Hi guys, I hope someone can help me. I was moving my site to a new server, and a higher cms version. Everything was working just fine, and I liked to go productive. So I changed on the new server: dev.example.com to example.com in ISPConfig Than I changed the DNS entries of example.com at namecheap to point to the new IP . Result: No access anymore to the new website as well as to ISPConfig 3 panel (which is on vls002.example.net - (not com) While troubleshooting I found that apache2 died, after many tries to restart apache and reconfigure ispconfig.sh --force and nothing worked I purged and reinstalled apache enabled all apache modules again, reconfigured ispconfig. apache2 is running now, but still now access. I suspect something happend to SSL but - I am at the end of my "latin" now. Code: # monit status Monit 5.33.0 uptime: 59m Process 'sshd' status OK monitoring status Monitored monitoring mode active on reboot start pid 978 parent pid 1 uid 0 effective uid 0 gid 0 uptime 59m threads 1 children 7 cpu 0.0% cpu total 0.0% memory 0.1% [8.5 MB] memory total 0.3% [52.2 MB] security attribute unconfined filedescriptors 6 [0.6% of 1024 limit] total filedescriptors 52 read bytes 1.7 kB/s [4.7 MB total] disk read bytes 0 B/s [1.9 MB total] disk read operations 2.7 reads/s [8061 reads total] write bytes 73.8 B/s [369.9 kB total] disk write bytes 0 B/s [64 kB total] disk write operations 0.1 writes/s [457 writes total] port response time 17.644 ms to localhost:22 type TCP/IP protocol SSH data collected Tue, 03 Dec 2024 11:35:59 Process 'apache' status OK monitoring status Monitored monitoring mode active on reboot start pid 7923 parent pid 1 uid 0 effective uid 0 gid 0 uptime 41m threads 1 children 4 cpu 0.0% cpu total 0.0% memory 0.1% [9.5 MB] memory total 0.4% [56.3 MB] security attribute unconfined filedescriptors 15 [0.2% of 8192 limit] total filedescriptors 66 read bytes 0 B/s [99.2 kB total] disk read bytes 0 B/s [0 B total] disk read operations 0.0 reads/s [36 reads total] write bytes 0 B/s [277 B total] disk write bytes 0 B/s [0 B total] disk write operations 0.0 writes/s [3 writes total] port response time 0.784 ms to localhost:80/monit/token type TCP/IP protocol HTTP data collected Tue, 03 Dec 2024 11:35:59 Process 'mysql' status OK monitoring status Monitored monitoring mode active on reboot start pid 7457 parent pid 1 uid 103 effective uid 103 gid 110 uptime 41m threads 28 children 0 cpu 0.0% cpu total 0.0% memory 1.6% [253.9 MB] memory total 1.6% [253.9 MB] security attribute unconfined filedescriptors 315 [0.0% of 1048576 limit] total filedescriptors 315 read bytes 35.4 B/s [43.1 MB total] disk read bytes 0 B/s [67.6 MB total] disk read operations 0.1 reads/s [1788 reads total] write bytes 4.5 kB/s [3.4 MB total] disk write bytes 4.5 kB/s [3.4 MB total] disk write operations 2.0 writes/s [1344 writes total] port response time 0.136 ms to 127.0.0.1:3306 type TCP/IP protocol DEFAULT data collected Tue, 03 Dec 2024 11:35:59 Process 'postfix' status OK monitoring status Monitored monitoring mode active on reboot start pid 7880 parent pid 1 uid 0 effective uid 0 gid 0 uptime 41m threads 1 children 10 cpu 0.0% cpu total 0.0% memory 0.0% [2.6 MB] memory total 0.5% [77.6 MB] security attribute unconfined filedescriptors 123 [0.0% of 524288 limit] total filedescriptors 255 read bytes 19.4 B/s [831.3 kB total] disk read bytes 0 B/s [0 B total] disk read operations 1.6 reads/s [2050 reads total] write bytes 0.1 B/s [38.5 kB total] disk write bytes 0 B/s [24 kB total] disk write operations 0.1 writes/s [732 writes total] port response time 4.069 ms to localhost:25 type TCP/IP protocol SMTP data collected Tue, 03 Dec 2024 11:35:59 Process 'dovecot' status OK monitoring status Monitored monitoring mode active on reboot