ssl in lslb

Discussion in 'General' started by ulises, Jan 19, 2009.

  1. ulises

    ulises New Member

    Hi

    I hope you guys can help me on this one :)

    I'm running litespeed Load balancer and I'm having problems setting up 2 diferents listeners with SSL

    What i have

    2 virtual host -- one site on each

    1 Default listener -- with the 2 VH mapped on port 80

    and i have created 2 diferents secure listeners to run on port 443 and each listener will have their own SSL CERT; however, Litespeed wont let me to run to listener at the time

    I got this error :(

    Code:
    2009-01-19 03:03:01.003	ERROR	HttpListener::start(): Can't listen at address ssl-login: Address already in use!
    2009-01-19 03:03:01.003	ERROR	HttpServer::addListener(ssl-login) failed to create new listener
    2009-01-19 03:03:01.003	ERROR	[config:server:listener:ssl-login] failed to start SSL listener on address *:443!
    
    how can I solve this? -- i need to difenrets sites running its own SSL CERT
  2. mistwang

    mistwang LiteSpeed Staff

    You need two IPs, and create SSL listener for each individual IP instead of "*:443".
  3. ulises

    ulises New Member

    thanks for your reply

    I actually thought that and tried but got the same results

    I have two IPs in the LB server

    1.2.3.200 -- this is the main IP for the LB server eth0

    1.2.3.201 -- this would be eh0:1

    I assigned 1.2.3.200 to SSL listener # 1 and works

    I assigned 1.2.3.201 to SSL listener # 2 but still get the same error

    Code:
    2009-01-19 05:01:26.168	ERROR	HttpListener::start(): Can't listen at address ssl-reports: Address already in use!
    2009-01-19 05:01:26.168	ERROR	HttpServer::addListener(ssl-reports) failed to create new listener
    2009-01-19 05:01:26.168	ERROR	[config:server:listener:ssl-reports] failed to start SSL listener on address 1.2.3..201:443!
    
    do i need to add another IP -- so the SSL's listeners wont use the main IP?
  4. mistwang

    mistwang LiteSpeed Staff

    For first listener, you have to change it from "*:443" to "1.2.3.200:443"
  5. ulises

    ulises New Member

    yes, I do have it that way

    Code:
    Running                  ssl-1	      1.2.3.200:443	[vh.com] www.domain1.com domain.com
    Error	                      ssl-2	      1.2.3.201:443	N/A
    
  6. mistwang

    mistwang LiteSpeed Staff

    Please PM me the login to the web console, I can take a look.
  7. mistwang

    mistwang LiteSpeed Staff

    I think you need to stop it from command line, the start it again.
    no to use "restart" from command line or web console.
    Make sure the second IP does exist.
  8. ulises

    ulises New Member

    restaring from command line did it

    thx man.
  9. ulises

    ulises New Member

    now i have some other strange problem

    site-1 is working ok... however, site-2 seems to be reading the site-1's cert file eventhough the path is correct $SERVER_ROOT/ssl/site-2.crt

    I have no errors nor warnings

    any ideas?
  10. mistwang

    mistwang LiteSpeed Staff

    make sure site-1.crt and site-2.crt are not identical.
  11. ulises

    ulises New Member

    they are not :(
  12. mistwang

    mistwang LiteSpeed Staff

    make the login working, I can take a look.
  13. ulises

    ulises New Member

    pls try now
  14. mistwang

    mistwang LiteSpeed Staff

    the problem is your DNS record. both domains point to .200.
  15. ulises

    ulises New Member

    ok thx I'll change the site-2 IP to match .201

    thx for your time

Share This Page