After migrating to new server using the migration tool, Debian 11 and ispconfig v3.2.7p1, I am unable to connect to use the roundcube plugins, which returns a soap connection error. I have followed the tutorial for Debian 10 https://www.howtoforge.com/install-ispconfig-3-roundcube-plugins-on-debian-10/. I have created a remote user, which worked normally using the migration tool.
Check that the connection is allowed from your webmail server; if so it might be a certificate problem, does your control panel have a valid certificate that includes the server name which roundcube connects to?
Have you followed the Troubleshooting FAQ linked to in the end of the tutorial you followed to install the Roundcube ISPConfig plugins?
Yes, I still get "Soap Error: Could not connect to host" (after 1-2 minutes of waiting time - timeout). My set up is as follows: Everything is included in the same VPS which has a hostname different than the domain and mail server is mail.domain.com. Access to ISPConfig is through mail.domain.com:8080 and admin.domain.com:8080. hostname has not certificate. mail and admin have the same certificate. So the conf is as follows: Code: $config['default_host'] = 'ssl://mail.domain.com; $config['smtp_server'] = 'ssl://%h'; $config['identity_limit'] = false; $config['remote_soap_user'] = 'same user logic as when I used migration of iscponfig'; $config['remote_soap_pass'] = '****'; $config['soap_url'] = 'https://mail.domain.com:8080/remote/'; $config['soap_validate_cert'] = true; I have also tried with cert false and the curl conf in php.ini.
What do you get from running this command on your webmail server: Code: echo quit | openssl s_client -connect mail.domain.com:8080 -servername mail.domain.com
Code: CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = mail.domain.com verify return:1 --- Certificate chain 0 s:CN = mail.domain.com i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=CN = mail.domain.com issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5195 bytes and written 396 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE (edited the sensitive info)
That looks good. What do you see in /var/log/ispconfig/httpd/$(hostname -f)/access.log on mail.domain.com for the above "quit" request? It should look like: Code: xx.xx.xx.xx - - [19/Nov/2021:13:49:22 -0700] "quit\n" 400 5599 "-" "-" . What do you see for a request from roundcube which times out? It should look like this for a successful request: Code: xx.xx.xx.xx - - [19/Nov/2021:14:02:19 -0700] "POST /remote/index.php HTTP/1.1" 200 1112 "-" "PHP-SOAP/7.3.31-1~deb10u1" Does anything show up in /var/log/apache2/error.log (or your php error.log if running roundcube under php-fpm)?
quit output in hostname access log Code: IPV6 of my server - - [19/Nov/2021:22:26:33 +0100] "quit\n" 400 6151 "-" "-" unkown IP - - [19/Nov/2021:22:27:12 +0100] "GET / HTTP/1.0" 400 528 "-" "-" mail.domain.com: nothing related to SOAP, a couple of POST related to roundcube in general though php7.4 error log: nothing apache error log: nothing roundcube: nothing (only some queues from another issue I have with mailing lists)
What exactly did you set in php.ini? And verify it's the correct php.ini (eg. create a phpinfo() page to run from roundcube's root and verify the php interpreter in use is the version and mode you think it is).
Modified /etc/php/7.4/fpm/php.ini Code: curl.cainfo="/etc/php/7.4/cacert.pem" openssl.cafile="/etc/php/7.4/cacert.pem" In dir /etc/php/7.4/I stored the certificate downloaded as instructed from Code: wget https://curl.haxx.se/ca/cacert.pem I used php version 7.4, because in ISPConfig I have seleted php 7.4 as version for php with fpm and also php --version displays 7.4.
For the default php version used by apache what counts is which php-fpm config you have enabled (check to ensure you only have one) and that you do not have any mod_php enabled. While you're at it, check all of /etc/alternatives/*php*
ls -alsh /etc/alternatives/*php* Code: 0 lrwxrwxrwx 1 root root 15 Oct 30 00:02 /etc/alternatives/php -> /usr/bin/php7.4 0 lrwxrwxrwx 1 root root 31 Oct 30 00:02 /etc/alternatives/php.1.gz -> /usr/share/man/man1/php7.4.1.gz 0 lrwxrwxrwx 1 root root 19 Oct 30 00:02 /etc/alternatives/php-cgi -> /usr/bin/php-cgi7.4 0 lrwxrwxrwx 1 root root 35 Oct 30 00:02 /etc/alternatives/php-cgi.1.gz -> /usr/share/man/man1/php-cgi7.4.1.gz 0 lrwxrwxrwx 1 root root 23 Oct 30 00:00 /etc/alternatives/php-cgi-bin -> /usr/lib/cgi-bin/php8.0 0 lrwxrwxrwx 1 root root 24 Nov 19 21:59 /etc/alternatives/php-fpm.sock -> /run/php/php8.0-fpm.sock I also tried the following and restarted apache2, but still I get the error. Code: sudo update-alternatives --set php-fpm.sock /run/php/php7.4-fpm.sock sudo update-alternatives --set php-cgi-bin /usr/lib/cgi-bin/php7.4 Default php is 7.4. apache conf-enabled has only php7.4-fpm.conf.