start pid 7903 parent pid 1 uid 0 effective uid 0 gid 0 uptime 41m threads 1 children 5 cpu 0.0% cpu total 0.0% memory 0.0% [4.0 MB] memory total 0.2% [23.5 MB] security attribute unconfined filedescriptors 259 [0.4% of 65535 limit] total filedescriptors 365 read bytes 1.4 kB/s [2.0 MB total] disk read bytes 0 B/s [0 B total] disk read operations 1.6 reads/s [2344 reads total] write bytes 21.8 B/s [36.6 kB total] disk write bytes 0 B/s [4 kB total] disk write operations 0.7 writes/s [945 writes total] port response time 15.050 ms to localhost:143 type TCP/IP protocol IMAP data collected Tue, 03 Dec 2024 11:35:59 System 'vls002' status OK monitoring status Monitored monitoring mode active on reboot start load average [0.24] [0.12] [0.03] cpu 0.8%usr 0.5%sys 0.2%nice 0.0%iowait 0.0%hardirq 0.1%softirq 0.0%steal 0.0%guest 0.0%guestnice memory usage 2.5 GB [16.5%] swap usage 0 B [0.0%] uptime 59m boot time Tue, 03 Dec 2024 10:36:36 filedescriptors 4448 [0.0% of 9223372036854775807 limit] data collected Tue, 03 Dec 2024 11:36:29 Code: # apachectl -t Syntax OK # service apache2 status ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled) Active: active (running) since Tue 2024-12-03 10:54:54 UTC; 28min ago Docs: https://httpd.apache.org/docs/2.4/ Process: 7918 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Tasks: 57 (limit: 18589) Memory: 24.9M CPU: 339ms CGroup: /system.slice/apache2.service ├─7923 /usr/sbin/apache2 -k start ├─7924 "vlogger (access log)" ├─7925 /usr/sbin/apache2 -k start ├─7928 /usr/sbin/apache2 -k start └─7929 /usr/sbin/apache2 -k start Dec 03 10:54:53 vls002 systemd[1]: Starting apache2.service - The Apache HTTP Server... Dec 03 10:54:54 vls002 systemd[1]: Started apache2.service - The Apache HTTP Server. I removed the conf file of the website, doesnt help. Code: # ls /etc/apache2/sites-enabled/ 000-apps.vhost 000-default.conf 000-ispconfig.conf 999-acme.conf https://example.com gives: Diese Website kann keine sichere Verbindung bereitstellen smartsiam.com hat eine ungültige Antwort gesendet. ERR_SSL_PROTOCOL_ERROR http://example.com displays the Apache2 Debian Default Page https://server2.example.net:8080/login/ Die Website ist nicht erreichbar vls002.example.net hat die Verbindung abgelehnt. Versuche Folgendes: Verbindung prüfen Proxy und Firewall prüfen ERR_CONNECTION_REFUSED "funny" sidefact: I can login to Monit via https://example.com:2812 or https://vls002.example.net:2812 - that works all fine. And that points me somehow to a ssl issue. I must be very close to the solution, but no idea where else I can look now. Any help highly appreciated.
Check the content of /etc/apache2/sites-available/ Probably there are .err files, which means the last ISP config for that site couldn't be applied due to errors. You can rename such a file without the .err at the end and run apachectl -t again to see if it gives you any errors.
quick update: i found a misconfiguration in the websites .vhost after solving this and creating a new symbolic link the website is working now. (it was a apache directive that was wrong) However, I still need some help to get the ISPConfig Panel access back.
Dear Remcoh Thank you, (if I no that minutes earlier I would not have checked the vhost file manually. But now I know for the future. So one point left I need just access to the ISPConfig panel again. This is still unaccessible. I get : Die Website ist nicht erreichbar vls002.example.net hat die Verbindung abgelehnt. Versuche Folgendes: Verbindung prüfen Proxy und Firewall prüfen ERR_CONNECTION_REFUSED fail2ban can be excluded, I am in my office, got a fix ip, and this IP is whitelisted in fail2ban. However the most important part is working now. (Our homepage is online again) For the hosting panel I'll try during weekend.
