Hello ! I am in Ispconfig 3.1.15p2. Is this either on the ispconfig panel? weird, I have no option in the web server part (empty) in under System > Server config > web I didn't do anything, I don't understand. Al Musul
I just made a dump of the ispconfig database size 1.9MB , I check the size of a backup at dbispconfig_2020-11-13_06h25m.Friday.sql 19M 10 times larger. I just restore a backup and find the settings in Web Server capture attached.
Hello ! I found the same topic on the problem HERE lien https://www.howtoforge.com/community/threads/apache-wrong-site-shown.85658/ , I restored a backup yesterday and I have again settings in System > Server config > web > SSL Settings. I do not understand for the database of ispconfig has been tampered with capture attached
Super certificate was well generated in /etc/letsencrypt/live/ and SSL options were added to the https vhost of the domain. I activated the httpS redirect (Rewrite HTTP to HTTPS) but my site (https://labvirtual.ac-amiens.fr/) still displays an invalid certificate. Thank you again for your availability and the work done Al Musul Crémos
ah, yep, haproxy is definitely going to complicate things. i assume you've got haproxy configured in http mode. if you're using ispconfig and letsencrypt to create and renew the certificates, i guess you'd need to configure the haproxy frontend and backend to use tcp mode and ssl passthrough. or you could just have the certificates on haproxy and terminate them there, and just use http between haproxy and ispconfig. either way, this is probably a good starting point guide: https://serversforhackers.com/c/using-ssl-certificates-with-haproxy
Indeed, I use a haproxy with a frontend and a backend in tcp mode and the ssl relay. The solution of certificates on haproxy and heavy, it is necessary to concet in the form: cat cert.pem privkey.pem fullchain.pem > labvirtual.ac-amiens.fr.pem then on the haproxy: frontend https http mode forwardfor option bind 194.254.103.168:443 no-sslv3 ssl crt /etc/haproxy/ssl/panel3/abvirtual.ac-amiens.fr.pem no-sslv3 and this for each web domain. In my setup I use http mode for additional HTTP options. it would seem that Tcp should be used instead for HTTPS traffic because the packages are encrypted and HAProxy cannot display the HTTP headers. Crémos
Hello, Thanks again for the HAProxy with SSL Pass-Through track this works with TLS 1.3 and letsencrypt via Ispconfig. thanks again. Al Musul Crémos
Hello ! I just deleted the vhost ssl files generated by certbot and create the ssl config and avce Ispconfig certificate. Ispconfig does generate the HTTPS part of the vhost configuration in the same file that contains the HTTP configuration. I then force the http redirect to https with another box that I check in Ispconfig. Apache is still not serving the right site for the HTTP visit without SSL activation and that for all the web domains I create. I am blocked unable to create web domains that point to the correct directory (DocumentRoot) thank you in advance for your feedback. Crémos
Additional information Issue of the apache2ctrl -S command : Default Server Ispconfig : panel3.in.ac-amiens.fr *:8081 panel3.in.ac-amiens.fr (/etc/apache2/sites-enabled/000-apps.vhost:9) *:8080 panel3.ac-amiens.fr (/etc/apache2/sites-enabled/000-ispconfig.vhost:9) *:80 is a NameVirtualHost default server panel3.in.ac-amiens.fr (/etc/apache2/sites-enabled/000-default.conf:1) *:443 is a NameVirtualHost default server dev.dsden60.ac-amiens.fr (/etc/apache2/sites-enabled/100-dev.dsden60.ac-amiens.fr.vhost:110) I wanted to know why i have a dev.dsden60.ac-amiens.fr rather than panel3.ac-amiens.fr for the port 443
Hello ! When I want to access the site: http://sandras.anizy-le-grand.clg.ac-amiens.fr/ HTTPS is not activated. I get as a response from the server: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Crémos
It tells you what to do, go to that site with https. Though port 80 should be enabled for it aswell, not sure what you've done here.
