Author Topic: how to add ssl to virtual subdomain  (Read 4590 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
how to add ssl to virtual subdomain
« on: July 12, 2020, 08:47:22 PM »
i go to
 WebServers Configuration Editor
    Apache
            /usr/local/apache/conf.d/vhosts/  Add New Conf File

so i add subdoamin and work 100%

i need it work with ssl so i go to security - > Generate CSR macke sub domain

and add in  /usr/local/apache/conf.d/vhosts/


apache fail to start and show this

Jul 12 11:47:37 host systemd: Failed to start Web server Apache.
Jul 12 11:47:37 host systemd: Unit httpd.service entered failed state.
Jul 12 11:47:37 host systemd: httpd.service failed.
Jul 12 11:47:38 host kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=185.151.243.185 DST=116.203.216.185 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=30662 PROTO=TCP SPT=57611 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 12 11:47:39 host dhclient[1025]: DHCPREQUEST on eth0 to 172.31.1.1 port 67 (xid=0xa758bb3)
Jul 12 11:47:39 host dhclient[1025]: send_packet: Operation not permitted
Jul 12 11:47:39 host kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=116.203.216.185 DST=172.31.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=20438 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Jul 12 11:47:39 host dhclient[1025]: dhclient.c:2717: Failed to send 300 byte long packet over fallback interface.
Jul 12 11:47:51 host dhclient[1025]: DHCPREQUEST on eth0 to 172.31.1.1 port 67 (xid=0xa758bb3)
Jul 12 11:47:51 host dhclient[1025]: send_packet: Operation not permitted
Jul 12 11:47:51 host dhclient[1025]: dhclient.c:2717: Failed to send 300 byte long packet over fallback interface.
Jul 12 11:47:51 host kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=116.203.216.185 DST=172.31.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=26011 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Jul 12 11:48:05 host kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=192.241.235.68 DST=116.203.216.185 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=42508 DPT=7574 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 12 11:48:09 host dhclient[1025]: DHCPREQUEST on eth0 to 172.31.1.1 port 67 (xid=0xa758bb3)
Jul 12 11:48:09 host dhclient[1025]: send_packet: Operation not permitted
Jul 12 11:48:09 host kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=116.203.216.185 DST=172.31.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=37685 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Jul 12 11:48:09 host dhclient[1025]: dhclient.c:2717: Failed to send 300 byte long packet over fallback interface.

---------------------------------

-
-- Unit httpd.service has begun shutting down.
Jul 12 11:47:27 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=3.0.207.224 DST=116.203.216.185 LEN=60 TOS=0x00 PREC=0x00 TTL=234 ID=3585 DF PROTO=TCP SPT=58068 DPT=30303 WINDOW=26883 RES=0x00 SYN URGP=0
Jul 12 11:47:27 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=3.0.207.224 DST=116.203.216.185 LEN=60 TOS=0x00 PREC=0x00 TTL=230 ID=47695 DF PROTO=TCP SPT=58066 DPT=30303 WINDOW=26883 RES=0x00 SYN URGP=0
Jul 12 11:47:27 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=94.102.51.58 DST=116.203.216.185 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=51334 PROTO=TCP SPT=43422 DPT=7199 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 12 11:47:28 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=3.0.207.224 DST=116.203.216.185 LEN=60 TOS=0x00 PREC=0x00 TTL=234 ID=3586 DF PROTO=TCP SPT=58068 DPT=30303 WINDOW=26883 RES=0x00 SYN URGP=0
Jul 12 11:47:28 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=3.0.207.224 DST=116.203.216.185 LEN=60 TOS=0x00 PREC=0x00 TTL=230 ID=47696 DF PROTO=TCP SPT=58066 DPT=30303 WINDOW=26883 RES=0x00 SYN URGP=0
Jul 12 11:47:28 host.xpredo.com dhclient[1025]: DHCPREQUEST on eth0 to 172.31.1.1 port 67 (xid=0xa758bb3)
Jul 12 11:47:28 host.xpredo.com dhclient[1025]: send_packet: Operation not permitted
Jul 12 11:47:28 host.xpredo.com kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=116.203.216.185 DST=172.31.1.1 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=18980 DF PROTO=UDP SPT=68 DPT=67 LEN=308 UID=0 GID=0
Jul 12 11:47:28 host.xpredo.com dhclient[1025]: dhclient.c:2717: Failed to send 300 byte long packet over fallback interface.
Jul 12 11:47:30 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=3.0.207.224 DST=116.203.216.185 LEN=60 TOS=0x00 PREC=0x00 TTL=230 ID=47697 DF PROTO=TCP SPT=58066 DPT=30303 WINDOW=26883 RES=0x00 SYN URGP=0
Jul 12 11:47:31 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=194.26.29.135 DST=116.203.216.185 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12904 PROTO=TCP SPT=51722 DPT=19207 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 12 11:47:37 host.xpredo.com systemd[1]: Stopped Web server Apache.
-- Subject: Unit httpd.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has finished shutting down.
Jul 12 11:47:37 host.xpredo.com systemd[1]: Starting Web server Apache...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Jul 12 11:47:37 host.xpredo.com systemd[1]: httpd.service: control process exited, code=exited status=1
Jul 12 11:47:37 host.xpredo.com systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Jul 12 11:47:37 host.xpredo.com systemd[1]: Unit httpd.service entered failed state.
Jul 12 11:47:37 host.xpredo.com systemd[1]: httpd.service failed.
Jul 12 11:47:38 host.xpredo.com kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:00:2f:24:89:d2:74:7f:6e:37:e3:08:00 SRC=185.151.243.185 DST=116.203.216.185 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=30662 PROTO=TCP SPT=57611 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
×






   

Offline
****
Re: how to add ssl to virtual subdomain
« Reply #1 on: July 12, 2020, 09:47:06 PM »
A CSR isn't a certificate.

add your subdomain as you did.  As root user

/root/.acme.sh/acme.sh --config-home /root/.acme.sh/cwp_certs/ --issue --apache -d (subdomain)

then in the apche.conf, use the fullchain.cer file for the cert, and the .key


Easier option would be to add an account into CWP as a user and let the program do it itself.
Google Hangouts:  rcschaff82@gmail.com