Which port is your panel running on and is that port open in the firewall? Connection refused seems to suggest something is actively blocking the request.
The subdomain FQDN for ther server may be changed but must be to another subdomain, so you were doing it wrongly. You may use proxy to that subdomain if you want to access using top level domain.
@ Remcoh ISPConfig should run on standard port 8080 - ufw is not blocking anything as you will see below. I found last night that 000-ispconfig.vhost went missing in /etc/apache2/sites-enabled - so I recreated the link. Status now: Code: /etc/apache2/sites-enabled# ls 000-apps.vhost 000-ispconfig.conf 100-munin.conf 999-acme.conf 000-default.conf 000-ispconfig.vhost 100-smartsiam.com.vhost # netstat -tupln | grep 8080 tcp6 0 0 :::8080 :::* LISTEN 250617/apache2 so the server is listening, but: https://vls002.example.net:8080/login/ Not Found The requested URL was not found on this server. Strange: The certificate that is shown is not selfsigned. I did never setup Letsencrypt for the address of the ISPConfig panel. But the certificate shown for https://vls002.smartsiam.net:8080/ is - Let's encrypt with CN: vls002.example.net (issued Wednesday, 20. November 2024 so a long time before the trouble started) https://vls002.example.net:8080/ or https://<my-server-ip>:8080 Apache2 Debian Default Page Strange: The certificate that is shown is not selfsigned. I did never setup Letsencrypt for the address of the ISPConfig panel. But the certificate shown for https://vls002.smartsiam.net:8080/ is - Let's encrypt with CN: vls002.example.net (issued Wednesday, 20. November 2024 so a long time before the trouble started) https://vls002.example.net/ Doesnt load, since a Let's encrypt certificate with CN: example.com is shown. After getting this I compared the following files line by with my old server (vls001) - same configuration Debian 12/ISPConfig All files are identical: 000-apps.vhost 000-default.conf 000-ispconfig.conf 000-ispconfig.vhost 999-acme.conf Below the ufw: Code: # ufw status numbered Status: active To Action From -- ------ ---- [ 1] 21/tcp ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] 25/tcp ALLOW IN Anywhere [ 4] 53/tcp ALLOW IN Anywhere [ 5] 80/tcp ALLOW IN Anywhere [ 6] 110/tcp ALLOW IN Anywhere [ 7] 143/tcp ALLOW IN Anywhere [ 8] 443/tcp ALLOW IN Anywhere [ 9] 465/tcp ALLOW IN Anywhere [10] 587/tcp ALLOW IN Anywhere [11] 993/tcp ALLOW IN Anywhere [12] 995/tcp ALLOW IN Anywhere [13] 4190/tcp ALLOW IN Anywhere [14] 8080/tcp ALLOW IN Anywhere [15] 8081/tcp ALLOW IN Anywhere [16] 40110:40210/tcp ALLOW IN Anywhere [17] 53/udp ALLOW IN Anywhere [18] 3306/tcp ALLOW IN Anywhere [19] 2812/tcp ALLOW IN Anywhere [20] 21/tcp (v6) ALLOW IN Anywhere (v6) [21] 22/tcp (v6) ALLOW IN Anywhere (v6) [22] 25/tcp (v6) ALLOW IN Anywhere (v6) [23] 53/tcp (v6) ALLOW IN Anywhere (v6) [24] 80/tcp (v6) ALLOW IN Anywhere (v6) [25] 110/tcp (v6) ALLOW IN Anywhere (v6) [26] 143/tcp (v6) ALLOW IN Anywhere (v6) [27] 443/tcp (v6) ALLOW IN Anywhere (v6) [28] 465/tcp (v6) ALLOW IN Anywhere (v6) [29] 587/tcp (v6) ALLOW IN Anywhere (v6) [30] 993/tcp (v6) ALLOW IN Anywhere (v6) [31] 995/tcp (v6) ALLOW IN Anywhere (v6) [32] 4190/tcp (v6) ALLOW IN Anywhere (v6) [33] 8080/tcp (v6) ALLOW IN Anywhere (v6) [34] 8081/tcp (v6) ALLOW IN Anywhere (v6) [35] 40110:40210/tcp (v6) ALLOW IN Anywhere (v6) [36] 53/udp (v6) ALLOW IN Anywhere (v6) [37] 3306/tcp (v6) ALLOW IN Anywhere (v6) [38] 2812/tcp (v6) ALLOW IN Anywhere (v6) What makes me wondering is this section of apachectl -S Code: ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex authdigest-opaque: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex authdigest-client: using_defaults Mutex ssl-stapling: using_defaults Mutex proxy: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG Define: ENABLE_USR_LIB_CGI_BIN User: name="www-data" id=33 Group: name="www-data" id=33 On the old system (vls001) I see 2 more entries, - which are missing above: Code: Mutex fcgid-pipe: using_defaults Mutex fcgid-proctbl: using_defaults No idea how this is somehow related. @ahrasis: Thanks for the comment, but that is not the case. Maybe I explained a bit confusing. Website and ISPConfig running on different domains. ISPConfig Panel is running on vls001.example.net The website I changed was from dev.example.com to example.com After this small change the trouble started. The website itself is running now. But the ispconfigpanel still not accessible.
