I created certificate and it appears to be working but I am always getting a cert error about a mismatched address. I have checked my settings and the certificate and host names match. It doesn't make sense. I have looked online at different forums and support sites but nothing has worked. The only thing I can think to do is to get a new cert. This cert is for an internal site only...
View 11 RepliesHow to install a certificate for a brand ?
Let's say I have a brand B associate to a reseller R and a domain name domain.com.
When B sell a new subscription (with the associated webspace) it is available under sub.domain.com.
I would like to have a specific SSL certificate installed by default for every newly created webspaces by B under xxx.domain.co
We are getting 403 for bidden error when accessing from web clients.
Here are my config files:
httpd.conf & httpd-ssl.conf files:
1) [URL] ....
2) [URL] ....
Any changes we have to make in our configuration files.
This is twice I have found email addresses on the web that I have never created. Both domain names are the new extensions and I purchased them the first day they become public. .biz the other is .US
One of the domains I never even created a web page until yesterday. And today I find a German site using my domain as an email address. One note on this, this domain name is extremely unique and related to certain German ideas or thoughts.
I am thinking someone at the server created them and used them for their personal use. Is this possible?
Not only that, but I have sent email to these addresses and there was no bounce back. No bounce back meaning these are valid email addresses?
All our email account on our server work fine ! (Cpanel/whm)
As soon as we create a new account on any domain name, and we try to send a test mail from any email address (hotmail, yahoo, our internet provider etc.. ) we get a bounce back email with the following:
Recipient address: yasmine@ramystyle.com
Reason: Remote SMTP server has rejected address
Diagnostic code: smtp;550 5.1.1 User unknown: yasmine@ramystyle.com
Remote system: dns;ramystyle.com (TCP|10.23.32.29|46273|72.55.156.210|25) (swh1.sellwebhost.com ESMTP Exim 4.66 #1 Thu, 05 Jul 2007 11:27:01 -0400 )
We are getting the below message in Apache's error.log when accessing from mobile application & updated apache from 2.4.9 to 2.4.10 also.Trailing dot is created after the URL.
I can able to hit [URL] ..... and I can't able to hit [URL] ....
Since a week ago or so, in one of our Plesk 12.0.18 / Centos 6.6 servers, when we create subdomains the process seems to stop half-way without being finished.
To reproduce the error:
Select a subscription (e.g. example.com) and go to "Domains and subdomains"
Select "add new subdomain" and enter a value (e.g. new.example.com). The directory will live in parallel to httpdocs
Click Accept
Expected result:
The subdomain should be created: Filesystem diirectory with default contents, DNS entry, Apache VirtualHost, etc.
Actual result:
After several minutes Plesk responds with Internal Errror (in a red area in the panel).
Things done right:
The file space in parallels with httpdocs is created fine with the default site.
DNS entries are created under /var/named/chroot infrastructure.
The subdomain menu appears fine in the Plesk panel.
Things wrong/missing:
The filesystem directory is not mapped by Apache. Even after changing its contents the default server templeate appears in the browser, (all precautions taken, apache restart, browser in private session and different browsers).
Log info:
- /var/log/sw-cp-server/error_log says:
2015/05/27 18:17:45 [error] 28890#0: *1828 readv() failed (104: Connection reset by peer) while reading upstream, client: nnn.nnn.nnn.nnn, server: , request: "POST /smb/web/add-subdomain HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "<hostname>:8443", referrer: "https://<host>:8443/smb/web/add-subdomain"
- /var/log/httpd/access_log records the access with 200 OK codes although I don't find them in neither subscription logs under /var/www/vhost/system/*/logs/access_log
nnn.nnn.nnn.nnn - - [27/May/2015:18:38:35 +0200] "GET <deleted_content_in_the_subdomain_directory> HTTP/1.1" 200 14036 "http://<new_subdomain>" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
I don't find the Apache VirtualHost .conf files for subdomains, where can I look for them up...
