After Let's Encrypt tutorial no start of Apache possible

I have already written in the German forum but in the English part may be more people. I wanted to secure the control panel according to the Let's Encrypt tutorial and now Apache can not be started anymore. In any case, the file ispserver.crt is empty, but I do not know what belongs in there.
I have just seen that under the command hostname - f the subdomain of my hoster (from my VPS) is displayed, and not my own subdomain which I have specified according to the installation instructions of ISPConfig. This check should actually have been the first step. Maybe it is synonymous with it...

Code:

root@vmi209429:~# systemctl status apache2.service
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: failed (Result: exit-code) since Thu 2018-10-04 21:47:28 CEST; 55s ago
  Process: 15113 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Oct 04 21:47:28 server.meinedomain.com systemd[1]: Starting The Apache HTTP Server...
Oct 04 21:47:28 server.meinedomain.com apachectl[15113]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
Oct 04 21:47:28 server.meinedomain.com apachectl[15113]: AH00526: Syntax error on line 63 of /etc/apache2/sites-enabled/000-ispconfig.vhost:
Oct 04 21:47:28 server.meinedomain.com apachectl[15113]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
Oct 04 21:47:28 server.meinedomain.com apachectl[15113]: Action 'start' failed.
Oct 04 21:47:28 server.meinedomain.com apachectl[15113]: The Apache error log may have more information.
Oct 04 21:47:28 server.meinedomain.com systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 04 21:47:28 server.meinedomain.com systemd[1]: apache2.service: Failed with result 'exit-code'.
Oct 04 21:47:28 server.meinedomain.com systemd[1]: Failed to start The Apache HTTP Server.

Code:

root@vmi209429:~# journalctl -xe
--
-- Unit apache2.service has begun starting up.
Oct 04 21:43:40 server.meinedomain.com apachectl[14924]: AH00548: NameVirtu
Oct 04 21:43:40 server.meinedomain.com apachectl[14924]: AH00526: Syntax er
Oct 04 21:43:40 server.meinedomain.com apachectl[14924]: SSLCertificateFile
Oct 04 21:43:40 server.meinedomain.com apachectl[14924]: Action 'start' fai
Oct 04 21:43:40 server.meinedomain.com apachectl[14924]: The Apache error l
Oct 04 21:43:40 server.meinedomain.com systemd[1]: apache2.service: Control
Oct 04 21:43:40 server.meinedomain.com systemd[1]: apache2.service: Failed
Oct 04 21:43:40 server.meinedomain.com systemd[1]: Failed to start The Apac
-- Subject: Unit apache2.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit apache2.service has failed.
--
-- The result is RESULT.
Oct 04 21:44:01 server.meinedomain.com CRON[14937]: pam_unix(cron:session):
Oct 04 21:44:01 server.meinedomain.com CRON[14938]: pam_unix(cron:session):
Oct 04 21:44:01 server.meinedomain.com CRON[14939]: (root) CMD (/usr/local/
Oct 04 21:44:01 server.meinedomain.com CRON[14940]: (root) CMD (/usr/local/
Oct 04 21:44:01 server.meinedomain.com CRON[14937]: pam_unix(cron:session):
Oct 04 21:44:01 server.meinedomain.com CRON[14938]: pam_unix(cron:session):
lines 1140-1162/1162 (END)
--

Does anyone have advice for me?

Additional information:

• Ubuntu 18.04 LTS
• ISPConfig 3.1

 

That's in the wrong forum... Maybe a moderator can move it in the ISPConfig forum?

 

The error message tells there is syntax error. Check what is in that line.

Code:

less -N /etc/apache2/sites-enabled/000-ispconfig.vhost

 

This is the content of the file:

Code:

  1 ######################################################
      2 # This virtual host contains the configuration
      3 # for the ISPConfig controlpanel
      4 ######################################################
      5
      6  Listen 8080
      7 NameVirtualHost *:8080
      8
      9 <VirtualHost _default_:8080>
     10   ServerAdmin webmaster@localhost
     11
     12   <Directory /var/www/ispconfig/>
     13     <FilesMatch "\.ph(p3?|tml)$">
     14       SetHandler None
     15     </FilesMatch>
     16   </Directory>
     17   <Directory /usr/local/ispconfig/interface/web/>
     18     <FilesMatch "\.ph(p3?|tml)$">
     19       SetHandler None
     20     </FilesMatch>
     21   </Directory>
     22
     23   <IfModule mod_fcgid.c>
     24     DocumentRoot /var/www/ispconfig/
     25     SuexecUserGroup ispconfig ispconfig
     26     <Directory /var/www/ispconfig/>
     27       Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
     28       AllowOverride AuthConfig Indexes Limit Options FileInfo
     29       <FilesMatch "\.php$">
     30         SetHandler fcgid-script
     31       </FilesMatch>
     32       FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
     33             Require all granted
     34           </Directory>
     35     IPCCommTimeout  7200
     36     MaxRequestLen 15728640
     37   </IfModule>
     38
     39   <IfModule mpm_itk_module>
     40     DocumentRoot /usr/local/ispconfig/interface/web/
     41     AssignUserId ispconfig ispconfig
     42     AddType application/x-httpd-php .php
     43     <Directory /usr/local/ispconfig/interface/web>
     44       # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
     45       Options +FollowSymLinks
     46       AllowOverride None
     47             Require all granted
     48             php_value magic_quotes_gpc        0
     49     </Directory>
     50   </IfModule>
     51
     52   # ErrorLog /var/log/apache2/error.log
     53   # CustomLog /var/log/apache2/access.log combined
     54   ServerSignature Off
     55
     56   <IfModule mod_security2.c>
     57     SecRuleEngine Off
     58   </IfModule>
     59
     60   # SSL Configuration
     61   SSLEngine On
     62     SSLProtocol All -SSLv3
     63     SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
     64   SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
     65   #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
     66
     67   SSLCipherSuite ECDHE-ECDSA-...
     68   SSLHonorCipherOrder On
     69
     70   <IfModule mod_headers.c>
     71     Header always add Strict-Transport-Security "max-age=15768000"
     72         RequestHeader unset Proxy early
     73   </IfModule>
     74
     75     SSLUseStapling On
     76   SSLStaplingResponderTimeout 5
     77   SSLStaplingReturnResponderErrors Off
     78   </VirtualHost>
     79
     80 <IfModule mod_ssl.c>
     81   SSLStaplingCache shmcb:/var/run/ocsp(128000)
     82 </IfModule>
     83
     84 <Directory /var/www/php-cgi-scripts>
     85   AllowOverride None
     86     Require all denied
     87   </Directory>
     88
     89 <Directory /var/www/php-fcgi-scripts>
     90   AllowOverride None
     91     Require all denied
     92   </Directory>

 

When it is empty, your process in getting LE SSL certs may have failed without you realizing it. Check to confirm:
ls -lat /usr/local/ispconfig/interface/ssl
ls -lat /etc/letsencrypt/live/$(hostname -f)

I would suggest you read the LE4ISPC script to understand more, or simply use it to secure any of your ISPConfig servers.

 

The problem was the hostname. After changing the name I used the script and it worked.

 

I tested today if the link to roundcube works: www.mydomain.com/webmail Since I ran the script this does not work anymore. Firefox brings a blank side and Opera says that the side doesn't work.
I've set the alias as described in the tutorial:

Code:

Alias /roundcube /var/lib/roundcube
Alias /webmail /var/lib/roundcube

[edit] This was in the error log:

Code:

[php7:error] [pid 30688] [client XXX.XXX.XXX.XXX:52650] PHP Fatal error:  Uncaught Error: Class 'PEAR' not found in /usr/share/roundcube/program/lib/Roundcube/bootstrap.php:101\nStack trace:\n#0 /usr/share/roundcube/program/include/iniset.php(67): require_once()\n#1 /usr/share/roundcube/index.php(40): require_once('/usr/share/roun...')\n#2 {main}\n  thrown in /usr/share/roundcube/program/lib/Roundcube/bootstrap.php on line 101

What can I do?

 

The error doesn't seem to be related to the script and the script only deals with securing postfix and dovecot internally but not roundcube installation or its web interface.

You can wait for others to reply or can run through this old thread if it has something that can help you: https://www.howtoforge.com/community/threads/roudncube-doesnt-work.62531/

 

To me the error message suggests Roundcube does not have a PHP module it needs, or the modules are from different version. How did you install Roundcube? If Roundcube is from Ubuntu 18.04 repository and the stuff it depends on comes from the same place they should work together.

 

After installation of the server I run the script for Let's Encrypt. Then I've installed additionally PHP 7.1. Maybe this ist the point. But I don't know what's wrong...

 

Which version of PHP is default now? Which version of PHP does RoundCube use? Did you install the same PHP modules the Ubuntu default had also for PHP 7.1? There may be changed names, so PHP modules may not be exact same for 7.x versions, so you may have to get creative to find what all must be installed.

 

Roundcube should use default PHP version 7.2. Where can i check this?