This change is not the reason for your issues. It just triggered an Apache restart as part of the process, which made the issues visible to you that were caused before, likely by manual edits in the apache config. Also, ISPConfig would never remove its own vhost file. That's unrelated. What you can try is to run: ispconfig_update.sh --force to let ISPConfig update the system and add the file that are missing now. A certificate for the system hostname is issued when you run ispconfig_update.sh. According to your first post, you ran that command after changing the hostname. This is likely caused by you purging Apache. I guess you did not install and activate all required Apache modules again afterwards. See one of the manual perfect server install guides for which packages to install and which modules to activate.
Hi Till, actually I did this - twice. Strictly according to Debian 12 /ISPConfig perfect server guide - completly step 9. Code: # apachectl -S AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7 VirtualHost configuration: *:8081 vls002.example.net (/etc/apache2/sites-enabled/000-apps.vhost:9) *:8080 vls002.example.net (/etc/apache2/sites-enabled/000-ispconfig.vhost:9) *:80 is a NameVirtualHost default server vls002.example.net (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost vls002.example.net (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost example.com (/etc/apache2/sites-enabled/100-example.com.vhost:7) alias www.example.com *:443 example.com (/etc/apache2/sites-enabled/100-example.com.vhost:138) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex proxy: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex authdigest-opaque: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex authdigest-client: using_defaults Mutex ssl-stapling: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG Define: MODPERL2 Define: ENABLE_USR_LIB_CGI_BIN User: name="www-data" id=33 Group: name="www-data" id=33 If I look inside TYPO3 on the PHP config it looks also OK. Code: System Linux vls002 6.1.0-28-arm64 #1 SMP Debian 6.1.119-1 (2024-11-22) aarch64 Build Date Nov 25 2024 18:22:20 Build System Linux Server API FPM/FastCGI Virtual Directory Support disabled Configuration File (php.ini) Path /etc/php/8.2/fpm Loaded Configuration File /etc/php/8.2/fpm/php.ini Scan this dir for additional .ini files /etc/php/8.2/fpm/conf.d Additional .ini files parsed /etc/php/8.2/fpm/conf.d/10-mysqlnd.ini, /etc/php/8.2/fpm/conf.d/10-opcache.ini, /etc/php/8.2/fpm/conf.d/10-pdo.ini, /etc/php/8.2/fpm/conf.d/15-xml.ini, /etc/php/8.2/fpm/conf.d/20-bcmath.ini, /etc/php/8.2/fpm/conf.d/20-calendar.ini, /etc/php/8.2/fpm/conf.d/20-ctype.ini, /etc/php/8.2/fpm/conf.d/20-curl.ini, /etc/php/8.2/fpm/conf.d/20-dom.ini, /etc/php/8.2/fpm/conf.d/20-exif.ini, /etc/php/8.2/fpm/conf.d/20-ffi.ini, /etc/php/8.2/fpm/conf.d/20-fileinfo.ini, /etc/php/8.2/fpm/conf.d/20-ftp.ini, /etc/php/8.2/fpm/conf.d/20-gd.ini, /etc/php/8.2/fpm/conf.d/20-gettext.ini, /etc/php/8.2/fpm/conf.d/20-iconv.ini, /etc/php/8.2/fpm/conf.d/20-imap.ini, /etc/php/8.2/fpm/conf.d/20-intl.ini, /etc/php/8.2/fpm/conf.d/20-mbstring.ini, /etc/php/8.2/fpm/conf.d/20-mysqli.ini, /etc/php/8.2/fpm/conf.d/20-pdo_mysql.ini, /etc/php/8.2/fpm/conf.d/20-pdo_sqlite