Hi, I installed ispconfig 3 on debian 10 following this guide "https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/" everything was fine , then I tried to enable ssl for ispconfig following this guide "https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/" then I completed the procedure at the end I tried to restart Apache2 but it does not restart for the following reason Code: root@server:/usr/local/ispconfig/interface/ssl# systemctl status apache2.service ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: Active: failed (Result: exit-code) since Sat 2020-12-26 23:42:37 CET; 2min 5s Docs: https://httpd.apache.org/docs/2.4/ Process: 29465 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAIL Dec 26 23:42:37 server systemd[1]: Starting The Apache HTTP Server... Dec 26 23:42:37 server apachectl[29465]: AH00548: NameVirtualHost has no effect Dec 26 23:42:37 server apachectl[29465]: AH00526: Syntax error on line 65 of /et Dec 26 23:42:37 server apachectl[29465]: SSLCertificateFile: file '/usr/local/is Dec 26 23:42:37 server apachectl[29465]: Action 'start' failed. Dec 26 23:42:37 server apachectl[29465]: The Apache error log may have more info Dec 26 23:42:37 server systemd[1]: apache2.service: Control process exited, code Dec 26 23:42:37 server systemd[1]: apache2.service: Failed with result 'exit-cod Dec 26 23:42:37 server systemd[1]: Failed to start The Apache HTTP Server. lines 1-15/15 (END)...skipping... below you can consult the log Code: root@server:~# less /var/log/apache2/error.log [Sat Dec 26 16:33:30.104435 2020] [:error] [pid 9217:tid 140547407709312] python_init: Python version mismatch, expected '2.7.5+', found '2.7.16'. [Sat Dec 26 16:33:30.104689 2020] [:error] [pid 9217:tid 140547407709312] python_init: Python executable found '/usr/bin/python'. [Sat Dec 26 16:33:30.104696 2020] [:error] [pid 9217:tid 140547407709312] python_init: Python path being used '/usr/lib/python2.7:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. [Sat Dec 26 16:33:30.104726 2020] [:notice] [pid 9217:tid 140547407709312] mod_python: Creating 8 session mutexes based on 6 max processes and 25 max threads. [Sat Dec 26 16:33:30.104733 2020] [:notice] [pid 9217:tid 140547407709312] mod_python: using mutex_directory /tmp [Sat Dec 26 16:33:30.140843 2020] [mpm_event:notice] [pid 9217:tid 140547407709312] AH00489: Apache/2.4.38 (Debian) mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.7.16 configured -- resuming normal operations [Sat Dec 26 16:33:30.140893 2020] [core:notice] [pid 9217:tid 140547407709312] AH00094: Command line: '/usr/sbin/apache2' [Sat Dec 26 16:33:34.121710 2020] [mpm_event:notice] [pid 9217:tid 140547407709312] AH00491: caught SIGTERM, shutting down [Sat Dec 26 16:33:34.246626 2020] [:error] [pid 10985] python_init: Python version mismatch, expected '2.7.5+', found '2.7.16'. [Sat Dec 26 16:33:34.246863 2020] [:error] [pid 10985] python_init: Python executable found '/usr/bin/python'. [Sat Dec 26 16:33:34.246871 2020] [:error] [pid 10985] python_init: Python path being used '/usr/lib/python2.7:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. [Sat Dec 26 16:33:34.246912 2020] [:notice] [pid 10985] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads. [Sat Dec 26 16:33:34.246919 2020] [:notice] [pid 10985] mod_python: using mutex_directory /tmp [Sat Dec 26 16:33:34.264470 2020] [mpm_prefork:notice] [pid 10985] AH00163: Apache/2.4.38 (Debian) mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.7.16 configured -- resuming normal operations [Sat Dec 26 