My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:
- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.
I have configured a virtual host in httpd.conf for each ip, i.e.
Code:
<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>
and
Code:
<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>
This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.
Is it possible to send requests using the ip address from the relevant VirtualHost?
Windows server 2008
Apache 2.2
After upgrade to Parallels plesk v 12.0.18 update #5 we were getting a blank screen. We have managed to get logged into the server but have errors - plus all the websites are down with a 404 error Apache Server at gardenbuildings.domainame.co.uk Port 443.
On the Plesk management it is showing: New configuration files for the Apache web server were not created due to the errors in configuration templates:
mkdir: cannot create directory `/var/www/vhosts/system/domainname.com/conf': No such file or directory mktemp: failed to create file via template `/var/www/vhosts/system/domainname.com/conf/httpd.conf.XXXXXX': No such file or directory Can not create temporary file .
Detailed error descriptions were sent to you by email. Please resolve the issues and click here to generate broken configuration files once again or here to generate all configuration files.
Also when trying to resolve the issues and generating all configuration files I am getting this error:
Unable to configure the web server: Execution failed. Command: httpdmng Arguments: Array ( [0] => --reconfigure-all )
Details: Execution failed. Command: httpdmng Arguments: Array ( [0] => --reconfigure-domains [1] => addisonousebank.co.uk,blog.addisonousebank.co.uk,garages.addisonousebank.co.uk,
[Code] ....
I created a FTP account with vsftp and files uploaded are not readable via www-data
View 1 Replies View RelatedI tried to add ac new subscription and this failed.No I have an inconsistent subscription and get the following error: New configuration files for the Apache web server were not created due to the errors in configuration templates:
Template processing failed: file = /opt/psa/admin/ conf/ templates/ default/domainVhost.php,
error = Template_Exception: No data. file: /opt/psa/admin/plib/Template/Processor.php line: 28 code: 0
Previous error: Template_Variable_Exception: No data. file: /opt/psa/admin/plib/Template/Variable/AbstractCachedData.php line: 67 code: 0.
Detailed error descriptions were sent to you by email.click here to generate broken configuration files once again or here to generate all configuration files.
I have Plesk 12.0.18 on Ubuntu
I bought a RapidSSL certificate from Namecheap.com (the cheapest one), but after I installed it and everything, and went by their instructions, I get this message in Internet Explorer:
Quote:
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.
If you view any page on my site (https://www.hastyhost.com ) it gives you that. I'm a bit new to SSL certificates, so if you know the problem, try to example in simple terms
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We have a few users that use SSL email and we decided to purchase a cheap single-root SSL cert over at namecheap for the host name so that it would end the "self-signed cert" whining.
We got the cert installed and it works great for WHM/cPanel and also works for SSL over IMAP and POP3, but the very first email anyone sends (SMTP) per day gives this warning (Outlook Express):
The server you are connected to is using a security certificate that could not be verified.
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
It seems obvious that the cert used by the SMTP system is not the new one we installed.
We used WHM's SSL/TLS -> Change Server Certificates link to install the cert.
We then made sure that:
/usr/share/ssl/certs/host.domain.com.crt
/usr/share/ssl/private/host.domain.com.key
/etc/exim.crt
/etc/exim.key
...all contained the current cert or key as appropriate.
Just for grins, we even made sure:
/usr/local/cpanel/etc/cpanel.pem
...had the correct pair.
We restarted all the mail services and even restarted the whole server. (I know...Windows reaction...bad tech.)
Does anyone know of a stealth location where the SSL cert for SMTP should be updated?
WHM 10.8.0 cPanel 10.9.0-R139
CentOS 3.8 i686 - WHM X v3.1.0
How to be able to fix my problem that is related to the https using apache2 (enabling https in apache2) at opensuse:
By the way, my opensuse version is:
openSUSE 12.1 (x86_64)
VERSION = 12.1
CODENAME = Asparagus
1) At the /etc/apache2/vhosts.d/vhost-ssl.conf, and if I do not have a name (as the server will be accessed using its IP address), can I place in the ServerName 192.168.0.5? Do I have to place it 192.168.0.5:443 or it is enough to be 192.168.0.5?
