: 100%”]
[TR]
[TD]Purchase Date [/TD]
[TD] : [/TD]
[TD] 1/15/2014 [/TD]
[/TR]
[TR]
[TD] Type [/TD]
[TD] : [/TD]
[TD] positivessl wildcard [/TD]
[/TR]
[TR]
[TD] Common Name [/TD]
[TD] : [/TD]
[TD] *.vds.asia [/TD]
[/TR]
[TR]
[TD] WebServer Type [/TD]
[TD] : [/TD]
[TD] apacheopenssl [/TD]
[/TR]
[TR]
[TD] SSL Status [/TD]
[TD] : [/TD]
[TD] ACTIVE[/TD]
[/TR]
[/TABLE]

14

Hi vds

I hope you don’t mind but I’m not seeing what your issue is sorry.

Do you mean SSL does but match server name. This is common and to correct you need to rename server name to match SSL domain, but your on vps so I don’t think you can but in any event it has no issue with your SSL cert.

If you could post your actual issue it would help.

Hope you don’t mind my thoughts

Many thanks

John

15

my server name is server.vds.asia since i install that ssl no problem

16

Hi vds

I’m sorry, do you mean you no longer have an issue, or is it it server name does not match SSL

I’m sorry if i am not understanding sorry.

Many thanks

John

17

d2d4j i has fix it… i restart use ssh :D. now siteworx has ssl… sorry trouble you.

18

Hi vds

I hope you don’t mind and I know it is off topic slightly, but I have just run a quick test and your SSL looks fine, but your keys and ciphers are low, you may want to change them to stronger ones, and stop weaker protocols.

I hope that helps a little

Many thanks

John