Debian10, can't access the control panel, The waiting period is exceeded ?

Hi everyone I have a little problem I install IP config almost every year once but this year I can't ...
I followed the tutorial, "Perfect Server Automated ISPConfig 3 Installation on Debian 10 - 11 and Ubuntu 20.04" as per usual ,
but after a successful installation in a new debian10 (ovh vps) I can't access these addresses
https: //vps123456.example.ovh:8080
https: //vps123456.example.ovh:8080/phpmyadmin
i always have, the waiting period is exceeded as answer ?
Does anyone have an idea how I can correct this ?

I reinstall my server with the same configuration that was previously, Debian10 ISPCONFIG3 for 2 websites, I have not changed the DNS zone settings at OVH, I kept the previous DNS zone configuration that worked correctly.

My host file looks like this:

Code:

127.0.0.1 localhost.localdomain   localhost

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.1.1 vps123456.exemple.ovh vps123456
127.0.1.1 vps123456 vps123456
127.0.1.1 vps123456.ovh.net   vps123456

The test script gives me this out:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 10 (buster)

[INFO] uptime:  12:32:32 up 0 min,  1 user,  load average: 1,97, 0,49, 0,16

[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          3,8Gi       1,6Gi       1,4Gi        55Mi       767Mi       1,9Gi
Swap:            0B          0B          0B

[INFO] systemd failed services status:
0 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.8p2


##### VERSION CHECK #####

[INFO] php (cli) version is 7.3.33-7+0~20220929.100+debian10~1.gbpdb2e49
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.33

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
        Apache 2 (PID 1033)
[INFO] I found the following mail server(s):
        Postfix (PID 1370)
[INFO] I found the following pop3 server(s):
        Dovecot (PID 653)
[INFO] I found the following imap server(s):
        Dovecot (PID 653)
[INFO] I found the following ftp server(s):
        PureFTP (PID 1112)

##### LISTENING PORTS #####
(seulement              ()
Adresse         (distante)
[localhost]:10023               (950/postgrey)
[anywhere]:587          (1370/master)
[localhost]:11211               (627/memcached)
[localhost]:6379                (677/redis-server)
[anywhere]:110          (653/dovecot)
[anywhere]:143          (653/dovecot)
[anywhere]:465          (1370/master)
[anywhere]:21           (1112/pure-ftpd)
***.***.***.***:53              (658/named)
[localhost]:53          (658/named)
[anywhere]:22           (701/sshd)
[anywhere]:25           (1370/master)
[localhost]:953         (658/named)
[anywhere]:4190         (653/dovecot)
[anywhere]:993          (653/dovecot)
[anywhere]:995          (653/dovecot)
[localhost]:11332               (715/rspamd:)
[localhost]:11333               (715/rspamd:)
[localhost]:11334               (715/rspamd:)
*:*:*:*::*:10023                (950/postgrey)
*:*:*:*::*:3306         (815/mysqld)
*:*:*:*::*:587          (1370/master)
*:*:*:*::*:6379         (677/redis-server)
[localhost]10           (653/dovecot)
[localhost]43           (653/dovecot)
*:*:*:*::*:8080         (1033/apache2)
*:*:*:*::*:80           (1033/apache2)
*:*:*:*::*:465          (1370/master)
*:*:*:*::*:8081         (1033/apache2)
*:*:*:*::*:21           (1112/pure-ftpd)
*:*:*:*::*:53           (658/named)
*:*:*:*::*:22           (701/sshd)
*:*:*:*::*:25           (1370/master)
*:*:*:*::*:953          (658/named)
*:*:*:*::*:443          (1033/apache2)
*:*:*:*::*:4190         (653/dovecot)
*:*:*:*::*:993          (653/dovecot)
*:*:*:*::*:995          (653/dovecot)
*:*:*:*::*:11332                (715/rspamd:)
*:*:*:*::*:11333                (715/rspamd:)
*:*:*:*::*:11334                (715/rspamd:)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination
REJECT     all  --  ***.***.***.***          [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh

 

I think you should use your server public IP in /etc/hosts.