16:33:34.264507 2020] [core:notice] [pid 10985] AH00094: Command line: '/usr/sbin/apache2' [Sat Dec 26 16:33:34.738653 2020] [mpm_prefork:notice] [pid 10985] AH00169: caught SIGTERM, shutting down [Sat Dec 26 16:33:34.934121 2020] [:error] [pid 11050] python_init: Python version mismatch, expected '2.7.5+', found '2.7.16'. [Sat Dec 26 16:33:34.934210 2020] [:error] [pid 11050] python_init: Python executable found '/usr/bin/python'. [Sat Dec 26 16:33:34.934216 2020] [:error] [pid 11050] python_init: Python path being used '/usr/lib/python2.7:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'. [Sat Dec 26 16:33:34.934238 2020] [:notice] [pid 11050] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads. [Sat Dec 26 16:33:34.934244 2020] [:notice] [pid 11050] mod_python: using mutex_directory /tmp [Sat Dec 26 16:33:34.953521 2020] [mpm_prefork:notice] [pid 11050] AH00163: Apache/2.4.38 (Debian) mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.7.16 configured -- resuming normal operations [Sat Dec 26 16:33:34.953559 2020] [core:notice] [pid 11050] AH00094: Command line: '/usr/sbin/apache2' [Sat Dec 26 16:33:36.013219 2020] [mpm_prefork:notice] [pid 11050] AH00169: caught SIGTERM, shutting down [ 2020-12-26 16:33:36.1725 11167/7f9254c60980 age/Wat/WatchdogMain.cpp:1291 ]: Starting Passenger watchdog... [ 2020-12-26 16:33:36.1874 11170/7f9e58885980 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core... [ 2020-12-26 16:33:36.1876 11170/7f9e58885980 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode. [ 2020-12-26 16:33:36.1890 11170/7f9e58885980 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 11170 [ 2020-12-26 16:33:36.2051 11175/7fd81d75d980 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter... [ 2020-12-26 16:33:36.2070 11175/7fd81d75d980 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 11175 [ 2020-12-26 16:33:36.2090 11170/7f9e57f96700 age/Cor/CoreMain.cpp:532 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown) [ 2020-12-26 16:33:36.2091 11170/7f9e58885980 age/Cor/CoreMain.cpp:901 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected... [ 2020-12-26 16:33:36.2091 11170/7f9e57714700 Ser/Server.h:817 ]: [ApiServer] Freed 0 spare client objects [ 2020-12-26 16:33:36.2091 11170/7f9e57714700 Ser/Server.h:464 ]: [ApiServer] Shutdown finished [ 2020-12-26 16:33:36.2092 11170/7f9e57f96700 Ser/Server.h:817 ]: [ServerThr.1] Freed 128 spare client objects [ 2020-12-26 16:33:36.2092 11170/7f9e57f96700 Ser/Server.h:464 ]: [ServerThr.1] Shutdown finished [ 2020-12-26 16:33:36.2144 11175/7fd81d65e700 age/Ust/UstRouterMain.cpp:422 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown) [ 2020-12-26 16:33:36.2144 11175/7fd81d75d980 age/Ust/UstRouterMain.cpp:492 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected... [ 2020-12-26 16:33:36.2145 11175/7fd81d65e700 Ser/Server.h:464 ]: [UstRouter] Shutdown finished [ 2020-12-26 16:33:36.2145 11175/7fd81cddc700 Ser/Server.h:817 ]: [UstRouterApiServer] Freed 0 spare client objects [ 2020-12-26 16:33:36.2145 11175/7fd81cddc700 Ser/Server.h:464 ]: [UstRouterApiServer] Shutdown finished [ 2020-12-26 16:33:36.2148 11175/7fd81d75d980 age/Ust/UstRouterMain.cpp:523 ]: Passenger UstRouter shutdown finished /var/log/apache2/error.log thanks for your help
You are only sharing part of the error, if you widen your SSH window you can get the full message and copy it. What is the output of Code: ls /usr/local/ispconfig/interface/ssl ? I think you removed the cert file and didn't replace it correctly as done in the tutorial.