2) Is there a relation between the SSLCipherSuite values and the used method to generate the certificate?
3) I am afraid from the way that I am using to generate the certificate and the ssl module that is coming with apache2 at my machine which has opensuse. How can I select the right way?
Actually I used following commands to generate the .crt, .key and the .csr:
openssl genrsa -des3
openssl req -new -x509
openssl x509 -req
And that was from this link: [URL] .... But did not work with me !
Meanwhile I am placing:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
4) Do I have to configure the virualhost? Do I have to create files under the directory /etc/apache2/vhosts.d? Because I will have one application to be browsed .. nothing more.
Is it possible to verify client certificate based on username?If possible, How can we implement it in our httpd-ssl.conf file.
View 1 Replies View RelatedI'm facing problem with latest Apache 2.4.9. Previously we used Apache 2.4.7 ​version which supports DER SSL certificates. But Latest Apache(2.4.9) is not working with DER SSL certificates. I have to convert DER certificate to PEM format to start the Apache server. Am i missing anything ? Is DER certificate not supported in Apache 2.4.9 ?
View 6 Replies View RelatedI have an Apache reverse proxy set up. I have an IIS server on the backend with a site which must be HTTPS and must require client certificates (x509). It seems like the proxy is working great, but the client certificate is not getting passed along the HTTPS request from proxy to IIS. We keep getting 403.7 (Client certificate required) errors. How I can bridge the client certificate from Apache reverse proxy to IIS?
Our Apache proxy is not set up to require client certs, the IIS website is. What I would expect is that when we make a web request that goes through the proxy to the IIS server, that we would get challenged for a client cert for the IIS website (its set to require client certs like it always has) and that client cert information would be passed along the HTTPS request. We have to be able to programatically access the x509 cert through code on the IIS website, thats why we need to have the cert passed along.
I use Windows 7, running Apache VC10 in the XAMPP environment. It worked well, I am a newbie, it runned smoothly to programe a brief static page. Now I have everytime this logerror... I didn't change anything in the files and scripts of my apache folder...
[Wed Jan 22 21:12:15.178559 2014] [ssl:warn] [pid 3392:tid 264] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Jan 22 21:12:15.272159 2014] [core:warn] [pid 3392:tid 264] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Code].....
I understand that Apache documentation says that the SSLCACertificateFile directive is only valid in "server config" and "virtual host,"
[URL] .....
I would like to use a different CA bundle per-directory or location. Reason being is one directory is more strict than the other.
My system consist of Ubuntu 14.04 server running LAMP. I am running Apache 2. On the same machine I am running Shiny server and running my apps through port 4949.
[URL] ....
I also am running an additional Shiny server copy on a virtual box through port 3838. All is running very good. I have an html web page running on Apache 2. I can view it and all my apps running on both Shiny servers from any place on the web.
My concern, however is security. I have port 3838, 4949, and 80 open. How can I set up Apache to run as a reverse proxy for my both of my Shiny servers (ports 4949, and 3838) and also continue to host my web page securely.
I have also attempted to set up a self-signed certificate using the following procedure but it is not working. I used the following instructions and followed them verbatim.
[URL] ....
How to set up a reverse proxy for my Shiny servers?
i want to configure Apache so that it receives a client certificate, an passes it to another server.I'm using:
- apache 2.0.65 on windows
- the backend server is an apache-based solution (IBM HTTP Server)
I tried this config:
<VirtualHost *:443>ServerName apacheserver.domain.comSSLEngine onSSLProxyEngine onSSLCertificateFile "e:/Apache/Apache2/conf/server.cer"SSLCertificateKeyFile "e:/Apache/Apache2/conf/server.key"SSLCACertificateFile "e:/Apache/Apache2/conf/certca.cer"SSLVerifyClient requireSSLVerifyDepth 2ProxyPreserveHost onProxyRequests off<Proxy *>AddDefaultCharset
[code]....