You can also try public.ip:8080 to access ISPConfig or try to access vps123456.example.ovh:8080 without https. I doubt acme.sh can create LE SSL certs for that .ovh sub sub domain.

 

I also tried to access it directly with the IP address like this
http: //243.150.8.217:8080
https: //243.150.8.217:8080
I always have the same result
When you tell me to use my public IP in /etc /hosts.
it's like that ?

Code:

127.0.0.1 localhost.localdomain   localhost

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

243.150.8.217 vps123456.exemple.ovh vps123456
127.0.1.1 vps123456 vps123456
127.0.1.1 vps123456.ovh.net   vps123456

Do I have to reinstall ISPCONFIG after making the modification ?

Test script output corrected .
The command "cat htf_report.txt | more" gave me just the first few lines
The command "cat htf_report.txt" allowed me to have all the lines
I look for the firewall as soon as I come home from work.

 

The more command is for displaying text one screenfull at a time. Press space to see next screenfull, or Enter to scroll one line forward. Press h for built-in help for more. There is also command less, it has more features.

 

Ok. It is not accessible from the IP as well. And yes, plus I think you may comment out the other lines starting on IP 127.0.1.1

 

Thank you for this little tips !

Yes I have a virtual private server at OVH, i just checked the firewall linked to my IP it is completely disabled.

Yes I tried to do this too but I still have the same result.

But I found something interesting in Acme.log

Code:

[mercredi 26 octobre 2022, 01:03:31 (UTC+0200)] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: vps123456.exemple.ovh, retry after 2022-10-26T04:22:48Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
  "status": 429
}

Could this certificate problem cause my problem?

 

Too many certificates comes from Let's Encrypt, https://letsencrypt.org/docs/rate-limits/

 

I already said that. The reason is obvious.

 

Thank you for your help !
It is for this reason I looked in the ACME.LOG file.

So if I understand correctly to connect to the 8080 port,
I have to change my Hoste name , and that I reinstall ISPConfig ?
or
do I have to reinstall with a new domain name whose DNS zone is empty ?

 

In the minimal tutorial there is instruction to change hostname. Thereafter, once the new hostname fqdn for your server (e.g. my.server.tld) have been properly propagated by your dns server, (somewhere between immediately up to 72 hours), you can force update your ISPConfig selecting create SSL in the process.

 

Hi everyone is still me,the certificate seems to be well created acme.log tells me that certificates are replaced.
But I still can't connect to the 8080 port
I wonder if it would not be a defect in the ACMES.SH library,
because when I go to the official Github page https: //github.com/acmesh-official/acme.sh
is it said that it doesn't work on Debian.

Code:

Tested OS NO 10 Linux failing Debian

Could my problem come from there?
Do I have to use Certbot?

 

Please share your latest full test report for your server.

 

Thank you for your help, ...
I was on a 2018 server, I just changed for a new version that allows me to install Debian11
I am reinstalling my server with Debian11 I keep you posted if I have the same problem with Debian11 or if this that solves my problem

 

Installing Debian11 did not solve my problem ...

You found the problem first, my home livebox firewall .
Two weeks ago i configured an ESP32-cam, so in my home livebox settings, in the advanced configuration, and I modified the firewall ...
I configured the firewall with the customized mode, there are 4 modes, low high means and personalize ...
So I go back in medium mode, and as if by magic everything works correctly , problem solved

Thank you all for your help and patience , you all do a great job !

 

Ok. I feel you though I normally just use my ISP provided router as my firewall. My new Zyxel EX3300-T0 router also give me a headache for almost a month because of its unfriendly setting pages, if compared to my old TP-Link AC1350. However it works now though not very much to my liking but now I am thinking of configuring pfsense firewall since my Dell R710 now have 8 ethernet port to be utilized.