I think I have found the file affected by the problem but I cannot understand where it is Code: login as: root root@xxxxx's password: Linux server 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Dec 27 09:33:27 2020 from 95.246.116.178 root@server:~# less /etc/apache2/sites-enabled/000-ispconfig.vhost </FilesMatch> </Directory> <Directory /usr/local/ispconfig/interface/web/> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> <IfModule mod_fcgid.c> DocumentRoot /var/www/ispconfig/ SuexecUserGroup ispconfig ispconfig <Directory /var/www/ispconfig/> Options -Indexes +FollowSymLinks +MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo <FilesMatch "\.php$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php Require all granted </Directory> IPCCommTimeout 7200 MaxRequestLen 15728640 </IfModule> <IfModule mpm_itk_module> DocumentRoot /usr/local/ispconfig/interface/web/ AssignUserId ispconfig ispconfig AddType application/x-httpd-php .php <Directory /usr/local/ispconfig/interface/web> # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp" Options +FollowSymLinks AllowOverride None Require all granted php_value magic_quotes_gpc 0 </Directory> </IfModule> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off <IfModule mod_security2.c> SecRuleEngine Off </IfModule> # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt log file: s /etc/apache2/sites-enabled/000-ispconfig.vhost Code: login as: root root@xxxxxxxxx's password: Linux server 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Dec 27 09:33:27 2020 from 95.246.116.178 root@server:~# less /etc/apache2/sites-enabled/000-ispconfig.vhost root@server:~# ls /usr/local/ispconfig/interface/ssl empty.dir ispserver.crt ispserver.crt-201226233658.bak ispserver.csr ispserver.key ispserver.key-201226233709.bak ispserver.key.secure root@server:~# less /etc/apache2/sites-enabled/000-ispconfig.vhost <IfModule mpm_itk_module> DocumentRoot /usr/local/ispconfig/interface/web/ AssignUserId ispconfig ispconfig AddType application/x-httpd-php .php <Directory /usr/local/ispconfig/interface/web> # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp" Options +FollowSymLinks AllowOverride None Require all granted php_value magic_quotes_gpc 0 </Directory> </IfModule> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off <IfModule mod_security2.c> SecRuleEngine Off </IfModule> # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder On <IfModule mod_headers.c> # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'" Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" Header set X-Content-Type-Options: nosniff Header set X-Frame-Options: SAMEORIGIN Header set X-XSS-Protection: "1; mode=block" Header always edit Set-Cookie (.*) "$1; HTTPOnly" Header always edit Set-Cookie (.*) "$1; Secure" <IfVersion >= 2.4.7> Header setifempty Strict-Transport-Security "max-age=15768000" </IfVersion> <IfVersion < 2.4.7> Header set Strict-Transport-Security "max-age=15768000" </IfVersion> RequestHeader unset Proxy early :
yes I removed some files manually leaving the original ones, then I redid the tutorial procedure again, surely I made some mess, to follow the files you requested: Code: root@server:~# ls /usr/local/ispconfig/interface/ssl empty.dir ispserver.crt ispserver.crt-201226233658.bak ispserver.csr ispserver.key ispserver.key-201226233709.bak ispserver.key.secure root@server:~#
I also have this other problem "AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7"
you mean this? Code: root@server:~# systemctl status apache2.service ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2020-12-27 09:52:12 CET; 1min 21s ago Docs: https://httpd.apache.org/docs/2.4/ Process: 11718 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) Dec 27 09:52:12 server systemd[1]: Starting The Apache HTTP Server... Dec 27 09:52:12 server apachectl[11718]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7 Dec 27 09:52:12 server apachectl[11718]: AH00526: Syntax error on line 65 of /etc/apache2/sites-enabled/000-ispconfig.vhost: Dec 27 09:52:12 server apachectl[11718]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty Dec 27 09:52:12 server apachectl[11718]: Action 'start' failed. Dec 27 09:52:12 server apachectl[11718]: The Apache error log may have more information. Dec 27 09:52:12 server systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE Dec 27 09:52:12 server systemd[1]: apache2.service: Failed with result 'exit-code'. Dec 27 09:52:12 server systemd[1]: Failed to start The Apache HTTP Server.