I am using apache as a reverse proxy, I have several site with http and everything is working fine. For the first time I have tried to configure with https port 443 with certificate, the problem is that it doesn't return to the browser the certificate that I have indicate in the "virtual host" but rather the default certificate of the site.
Here is my virtual host :
<VirtualHost *:443>
ServerName hygie.sante-idf.fr
SSLEngine on
SSLProtocol all
SSLCertificateFile "/root/apacherp/cert/hygiesslcertificate.cert"
SSLCACertificateFile "/root/apacherp/cert/hygieCAcertificate.cert"
SSLCertificateKeyFile "/root/apacherp/cert/hygieprivate.cert"
ProxyPass / http://XXXXXX/
ProxyPassReverse / http://XXXXXX/
</VirtualHost>
Everything is fine when I start stop, I m sure the entry is used I have added : NameVirtualHost *:443
But the Certificate information arent the one that I have enterred , but the default values I think....
httpd -v
Server version: Apache/2.2.3
Server built: Mar 4 2010 09:57:54
I have just taken hosting from godaddy. i have taken dedicated website hosting. But my ftp are working in my office filezilla and not at home. Its giving 530 error, unknown ip address.
I am using file zilla in office and at home.
I have been able to find lots of information on 550 errors, but not so much on unrouteable addresses.
When I try to send email to clrockwell [;at'] truckingshow ['dot'] com it responds back with:
Code:
clrockwell [;at'] truckingshow ['dot'] com : host truckingshow.com[209.40.205.67] said: 550 Unrouteable address (in reply to RCPT TO command)
The email addresses were added through cpanel, ls -l shows them all there. We have moved servers and, as best I could, I compared everything and it seems to be the same but obviously I'm missing something.
Edit: Also, when I visit truckingshow.com/webmail I am prompted for username and password. I enter it in (email address above and password) and then it takes me to the normal cpanel webmail page giving me the option to choose horde, squirrel or roundcube. I select one, then the software itself (not the .htaccess) asks for my login again, then denies it. I have reset these passwords to the same exact thing over and over, so I know for sure the username and password are correct.
Edit 2: from network tools
Code:
Contacting truckingshow.com [209.40.205.67]...]
[Connected]
220-truckingshow.com ESMTP Exim 4.69 #1 Fri, 11 Jul 2008 10:39:10 -0700
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO Network-Tools.com
250-truckingshow.com Hello Network-Tools.com [67.222.132.194]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
VRFY clrockwell
252 Administrative prohibition
RSET
250 Reset OK
EXPN clrockwell
550 Administrative prohibition
RSET
250 Reset OK
MAIL FROM:<admin@Network-Tools.com>
250 OK
RCPT TO:<clrockwell@truckingshow.com>
550 Unrouteable address
[Address has been rejected]
RSET
250 Reset OK
QUIT
221 truckingshow.com closing connection
[Connection closed]
The following error was encountered:
Unable to determine IP address from host name for mydomain.com
The dnsserver returned:
Server Failure: The name server was unable to process this query.
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.
Your cache administrator is admin.
what can I say to my provider
I'm trying to migrate a server that has the version 10 to another server with version 11.
When I run the migration manager, I get the message "IP Address not found '.
Both teams have the same type of IP, exclusive.
i am having a problem getting a dedicated server running for Unreal Tournament GOTY. everytime i create a dedicated server i get this error in the console:
Log: AInternetLink Resolve failed: Can't find host master.mplayer.com (WSANO_DATA)
ScriptLog: UdpServerUplink: Failed to resolve master server address, aborting.
im running through a router.
when I create new email address get this error:
Error: Source: Microsoft OLE DB Provider for SQL Server
Description: 'encrypt' is not a recognized built-in function name.