When I SSH in the MOTD mentioned an unattended upgrade failed, so I ran apt upgrade and it upgraded rspam. Still can't access 8080, so I did a ispconfig_update.sh --force but it says it can't find the version file. Please assist... Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 12 (bookworm) [INFO] uptime: 15:54:36 up 2 min, 1 user, load average: 0.20, 0.17, 0.07 [INFO] memory: total used free shared buff/cache available Mem: 3.8Gi 2.2Gi 964Mi 118Mi 1.0Gi 1.6Gi Swap: 8.0Gi 0B 8.0Gi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● postgrey.service loaded failed failed Postfix greylisting policy server LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.3.0p3 ##### VERSION CHECK ##### [INFO] php (cli) version is 8.2.29 [INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.29 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 973) [INFO] I found the following mail server(s): Postfix (PID 1462) [INFO] I found the following pop3 server(s): Dovecot (PID 612) [INFO] I found the following imap server(s): Dovecot (PID 612) [INFO] I found the following ftp server(s): PureFTP (PID 1032) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:11211 (619/memcached) [localhost]:953 (623/named) [localhost]:953 (623/named) [anywhere]:587 (1462/master) [anywhere]:995 (612/dovecot) [anywhere]:993 (612/dovecot) [anywhere]:143 (612/dovecot) [anywhere]:25 (1462/master) [anywhere]:22 (659/sshd:) [anywhere]:21 (1032/pure-ftpd) [anywhere]:4190 (612/dovecot) [anywhere]:110 (612/dovecot) [localhost]:6379 (636/redis-server) [anywhere]:465 (1462/master) ***.***.***.***:53 (623/named) ***.***.***.***:53 (623/named) [localhost]:53 (623/named) [localhost]:53 (623/named) [anywhere]:3306 (847/mariadbd) [localhost]:11333 (664/rspamd:) [localhost]:11332 (664/rspamd:) [localhost]:11334 (664/rspamd:) *:*:*:*::*:995 (612/dovecot) *:*:*:*::*:993 (612/dovecot) [localhost]43 (612/dovecot) *:*:*:*::*:22 (659/sshd:) *:*:*:*::*:21 (1032/pure-ftpd) *:*:*:*::*:4190 (612/dovecot) *:*:*:*::*:80 (973/apache2) *:*:*:*::*be24:11ff:fe5c:53 (623/named) *:*:*:*::*be24:11ff:fe5c:53 (623/named) [localhost]10 (612/dovecot) *:*:*:*::*:443 (973/apache2) *:*:*:*::*:953 (623/named) *:*:*:*::*:953 (623/named) *:*:*:*::*:8080 (973/apache2) *:*:*:*::*:8081 (973/apache2) *:*:*:*::*:3306 (847/mariadbd) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-sshd 6 -- [anywhere]/0 [anywhere]/0 multiport dports 22 f2b-postfix-sasl 6 -- [anywhere]/0 [anywhere]/0 multiport dports 25 ufw-before-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-before-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-input 0 -- [anywhere]/0 [anywhere]/0 ufw-track-input 0 -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-before-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-track-forward 0 -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-before-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-output 0 -- [anywhere]/0 [anywhere]/0 ufw-track-output 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT 0 -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT 17 -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT 17 -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT 17 -- [anywhere]/0 [anywhere]/0 udp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT 0 -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
Exact error message, please. From your post, it could be the local version file or a failed remote connection, which would imply completely different issues. But my best guess is your system has internet connection problems and can not get the version info from ispconfig.org
I ran it again this morning and it worked. Must have been a network issue that has since resolved itself. However trying to access port 8080 still crashes the server...
It sometimes only locks up for a few minutes... then it comes back online but ISPC on port 8080 won't connect. See attached...But in some instances it stays locked up for more than 10 minutes and I have to hard reboot the server... I tried doing a curl on the server to 8080 but curl never times out and no data is returned.
Your server might still have network / internet issues. Kindly check and resolve that problems, if there are any.
I am able to access websites and mails and ssh and port 8081, etc... it only has an issue on port 8080? I tried changing to port 8085 by temporarily editing ispconfig.vhost but I get the same issue. I have gone back to port 8080.
Can you check whether the same port is still opened and accessible via any of your nat router? I once had a problem of my nat router ipv4 mapping being reset to default where port 8080 is closed, though I am not sure yours is facing the same, but may be other problem(s) perhaps, but a check wouldn't hurt?.