Yes. Next step: you examine file /etc/apache2/sites-enabled/000-ispconfig.vhost and see what is on line 65 and the line before that. Like the error messages advice, apache log may have more info.
ok this turned out Code: root@server:~# less /etc/apache2/sites-enabled/000-ispconfig.vhost 47 Options +FollowSymLinks 48 AllowOverride None 49 Require all granted 50 php_value magic_quotes_gpc 0 51 </Directory> 52 </IfModule> 53 54 # ErrorLog /var/log/apache2/error.log 55 # CustomLog /var/log/apache2/access.log combined 56 ServerSignature Off 57 58 <IfModule mod_security2.c> 59 SecRuleEngine Off 60 </IfModule> 61 62 # SSL Configuration 63 SSLEngine On 64 SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 65 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt 66 SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key 67 #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle 68 69 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20 69 -POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 70 SSLHonorCipherOrder On 71 72 <IfModule mod_headers.c> 73 # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval 74 Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'" 75 Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" 76 Header set X-Content-Type-Options: nosniff 77 Header set X-Frame-Options: SAMEORIGIN 78 Header set X-XSS-Protection: "1; mode=block" 79 Header always edit Set-Cookie (.*) "$1; HTTPOnly" 80 Header always edit Set-Cookie (.*) "$1; Secure" 81 <IfVersion >= 2.4.7> 82 Header setifempty Strict-Transport-Security "max-age=15768000" 83 </IfVersion> 84 <IfVersion < 2.4.7> 85 Header set Strict-Transport-Security "max-age=15768000" 86 </IfVersion> 87 RequestHeader unset Proxy early 88 </IfModule> 89 90 SSLUseStapling On 91 SSLStaplingResponderTimeout 5 92 SSLStaplingReturnResponderErrors Off 93 </VirtualHost> (END)
Code: root@server:~# ls -lh /usr/local/ispconfig/interface/ssl/ispserver.* lrwxrwxrwx 1 root root 58 Dec 26 23:39 /usr/local/ispconfig/interface/ssl/ispserver.crt -> /etc/letsencrypt/live/server.tradingforum.it/fullchain.pem lrwxrwxrwx 1 root root 58 Dec 26 19:44 /usr/local/ispconfig/interface/ssl/ispserver.crt-201226233658.bak -> /etc/letsencrypt/live/server.tradingforum.it/fullchain.pem -rwxr-x--- 1 root root 1.8K Dec 26 18:26 /usr/local/ispconfig/interface/ssl/ispserver.csr lrwxrwxrwx 1 root root 56 Dec 26 23:39 /usr/local/ispconfig/interface/ssl/ispserver.key -> /etc/letsencrypt/live/server.tradingforum.it/privkey.pem lrwxrwxrwx 1 root root 56 Dec 26 19:44 /usr/local/ispconfig/interface/ssl/ispserver.key-201226233709.bak -> /etc/letsencrypt/live/server.tradingforum.it/privkey.pem -rwxr-x--- 1 root root 3.3K Dec 26 18:20 /usr/local/ispconfig/interface/ssl/ispserver.key.secure root@server:~#
Can you try starting apache with Code: systemctl start apache2 ? There is nothing wrong with the ISPConfig vhost, the problem is with your cert. Can you share the content of /etc/letsencrypt/live/server.tradingforum.it with Code: ls -la /etc/letsencrypt/live/server.tradingforum.it
Code: root@server:~# systemctl start apache2 Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. root@server:~# ls -la /etc/letsencrypt/live/server.tradingforum.it ls: cannot access '/etc/letsencrypt/live/server.tradingforum.it': No such file or directory root@server:~# it appears that the certificate does not exist
note that it is not the real image of my ispconfig, it is an image recovered in the network to make me understand better if you mean this I had selected them
I also ran this guide https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ but it doesn't give me any errors, regarding the ispconfig and certbot I exclude them as the server was created 4 days ago, I searched the whole network for similar problems but I did not find anything that suits me, at this point I know that I have to reinstall, the server you what do you think?
You can recover this by putting back the .bak files for the cert and then starting apache, issueing the cert for your server, check if it worked, and then go through the guide to use that cert for the panel.
