Danish translation on transifex is again 100%
Posts by MGAV
-
-
Some small issues corrected in the Danish translation on transifex
-
Danish/Dansk translation on transifex is again 100%Have a nice day!
-
The certificate is for *.securenetwork.dk (not *.concrete5.dk)
But the hosting server has the hostname host2.concrete5.dk (our test server) and maar.securenetwork.dk is a customer (test customer for testing certificate).
Btw. We are roling back to clean snapshot again now. too many loose ends right now. faster to reinstall. Tried to install Zend Optimizer and some thing went wrong...
-
It is wildcard!
-
It is totally ok. I am just confused about all this SSL stuff.
Take your time!
-
Hello,
Both sites host2.concrete5.dk and maar.securenetwork.dk reuse the same ip? I bet it's SNI problem... See http://debian-handbook.info/br…sect.http-web-server.html
eg:
QuoteDisplay More
QUICK LOOK Apache supports SNIStarting with Debian Squeeze, the Apache server supports an SSL protocol extension called Server Name Indication (SNI). This extension allows the browser to send the hostname of the web server during the establishment of the SSL connection, much earlier than the HTTP request itself, which was previously used to identify the requested virtual host among those hosted on the same server (with the same IP address and port). This allows Apache to select the most appropriate SSL certificate for the transaction to proceed.
Before SNI, Apache would always use the certificate defined in the default virtual host. Clients trying to access another virtual host would then display warnings, since the certificate they received didn't match the website they were trying to access. Fortunately, most browsers now work with SNI; this includes Microsoft Internet Explorer starting with version 7.0 (starting on Vista), Mozilla Firefox starting with version 2.0, Apple Safari since version 3.2.1, and all versions of Google Chrome.
The Apache package provided in Debian is built with support for SNI; no particular configuration is therefore needed, apart from enabling name-based virtual hosting on port 443 (SSL) as well as the usual port 80. This is a simple matter of editing /etc/apache2/ports.conf so it includes the following:
<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>Care should also be taken to ensure that the configuration for the first virtual host (the one used by default) does enable TLSv1, since Apache uses the parameters of this first virtual host to establish secure connections, and they had better allow them!
I looked in to the file ports.conf:
QuoteDisplay More
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz#NameVirtualHost *:80
Listen 80<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>And added your suggestion:
QuoteDisplay More
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz#NameVirtualHost *:80
Listen 80<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>I still have problems and have to investigate if I have a bad certificate. It still comes up as untrusted!
-
Are you sure there is no insecure content on the site, I mean images linking/loading from other places.
I'm using Wildcard and I haven't seen that issue if it's correctly installed, only if we have had a relation to another site or a wrongly installed certificate.Normally you can check what it tires to connected with ex. Chrome dev console.
https://support.google.com/chrome/answer/1342714?hl=enBack to business...
I am testing the SSL issue again.
Correct me if I am wrong. But this is how we have done with SSL:1. Installed IMSCP from scratch
2. We said yes to use SSL under installation
3. We chose smarthost as mail server (this works ok)
4. We said no to "have own certificate"
5. We said no to use local DNS server
6. Finished up the installation
7. Made all settings in admin panel (including activate ssl)
8. Made a reseller
9. logged in as reseller
10. made a hosting plan
11. made a customer
12. logged in to that customer
13. added the key and certificate and hit save
14. went to the site https://...When looking at the certificate text it says:
maar.securenetwork.dk uses an invalid security certificate.
The certificate can not be relied on , as it is signed by the proprietor.
The certificate is only valid for *. Host2.concrete5.dk.(Error code: sec_error_untrusted_issuer)
It seems to me that it thinks that it is the server certificate (host2.concrete5.dk), but the certificate is issued to *securenetwork.dk
Any idea?
-
Great...
I will start the installation again...
I'll be back if any issues!
[hr]
It is a little fast for feedback. But it came up with an new error during install. See attached screen dump: -
We would like to thank Nuxwin for he's fast response and huge i-MSCP insight. He is very fast to find issues at hand.