The server is in a data center, so no NAT Router... BUT!!! I have made a discovery... I added these lines to ispconfig.vhost and restarted apache2... Code: ErrorLog /var/log/apache2/ispc-error.log CustomLog /var/log/apache2/ispc-access.log combined I then tried to access ISPC via port 8080 and found that ispc-error.log was populated with the following, repeating several times... Code: [Mon Dec 01 05:33:08.164533 2025] [ssl:error] [pid 4131:tid 4131] AH02218: ssl_stapling_init_cert: no OCSP URI in certificate and no SSLStaplingForceURL set [subject: CN=[REDACTED] / issuer: CN=E7,O=Let's Encrypt,C=US / serial: [REDACTED] / notbefore: Nov 5 17:11:20 2025 GMT / notafter: Feb 3 17:11:19 2026 GMT] [Mon Dec 01 05:33:08.164558 2025] [ssl:error] [pid 4131:tid 4131] AH02604: Unable to configure certificate [REDACTED]:8080:0 for stapling ispc-access.log had no contents. Now I am running my full server hostname as a hosting account on ISPC with mail.clientsdomain.tld as an Alias domain for each client. This is done so that clients can access email via mail.clientsdomain.tld for IMAP and SMTP and I use SymLinks from the mail server software SSL key and cert files as well as for /usr/local/ispconfig/interface/ssl key and cert files. All SymLinks point to the ssl folders key and cert file for the full server hostname hosting account. I have a script running as a service that watches for when the hosting account's key and cert files are updated and then restarts the mail server software so that it loads the updated cert and key. This setup as worked well for me for years, but clearly something is causing an issue with Apache2 loading the cert and key va the SymLink.. I have opened a random mail.clientsdomain.tld in my browser and it loads the correct page showing the client how to configure their email settings. I checked the Cert from the browser address bar and it has the correct domain and correct aliases. The Cert and Key are dated 5 November 2025 and have been working fine since then. This current problem is very new. So I think whatever the problem is has got to do with loading the Key and Cert via SymLink. I am going to try and physically copy the Cert and Key to /usr/local/ispconfig/ssl folder and restart Apache2 and will revert with my findings...
As discussed in other threads LE has removed support for stapling for quite some months now, so removing it or setting it off, in your ispconfig vhost is best. Regarding the "nat router", normally ISPConfig opened port 8080 by default, so it is normally not firewall inside your server issue, but you could check that too. Also, some data center may have upgraded their port access settings so you may need to check about that with them about it. From my point of view, it is more likely network / internet access problem to that port, rather than the certs stapling issue, because the latter is ignorable, though fixing it is the best.
I tried commenting out stapling but it made no difference. I have run some tests with curl -vk and openssl_s_client and it appears the certificate starts to download then it hangs... if I wait, different amount of time each time, the server comes back up and curl exits with a time out but openssl_s_client just sits there...
Have you tested localhost or your server hostname? Try to do the curl and openssl command with localhost:8080 directly on this server. Do you get the same behaviour?
locally on the server it works... it's when I try access from another PC, namely my laptop, that I get the issue.
Then it must be a network issue and not an issue on your server. Or its an issue on your PC. have you tried another PC or use your mobile phone and have you tested using a different browser?
I think you are right... I have done a force install and set ISP Config to a different port very far from 8080 and after adding it as ALLOW on UFW I am back into my server. Thanks for the pointers here and there... hopefully someone who has this same problem one day finds this post and it helps them quickly get back online. In the meantime, I have opened a ticket with the datacenter guys I get my servers from... HOW I FIXED IT... In short, if you lose access to ISPConfig on your current port (default 8080), then run... Code: ispconfig_update.sh --force Take all the defaults except where it asks you what port you want to use for ISPConfig. In this case take something else that is not being used. I took something in the 30000 range. But if you are not sure what is available to use on your server then Code: netstat -tunlp or Code: ss -tunlp to list all the active ports on your server. Do not use what is active on your server as it will clash. Once you have finished the force update then you must add to the server firewall... Code: ufw allow #### Where #### is replaced with your new chosen port. You may need to also enable that port on your NAT Router if behind a NAT Router or with your Server Providers Firewall. Every case is different, so ask in the forums if you are not sure.
I don't recall anyone having this exact issue in the past, so I suppose it might not be that common. I'll add things to read before posting when an issue pops up regularly here in the forum. So I guess I won't add it for now.
Hello @thisiszeev ! I'm having the same problem with port 8080. If I change the port and allow it in UFW, everything works normally. I'm using port 8088 for the ISPConfig interface. However, I still haven't figured out why it doesn't work on port 8080. Did you find out why this happens? What is it? Thank you!
