IPv6, SSL & Apache - Error

**Eomer** · Apr 13th 2017

Hey Guys,

im using:

Let's Encrypt Plugin
Version 3.0.0

IMSCP
Version 1.4.2

Latest Apache2 and Debian 8.7

IPv6 is enabled.

Every time im trying to reach one of the subdomains (no problem with the panel) from home its done with ipv6.
Im receiving an error message

"SSL_ERROR_RX_RECORD_TOO_LONG"

No problems from my mobile network (ipv4)

I checked the "teamspeak.isportz.eu_ssl.conf" file to see whats going on.

Code

<VirtualHost 93.159.253.78:443 [2a00:fe0:1:4d:5054:ff:fe00:c]:80>
ServerAdmin [email protected]
ServerName sinusbot.isportz.eu

The IPv4 address is port 443 and the IPv6 address is port 80.

I solved it by changing the IPv6 port from 80 to 443 but i don't want it to be overwritten as soon as i change something in the panel

What do i have to do that it will be set as 443? What am i missing?

best regards

**Nuxwin** · Apr 13th 2017

Quote from Eomer

The IPv4 address is port 443 and the IPv6 address is port 80.

I solved it by changing the IPv6 port from 80 to 443 but i don't want it to be overwritten as soon as i change something in the panel

How did you added that IPv6 exactly?

Also, what is your i-MSCP httpd server implementation? ITK, Fcgid, PHP-FPM ?

**Nuxwin** · Apr 13th 2017

@Eomer

I still need the info

**Eomer** · Apr 13th 2017

Sorry, @Nuxwin, phone call.

It should be Fcgid but what is the fastest way to find that out for sure?
I'm still noobish.

**Nuxwin** · Apr 13th 2017

Quote from Eomer

It should be Fcgid but what is the fastest way to find that out for sure?

Result of: cat /etc/imscp/imscp.conf | grep 'HTTPD_SERVER' ?

**Eomer** · Apr 13th 2017

wasn't fcgid...:D sorry im still learning

Code

HTTPD_SERVER = apache_php_fpm

**Nuxwin** · Apr 13th 2017

@Eomer

How did you added the IPv6 ?

**Eomer** · Apr 13th 2017

First of all i installed it with the option "do you use ipv6?".

I mentioned in my previous thread that installing the panel with IPv6 option would delete the IPv6 from my /etc/hosts file so i added it myself.

Code

127.0.0.1 server1.rlxd.de.local localhost93.159.253.78 server1.rlxd.de server12a00:fe0:1:4d:5054:ff:fe00:c server1.rlxd.de server1# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersff02::3 ip6-allhosts

Other than that i didn't really do anything. I tested if playing around with the "10_apache2_dualstack.pl" would change anything but it didnt make any difference.

The IPv6 address here was added by imscp i guess?

Code

<VirtualHost 93.159.253.78:443 [2a00:fe0:1:4d:5054:ff:fe00:c]:80>

**Nuxwin** · Apr 13th 2017

@Eomer

Show me your 10_apache2_dualstack.pl listener file content please.

EDIT

Quote from Eomer

First of all i installed it with the option "do you use ipv6?".

There is not such question in installer...

Show me also the content of your /etc/imscp.conf file. Send me those files in private if needed.

EDIT

I've just tested using your ipv6.

I've added your IPv6 through control panel as administrator
I've assigned that IPv6 to my reseller
I've created new customer account and selected that IPv6
I've enabled SSL for the domain

Resullt for the SSL vhost:

Shell-Script

root@xenial:/usr/local/src/imscp# cat /etc/apache2/sites-available/ipv6.bbox.nuxwin.com_ssl.conf<VirtualHost 192.168.1.136:443 [2a00:fe0:1:4d:5054:ff:fe00:c]:443>ServerAdmin [email protected] ipv6.bbox.nuxwin.comServerAlias www.ipv6.bbox.nuxwin.com vu2004.panel.bbox.nuxwin.comDocumentRoot /var/www/virtual/ipv6.bbox.nuxwin.com/htdocsDirectoryIndex index.html index.xhtml index.htmLogLevel errorErrorLog /var/log/apache2/ipv6.bbox.nuxwin.com/error.logAlias /errors/ /var/www/virtual/ipv6.bbox.nuxwin.com/errors/SSLEngine OnSSLCertificateFile /var/www/imscp/gui/data/certs/ipv6.bbox.nuxwin.com.pemSSLCertificateChainFile /var/www/imscp/gui/data/certs/ipv6.bbox.nuxwin.com.pemHeader always set Strict-Transport-Security "max-age=0; includeSubDomains"SuexecUserGroup vu2004 vu2004DirectoryIndex index.php<Proxy "unix:/run/php/php7.0-fpm-ipv6.bbox.nuxwin.com.sock|fcgi://ipv6.bbox.nuxwin.com" retry=0>ProxySet connectiontimeout=5 timeout=7200</Proxy><Directory /var/www/virtual/ipv6.bbox.nuxwin.com>Options +SymLinksIfOwnerMatchRequire all granted</Directory><Directory /var/www/virtual/ipv6.bbox.nuxwin.com/htdocs>AllowOverride All<If "%{REQUEST_FILENAME} =~ /\.ph(?:p[3457]?|t|tml)$/ && -f %{REQUEST_FILENAME}">SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1SetHandler proxy:fcgi://ipv6.bbox.nuxwin.com</If></Directory>Alias /cgi-bin/ /var/www/virtual/ipv6.bbox.nuxwin.com/cgi-bin/<Directory /var/www/virtual/ipv6.bbox.nuxwin.com/cgi-bin>AllowOverride AuthConfig Indexes Limit Options=IndexesDirectoryIndex index.cgi index.pl index.py index.rbOptions +ExecCGI -MultiViewsAddHandler cgi-script .cgi .pl .py .rb</Directory><Location /stats>ProxyPreserveHost OffProxyPass http://127.0.0.1:8889/stats/ipv6.bbox.nuxwin.com retry=1 acquire=3000 timeout=600 Keepalive=OnProxyPassReverse http://127.0.0.1:8889/stats/ipv6.bbox.nuxwin.com</Location>Include /etc/apache2/imscp/ipv6.bbox.nuxwin.com.conf</VirtualHost>

Here, the IPv4 is the primary IP which is always added and the IPv6, the customer IP. There is nothing wrong.

The non-ssl vhost is also correct:

Shell-Script

root@xenial:/usr/local/src/imscp# cat /etc/apache2/sites-available/ipv6.bbox.nuxwin.com.conf
<VirtualHost 192.168.1.136:80 [2a00:fe0:1:4d:5054:ff:fe00:c]:80>
ServerAdmin [email protected]
ServerName ipv6.bbox.nuxwin.com
ServerAlias www.ipv6.bbox.nuxwin.com vu2004.panel.bbox.nuxwin.com
DocumentRoot /var/www/virtual/ipv6.bbox.nuxwin.com/htdocs
DirectoryIndex index.html index.xhtml index.htm
LogLevel error
ErrorLog /var/log/apache2/ipv6.bbox.nuxwin.com/error.log
Alias /errors/ /var/www/virtual/ipv6.bbox.nuxwin.com/errors/
SuexecUserGroup vu2004 vu2004
DirectoryIndex index.php
<Proxy "unix:/run/php/php7.0-fpm-ipv6.bbox.nuxwin.com.sock|fcgi://ipv6.bbox.nuxwin.com" retry=0>
ProxySet connectiontimeout=5 timeout=7200
</Proxy>
<Directory /var/www/virtual/ipv6.bbox.nuxwin.com>
Options +SymLinksIfOwnerMatch
Require all granted
</Directory>
<Directory /var/www/virtual/ipv6.bbox.nuxwin.com/htdocs>
AllowOverride All
<If "%{REQUEST_FILENAME} =~ /\.ph(?:p[3457]?|t|tml)$/ && -f %{REQUEST_FILENAME}">
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetHandler proxy:fcgi://ipv6.bbox.nuxwin.com
</If>
</Directory>
Alias /cgi-bin/ /var/www/virtual/ipv6.bbox.nuxwin.com/cgi-bin/
<Directory /var/www/virtual/ipv6.bbox.nuxwin.com/cgi-bin>
AllowOverride AuthConfig Indexes Limit Options=Indexes
DirectoryIndex index.cgi index.pl index.py index.rb
Options +ExecCGI -MultiViews
AddHandler cgi-script .cgi .pl .py .rb
</Directory>
<Location /stats>
ProxyPreserveHost Off
ProxyPass http://127.0.0.1:8889/stats/ipv6.bbox.nuxwin.com retry=1 acquire=3000 timeout=600 Keepalive=On
ProxyPassReverse http://127.0.0.1:8889/stats/ipv6.bbox.nuxwin.com
</Location>
Include /etc/apache2/imscp/ipv6.bbox.nuxwin.com.conf
</VirtualHost>

Display More

So please provide us with all info as asked above and also, say us if you use one of the following plugins:

PanelRedirect (if yes, which version)
DefaultServerPage (if yes, which version)

**Eomer** · Apr 14th 2017

Hey thanks for checking that.

Im probably wrong about the panel, i thought there is an option during install.

It's working by the way: I went to the reseller and chose the ipv6 (edit customer) . Sorry but i didn't know since this looks like a switch between either ipv6 or either ipv4.
If i choose the ips for the reseller i can check the fields, if i edit the customer i can only switch between those two.

Do you still need any info?

And thanks Nuxwin, i admire your dedication.

IPv6, SSL & Apache - Error

Share

Similar Threads

IMSCP Service Problem

Daily visitors