This shows me the certificate of another web domain. lifted to: dev.dsden60.ac-amiens.fr issued by: let's encrypt Additional information Issue of the apache2ctrl -S command : *:443 is a NameVirtualHost default server dev.dsden60.ac-amiens.fr (/etc/apache2/sites-enabled/100-dev.dsden60.ac-amiens.fr.vhost:110) and that for all new web domains 100-sandras.anizy-le-grand.clg.ac-amiens.fr.vhost PHP: <VirtualHost *:80> DocumentRoot /var/www/clients/client9/web83/web ServerName sandras.anizy-le-grand.clg.ac-amiens.fr ServerAlias sandras.anizy-le-grand.clg.ac-amiens.fr ServerAdmin webmaster@sandras.anizy-le-grand.clg.ac-amiens.fr ErrorLog /var/log/ispconfig/httpd/sandras.anizy-le-grand.clg.ac-amiens.fr/error.log <IfModule mod_ssl.c> </IfModule>
Here's the full file: PHP: <Directory /var/www/sandras.anizy-le-grand.clg.ac-amiens.fr> AllowOverride None Require all denied </Directory><VirtualHost *:80> DocumentRoot /var/www/clients/client9/web83/web ServerName sandras.anizy-le-grand.clg.ac-amiens.fr ServerAlias sandras.anizy-le-grand.clg.ac-amiens.fr ServerAdmin webmaster@sandras.anizy-le-grand.clg.ac-amiens.fr ErrorLog /var/log/ispconfig/httpd/sandras.anizy-le-grand.clg.ac-amiens.fr/error.log <IfModule mod_ssl.c> </IfModule> <Directory /var/www/sandras.anizy-le-grand.clg.ac-amiens.fr/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client9/web83/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web83 client9 </IfModule> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client9/web83/cgi-bin> Require all granted </Directory> <Directory /var/www/sandras.anizy-le-grand.clg.ac-amiens.fr/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> <Directory /var/www/clients/client9/web83/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client9/web83/cgi-bin/php-fcgi-*-80-sandras.anizy-le-grand.clg.ac-amiens.fr FastCgiExternalServer /var/www/clients/client9/web83/cgi-bin/php-fcgi-*-80-sandras.anizy-le-grand.clg.ac-amiens.fr -idle-timeout 300 -socket /var/lib/php7.4-fpm/web83.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c>#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.4-fpm/web83.sock|fcgi://localhost//var/www/clients/client9/web83/web/$1 <Directory /var/www/clients/client9/web83/web> <FilesMatch "\.php[345]?$"> SetHandler "proxy:unix:/var/lib/php7.4-fpm/web83.sock|fcgi://localhost" </FilesMatch> </Directory> </IfModule># add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web83 client9 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client9/web83/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client9/web83/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule></VirtualHost>
The default server is simply the first one encountered for the port as apache parses the configuration/vhost files. You could create a site named something like 'aaa-default.com' if you want to manage the default website in ispconfig, or you can manually edit a .vhost file for that purpose just like you do for port 80 (filename '000-default.conf'). Your vhost file shows port 443 is not setup, likely due to the letsencrypt certificate not issuing (a guess, but likely). You can try the letsencrypt faq for how to debug the certificate requests, but it sounds like you have some very non-standard pieces in play (running requests through haproxy) that you'll have to figure out.
I wanted not to voluntarily activate HTTPS for the site http://sandras.anizy-le-grand.clg.ac-amiens.fr The problem is that Apache2 is not serving the correct DocumentRoot, but that of another web domain dev.dsden60.ac-amiens.fr. Whatever new web domain I am creating. Thank you
When I generate the Let's Encryp certificate with Ispconfig I get the error: 15.12.2020-08:41 - WARNING - Let's Encrypt SSL Cert for: sandras.anizy-le-grand.clg.ac-amiens.fr could not be issued. Let's Encrypt fails to test URL of web domain, I still have a Bad Request on URL http://sandras.anizy-le-grand.clg.ac-amiens.fr/ Code: Domain: sandras.anizy-le-grand.clg.ac-amiens.fr Type: unauthorized Detail: Invalid response from http://sandras.anizy-le-grand.clg.ac-amiens.fr/.well-known/acme-challenge/KUSYCSgby2q1jho5zVQAhPlTeVOJDPF0ikMQOorXSsQ [194.254.103.168]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. With certbot : Code: certbot-auto --no-redirect --webroot-path /var/www/clients/client9/web83/web --domain sandras.anizy-le-grand.clg.ac-amiens.fr --email [email protected]. Code: Waiting for verification... Challenge failed for domain sandras.anizy-le-grand.clg.ac-amiens.fr http-01 challenge for sandras.anizy-le-grand.clg.ac-amiens.fr Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: sandras.anizy-le-grand.clg.ac-amiens.fr Type: unauthorized Detail: Invalid response from http://sandras.anizy-le-grand.clg.ac-amiens.fr/.well-known/acme-challenge/C7WQBEjU5-uVZSKl23pO_u-0rDk76KZAXRtoaCKrC1s [194.254.103.168]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Double-check that the domain sandras.anizy-le-grand.clg.ac-amiens.fr points to the right server IP address and if that's ok, check the global apache error .og and the error.log of that website why there is a 400 error.
If I undertand correctly, that's a normal behaviour of a web server and that is why we don't mix http and https in it. I believe redirecting its url from http to https may show the correct site, provided it has valid ssl certs.