FIXED - Can't connect to FTP after updating ISPConfig 3

I can't connect via FTP after running an ispconfig_update.sh about two weeks ago. When I updated, I lost the ability to connect to the admin panel and had to rerun ispconfig_update.sh and redo the SSL to get it back. Today I tried logging in via FTP for the first time since, and found that I cannot connect to FTP. For the past two hours I've tried to figure out what is going on and am failing terribly, the last thing I did was rerun ispconfig_update.sh --force to reinstall the current stable version.

I looked at Fail2Ban and am not seeing my IP listed, so I don't think I'm being blocked. Anyone have any ideas?

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 9.13 (stretch)
 
[INFO] uptime:  16:32:00 up 37 min,  1 user,  load average: 0.02, 0.03, 0.01
 
[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:           7.7G        1.9G        2.9G         69M        2.9G        5.5G
Swap:          7.9G          0B        7.9G
 
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.8p1


##### VERSION CHECK #####

[INFO] php (cli) version is 7.0.33-0+deb9u12
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.0.33
[WARN] Your php-cgi in ' . /usr/bin/php-cgi . ' seems to be outdated and might contain known exploits.

##### PORT CHECK #####

[WARN] Port 143 (IMAP server) seems NOT to be listening
[WARN] Port 993 (IMAP server SSL) seems NOT to be listening
[WARN] Port 110 (POP3 server) seems NOT to be listening
[WARN] Port 995 (POP3 server SSL) seems NOT to be listening
[WARN] Port 21 (FTP server) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 22325)
[INFO] I found the following mail server(s):
    Postfix (PID 22200)
[WARN] I could not determine which pop3 server is running.
[WARN] I could not determine which imap server is running.
[WARN] I could not determine which ftp server is running.

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[anywhere]:465        (22200/master)
***.***.***.***:53        (22401/named)
[localhost]:53        (22401/named)
[anywhere]:22        (20451/sshd)
[localhost]:953        (22401/named)
[anywhere]:25        (22200/master)
[localhost]:10023        (949/postgrey)
[localhost]:10024        (22250/amavisd-new)
[localhost]:10025        (22200/master)
[localhost]:10026        (22250/amavisd-new)
[localhost]:10027        (22200/master)
[anywhere]:587        (22200/master)
[localhost]:11211        (894/memcached)
*:*:*:*::*:80        (22325/apache2)
*:*:*:*::*:8080        (22325/apache2)
*:*:*:*::*:465        (22200/master)
*:*:*:*::*:8081        (22325/apache2)
*:*:*:*::*:53        (22401/named)
*:*:*:*::*:22        (20451/sshd)
*:*:*:*::*:953        (22401/named)
*:*:*:*::*:25        (22200/master)
*:*:*:*::*:443        (22325/apache2)
*:*:*:*::*:10023        (949/postgrey)
*:*:*:*::*:10024        (22250/amavisd-new)
*:*:*:*::*:10026        (22250/amavisd-new)
*:*:*:*::*:3306        (21930/mysqld)
*:*:*:*::*:587        (22200/master)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination         
f2b-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain f2b-pureftpd (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 4
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 4
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:20
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:10000
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:3306
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8085

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination         




##### LET'S ENCRYPT #####
Certbot is installed in /usr/bin/letsencrypt

Systemctl list-units --failed shows:

Code:

  UNIT            LOAD   ACTIVE SUB    DESCRIPTION                   

● dovecot.service loaded failed failed Dovecot IMAP/POP3 email server


LOAD   = Reflects whether the unit definition was properly loaded.

ACTIVE = The high-level unit activation state, i.e. generalization of SUB.

SUB    = The low-level unit activation state, values depend on unit type.

 

No error messages when running systemctl restart pure-ftpd-mysql ... systemctl status pure-ftpd-mysql shows loaded and active.

cat /var/log/syslog | grep ftp shows:

Code:

root@blaw:/home/blaw# cat /var/log/syslog | grep ftp
Sep  1 11:32:46 blaw systemd[1]: Stopping pure-ftpd-mysql.service...
Sep  1 11:32:46 blaw pure-ftpd-mysql[4452]: Stopping ftp server: pure-ftpd.
Sep  1 11:32:46 blaw systemd[1]: Stopped pure-ftpd-mysql.service.
Sep  1 11:32:46 blaw systemd[1]: Starting pure-ftpd-mysql.service...
Sep  1 11:32:46 blaw pure-ftpd-mysql[4464]: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -p 40110:40210 -P 192.198.99.99 -D -H -8 UTF-8 -Y 1 -c 1024 -E -O clf:/var/log/pure-ftpd/transfer.log -J ECDHE:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!RC4 -b -d -A -F /etc/pure-ftpd/welcome.msg -C 64 -B
Sep  1 11:32:46 blaw systemd[1]: Started pure-ftpd-mysql.service.
Sep  1 11:32:46 blaw pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]

There are quite a few postfix errors, but I'm not running email servers so that should be fine, right?

 

I was able to fix this by following step #14 on https://www.howtoforge.com/tutorial...-ispconfig-3-1/2/#-install-pureftpd-and-quota ... I discovered this thanks to another form post here: https://forum.howtoforge.com/threads/ftp-server-offline.89349/

Thanks Till for the help and all that you do for us here!