Hi there, I have set up ISP3, newest version, on Debian Lenny following this guide: http://www.howtoforge.com/perfect-server-debian-lenny-debian-5.0-with-bind-and-dovecot-ispconfig-3 I have further followed the guide on how to use a SSL certificate from StartSSL. I have Webmin installed, and have given it the proper links to my certificate, and I'm using the certificate with the web interface for ISP3. This setup works fine, I can send and recieve mails, I can administer mailing lists etc. How ever, as soon as I enable SSL for my website, Mailman stops working. When I try to access the adm. interface at http://<my-web-site>/cgi-bin/mailman/admin/mailman, I just get an error 500 from ISP config. When I enable SSL on my website, the "mm_cfg.py" file changes to have http:// changed to https://. Excert from the file: Code: DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/' PRIVATE_ARCHIVE_URL = '/cgi-bin/mailman/private' IMAGE_LOGOS = '/images/mailman/' In my despair, I tried to change this back to http://, but same error. I have NOT enabled cgi for my website. Can anybody help ?
Please post the exact error message from the error.log of the website and / or the global apache error.log.
/var/log/apache2/error.log: Code: [Tue Feb 21 14:00:08 2012] [notice] Graceful restart requested, doing restart [Tue Feb 21 14:00:54 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 14:17:25 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 14:17:27 2012] [notice] Digest: done [Tue Feb 21 16:30:11 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 16:34:27 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 23:31:58 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 23:37:02 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 23:37:04 2012] [notice] Digest: done [Tue Feb 21 23:37:07 2012] [notice] caught SIGTERM, shutting down [Tue Feb 21 23:37:14 2012] [notice] Digest: done [Wed Feb 22 10:24:54 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 10:29:52 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 10:29:54 2012] [notice] Digest: done [Wed Feb 22 10:47:07 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:26:48 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:26:55 2012] [notice] Digest: done [Wed Feb 22 11:27:25 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:45:02 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:50:05 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:50:08 2012] [notice] Digest: done [Wed Feb 22 11:50:14 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:50:16 2012] [notice] Digest: done [Wed Feb 22 11:51:03 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:51:11 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 11:51:13 2012] [notice] Digest: done [Wed Feb 22 11:54:52 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 12:27:10 2012] [notice] mod_fcgid: call /var/www/nielsterp.se/web/forside.php with wrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter [Wed Feb 22 12:32:00 2012] [notice] caught SIGTERM, shutting down [Wed Feb 22 12:32:00 2012] [notice] mod_fcgid: process /var/www/nielsterp.se/web/index.php(4008) exit(shutting down), terminated by calling exit(), return code: 0 [Wed Feb 22 12:32:00 2012] [notice] mod_fcgid: process /var/www/nielsterp.se/web/index.php(5846) exit(shutting down), terminated by calling exit(), return code: 0 [Wed Feb 22 12:35:57 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Wed Feb 22 12:35:57 2012] [notice] Digest: generating secret for digest authentication ... [Wed Feb 22 12:35:57 2012] [notice] Digest: done [Wed Feb 22 12:35:58 2012] [notice] Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2008-08-11) mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal operations [Wed Feb 22 12:36:23 2012] [notice] mod_fcgid: call /var/www/nielsterp.se/web/index.php with wrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter [Wed Feb 22 12:39:52 2012] [notice] mod_fcgid: call /var/www/nielsterp.se/web/Administration/index.php with wrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter ~ /var/log/ispconfig/httpd/nielsterp.se/error.log: Code: [Wed Feb 22 12:27:28 2012] [error] [client 83.249.50.45] Directory index forbidden by Options directive: /var/www/nielsterp.se/web/stats/, referer: https://privat.nielsterp.se/ [Wed Feb 22 12:32:06 2012] [error] Init: Private key not found [Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218710117 error:0D094065:asn1 encoding routines:d2i_ASN1_SET:bad class [Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib [Wed Feb 22 12:35:57 2012] [warn] RSA server certificate CommonName (CN) `privat.nielsterp.se' does NOT match server name!? [Wed Feb 22 12:35:58 2012] [warn] RSA server certificate CommonName (CN) `privat.nielsterp.se' does NOT match server name!? [Wed Feb 22 12:36:33 2012] [error] [client 83.249.50.45] Directory index forbidden by Options directive: /var/www/nielsterp.se/web/stats/, referer: https://privat.nielsterp.se/ [Wed Feb 22 12:40:08 2012] [error] [client 83.249.50.45] suexec policy violation: see suexec log for more details [Wed Feb 22 12:40:08 2012] [error] [client 83.249.50.45] Premature end of script headers: admin Hope this helps ?
Hi Till, You pointed me in the right direction. There is a reference to suexec.log, wich says that the Mailman program is not in the right place. I then disabled SUEXEC on my website, and now everything works. The way I see it now is, that Mailman is incompatible with both SUEXEC and cgi. Is this correct ? Thank you for your help !
Mailmaln is it is installed by the linux distribution is incompatible with suexec. Suexec is a security system which ensures that scripts run under the user of the website and that scripts must be located in a subdirectory of /var/www. Mailman as it is installed by the linux distribution is located in a directory outside of /var/www, so suexec prevents that the mailman cgi script is run. The problemwith this situation is that its a security risk to run websites without suexec, but with suexec mailman stops working. The recommended worlkaoround is that you access mailman trogh the hostname of the server and not the domain name of a website, so that mailman does not collide with suexec. You can configure that in mm_cfg.py (nad its master template in /usr/local/ispconfig/server/conf/) by DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/' to DEFAULT_URL_PATTERN = 'https://host.server.tld/cgi-bin/mailman/' where host.server.tld is the hostname of your server.
Unfortunately, if there is no %s in DEFAULT_URL_PATTERN, then the mailing list is not created... :-( How to fix the URL_HOST to always the same value? Yves