Hello,<br><br> Sorry for the delay, soooo much things to do and I add trouble to get extra IP from my ISP.<br><br> Now this things are sorted, I've an issue when I add one more domain.<br><br> the CRT file is generated by my registrar. If it's in the wrong format, How can I convert it?<br>
<br><br><span style="font-family:courier new,monospace">root@ns0:/var/log/stunnel4# service stunnel4 start</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">Starting SSL tunnels: [Started: /etc/stunnel/base.conf] Reading configuration from file /etc/stunnel/mansonthomas.com.conf</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Snagged 64 random bytes from /dev/urandom</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">PRNG seeded successfully</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Using DH parameters from /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt">mansonthomas.com/mansonthomas.com.crt</a></span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">DH initialized with 2048 bit key</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">ECDH initialized</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Certificate: /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt">mansonthomas.com/mansonthomas.com.crt</a></span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Certificate loaded</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">Key file: /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt">mansonthomas.com/mansonthomas.com.crt</a></span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">error queue: 140B0009 : error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">SSL_CTX_use_PrivateKey_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">[Failed: /etc/stunnel/mansonthomas.com.conf]</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">You should check that you have specified the pid= in you configuration file</span><br style="font-family:courier new,monospace">
<br style="font-family:courier new,monospace"><b><span style="font-family:courier new,monospace">The CRT file look like this : </span></b><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">root@ns0:/etc/stunnel/sites/<a href="http://mansonthomas.com#">mansonthomas.com#</a> cat mansonthomas.com.crt</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">-----BEGIN CERTIFICATE-----</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">MIIE3zCCA8egCwIBAgIRAJhidFW4DBk0X/aIvC6ZYNUwDQYJKoZIhvcNAQEF</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">BQAw4TELMAkGA1aEBhMCRlIxEjAQBgNVBAoTCUdBTkR34FNBUzEeMBwGA1UE</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">AxMVR2FuZGkgU3RhbZRhc1QgU1NMIENBMB4XDTExGTAxNDAwPDAwMFoXDTE</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">...</span><br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">DbAzOLhzx0BQKBZHtNzCDD9kwPYg4w4PhVcgTTrLkNdcr3Fh</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">-----END CERTIFICATE-----</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">-----BEGIN DH PARAMETERS-----</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">.....</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">-----END DH PARAMETERS-----</span><br><br><br><br><br>/etc/stunnel/base.conf<br>
====================================<br><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">root@ns0:/etc/stunnel# cat base.conf</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">debug = 7</span><br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">sslVersion = SSLv3</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">cert=/etc/stunnel/sites/<a href="http://mysite.com/">mysite.com/</a></span><span style="font-family:courier new,monospace">my</span><span style="font-family:courier new,monospace">site.com.crt</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">key=/etc/stunnel/sites/</span><span style="font-family:courier new,monospace">my</span><span style="font-family:courier new,monospace"><a href="http://site.com/">site.com/</a></span><span style="font-family:courier new,monospace">my</span><span style="font-family:courier new,monospace">site.com.key</span><br style="font-family:courier new,monospace">
<br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">; security enhancements for UNIX systems</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">; for chroot a copy of some devices and files is needed within the jail</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">;chroot = /var/lib/stunnel4/</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">setuid = stunnel4</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">setgid = stunnel4</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">; PID is created inside the chroot jail</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">pid = /stunnel4.pid</span><br style="font-family:courier new,monospace">
<br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">socket = l:TCP_NODELAY=1</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">socket = r:TCP_NODELAY=1</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">output = /var/log/stunnel.log</span><br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">[<a href="http://https-mysite.com">https-mysite.com</a>]</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">accept=<a href="http://88.190.17.222:443">88.190.17.222:443</a></span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">connect=<a href="http://127.0.0.1:82">127.0.0.1:82</a></span><br>
====================================<br><br><br>root@ns0:/etc/stunnel# cat mansonthomas.com.conf<br>====================================<br><span style="font-family:courier new,monospace">[<a href="http://mansonthomas.com">mansonthomas.com</a>]</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">cert = /etc/stunnel/sites/<a href="http://mansonthomas.com/mansonthomas.com.crt">mansonthomas.com/mansonthomas.com.crt</a></span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">accept = <a href="http://88.190.217.117:443">88.190.217.117:443</a></span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">connect = <a href="http://127.0.0.1:82">127.0.0.1:82</a></span><br style="font-family:courier new,monospace">
<br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">TIMEOUTclose = 0</span><br>====================================<br><br><br>Strangely, there is no file <span style="font-family:courier new,monospace">/var/log/stunnel.log<br>
but a 0 length file in /var/log/stunnel4/stunnel.log<br><br>root@ns0:/etc/stunnel# ll /var/log/stunnel4/stunnel.log<br>-rw-r--r-- 1 stunnel4 stunnel4 0 2012-01-17 20:31 /var/log/stunnel4/stunnel.log<br><br><br>Any idea?<br>
<br>Regards,<br>Thomas.<br></span><br><div class="gmail_quote">On Sat, Feb 11, 2012 at 13:34, <span dir="ltr"><<a href="mailto:josealf@rocketmail.com">josealf@rocketmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thomas,<br>
<br>
Your config looks fine. If not working, Set debug=7 in stunnel.conf and post your log.<br>
<br>
Jose<br>
<div class="HOEnZb"><div class="h5">-----Original Message-----<br>
From: Thomas Manson <<a href="mailto:dev.mansonthomas@gmail.com">dev.mansonthomas@gmail.com</a>><br>
Sender: <a href="mailto:stunnel-users-bounces@stunnel.org">stunnel-users-bounces@stunnel.org</a><br>
Date: Fri, 10 Feb 2012 22:09:38<br>
To: <<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>><br>
Subject: [stunnel-users] Multiple Domains for https<br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
<br>
<br>
<br>
</div></div></blockquote></div><br>