.ini, /etc/php/8.2/fpm/conf.d/20-phar.ini, /etc/php/8.2/fpm/conf.d/20-posix.ini, /etc/php/8.2/fpm/conf.d/20-pspell.ini, /etc/php/8.2/fpm/conf.d/20-readline.ini, /etc/php/8.2/fpm/conf.d/20-shmop.ini, /etc/php/8.2/fpm/conf.d/20-simplexml.ini, /etc/php/8.2/fpm/conf.d/20-soap.ini, /etc/php/8.2/fpm/conf.d/20-sockets.ini, /etc/php/8.2/fpm/conf.d/20-sqlite3.ini, /etc/php/8.2/fpm/conf.d/20-sysvmsg.ini, /etc/php/8.2/fpm/conf.d/20-sysvsem.ini, /etc/php/8.2/fpm/conf.d/20-sysvshm.ini, /etc/php/8.2/fpm/conf.d/20-tidy.ini, /etc/php/8.2/fpm/conf.d/20-tokenizer.ini, /etc/php/8.2/fpm/conf.d/20-xmlreader.ini, /etc/php/8.2/fpm/conf.d/20-xmlrpc.ini, /etc/php/8.2/fpm/conf.d/20-xmlwriter.ini, /etc/php/8.2/fpm/conf.d/20-xsl.ini, /etc/php/8.2/fpm/conf.d/20-zip.ini PHP API 20220829 PHP Extension 20220829 Zend Extension 420220829 Zend Extension Build API420220829,NTS PHP Extension Build API20220829,NTS Debug Build no Thread Safety disabled Zend Signal Handling enabled Zend Memory Manager enabled Zend Multibyte Support provided by mbstring Zend Max Execution Timers disabled IPv6 Support enabled DTrace Support available, disabled Registered PHP Streams https, ftps, compress.zlib, php, file, glob, data, http, ftp, phar, zip Registered Stream Socket Transports tcp, udp, unix, udg, ssl, tls, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3 Registered Stream Filters zlib.*, string.rot13, string.toupper, string.tolower, convert.*, consumed, dechunk, convert.iconv.* I am puzzled, no idea where to look anymore. as a side note: As regards the certificate: in my old "manual" install that was still self signed. For the new setup i used the automatic installation. So looking at the date Let's encrypt is now used for the panel too? I just realized 20. Nov was the day I setup the new server.
My guess is that you do not have the Apache fcgi module loaded or enabled. In the ISPConfig vhost, a large part is wrapped in <IfModule mod_fcgid.c> statement, so if this required module is missing, you won't get the ISPConfig UI. Yes, for quite a few years now.
I forgot this: Code: # apachectl -M AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7 Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) actions_module (shared) alias_module (shared) auth_basic_module (shared) auth_digest_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgid_module (shared) dav_module (shared) dav_fs_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) filter_module (shared) headers_module (shared) include_module (shared) mime_module (shared) mpm_event_module (shared) negotiation_module (shared) perl_module (shared) proxy_module (shared) proxy_fcgi_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared) suexec_module (shared)
So the fcgi module seems to be either not installed or its not enabled. Try: apt install libapache2-mod-fcgid a2enmod fcgid service apache2 restart
Thank you so much - Till . That was it. For those who dont know how to do... Code: # a2enmod fcgid # systemctl restart apache2 afterwards you can check with apachectl -M and find Code: ... fcgid_module (shared) ...
Ok, noted that now. No worries. It's my bad. All these ads after my subscription is over, confused me a little bit. And thanks for sharing your solutions as well.
