Cannot assign valid SSL cert for new install.

Discussion in 'Tips/Tricks/Mods' started by Mikeal Wolfe, Aug 16, 2021.

  1. Mikeal Wolfe

    Mikeal Wolfe New Member

    Sorry for the delay in my response, I had an urgent matter to attend to. Just to be clear @Chris_UK and @till , my current setup is two servers ("node01" & "node02") with "node01" being the server with the TCP port 8080 Webpanel installed to manage both servers. I followed HowToForge's tutorial for "The Perfect Server - Debian 10 w/Apache, BIND, Dovecot, PureFTPD, and ISPConfig 3.2" which was version 3.2.5. Now for "node01" & "node02", the "MySQL" & "MariaDB" configuration for the primary server, "node01", after installing IPSConfig 3.2.5 using the "php -q install.php" in expert mode only had the SSL issue which was later fixed. After the install was complete, I prepped "node01" for another server inside MySQL adding the new root users as well as the slaveusers. I installed "node02" the same way, but when running the ISPConfig installer in expert mode, I joined it to the first server, and everything was fine. I then re-configured MySQL / MariaDB on both servers so they would both act as Master & Slave and all works fine. But, now I would like to demote "node02" from master status to slave and have it be a mirror of "node01" because it is not configured as a mirror to "node01" inside ISPConfig Webpanel. Does that clarify how it's configured a little bit more?
  2. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    It does, I assume that all you really mirrored was the database. You would only need to revert the changes you made in this case and they would be stand-alone servers again, to mirror from ISPConfig I think is just a check box option.

    Just a quick note, MySQL and MariaDB are one in the same, although while they are the same (both SQL servers), some differences can and do crop up, some features may be supported in one of them but not the other, MariaDB is a fork or branch of MySQL and over time its highly likely that the feature support will differ, in some cases they already do.

    It will be helpful both to yourself and others supporting if its identified properly from the outset. Not that it really matters in this instance, I just noted you referring to them separately and though it best to advise you.
    Mikeal Wolfe likes this.
  3. Mikeal Wolfe

    Mikeal Wolfe New Member

    @Chris_UK , @ahrasis , @till , @Jesse Norell , I understand MySQL & MariaDB are basically one in the same where MariaDB is a forked relational DB. I just want to be as specific with what software is installed and in use. Both server node01 and node02 were meant to be designed in a HA environment with both servers in an "Active/Active" state meaning my front end load balancer that can LB every inbound connection to node01 or node02 maintaining the session with either node. This would include clients/resellers making changes that update the DB tables they have permission for (which could be almost anything). If they happen to be connected to node02 and DB updates occur on node02, node02 then replicates those changes to node01. Which works as of now, but I am wanting to change the DB design to a clustering model instead of only having two DB's for my system because it won't scale for the magnitude I am going for with only 2 DBs. So for now, I was wondering if I can change MySQL/MariaDB from a "Master/Master" mode back to "Master/Slave" mode, then I'll change Node02 to be just a mirror of Node01. This way my DB will be much cleaner when I begin the migration to the new network which will be nothing like this design. I need to be able to scale up to 50 Active DB servers in a cluster. That's my goal. I could start over but I have multiple clients successfully running on this current setup and would like to maintain some, but not all of the entire system. Again, I appreciate all of your advice, input, and criticism because I want the best environment setup and have forseeable problems that WILL arise and have plans/automation in place for when "W" happens then "X", "Y", and "Z" need to occur to self heal if possible or manually execute, if needed. It's ambitious but achievable. Thank you again!
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Let me explain the ISPConfig database design in general.

    You always have one master database. The GUI connects to this master database only. You can have multiple GUI's if you want, but all of them must connect to the same master database. This master database can be replicated though or even a database cluster. Each slave system must have its own database, the slave databases are normally a local database because it scales better when you have many servers and is faster than connecting over the network. The slave then connects once a minute to the master database over the network to check if there are any pending config updates that need to be replicated into it's local database and it also pushes monitoring data up into the master database so that the GUI has access to it.

    So if you don't use master/master replication, which is fine, then you normally use no replication in MySQL/MariaDB at all as there is no need for that from ISPConfig's side. Using master/Slave database replication can be useful for the website databases though but only for backup purposes or if you need a read-only copy of the data if you run the same website on multiple nodes in a way that reads are done locally and writes are done to the master only.
  5. Mikeal Wolfe

    Mikeal Wolfe New Member

    Thanks @till . You are absolutely correct that the second DB server (node02) has it's own DB properly named "dbispconfig2" along with the DB "dbispconfig" of my primary server with the Webpanel on it, "node01". Then of course there are some other DBs but they were all created on my primary server (node01). Just now, I opened my browser, went to "node01's" Webpanel via port 8080, logged in, then went to the "Sites" tab. I went to "databases" and added a "dummy" database, but selected "node02" as the DB where it would reside. I watched it get created on "node02" then it was replicated to "node01". My point is this dummy DB was created on "node02" making him the "Master" of database "dummy_db". But this cannot scale past two servers which is why I need to revoke his "Master" service making him only a "Slave" server but I couldn't really find any clean way to do this because of ISPConfig. If I reverse the process where I enabled both Master/Slave services on "node02" leaving only the "Slave" service enabled, then run the " --force" on the primary server, select YES to reconfigure permissions, services, etc. (then the same on server "node02") ; would ISPConfig's Webpanel reflect "node01" is the only server available when creating DB's, websites, etc? Or would this open up a can of worms?
  6. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    As you don't appear to have made changes to ISPConfig directly, just the MariaDB then I would think reverting those changes would resolve your problem with no ill effects. In any case I would backup both servers immediately before you begin reverting those.

    To ensure that DB is not an option on a sever then you go into server services, and edit the appropriate server, uncheck DB and save. It will no longer show as an option when creating databases.

    If you have the systems in place to take snapshots then you should use that option, it will be easier to revert to the current system if you can.

    Another option you might wish to consider, just wait. Once your new services are up and running, you could just migrate things over to it after ensuring things will work smoothly for whatever setup you have going for the services you run now.
    Last edited: Sep 1, 2021
    Mikeal Wolfe likes this.
  7. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    After reading your posts, I don't really think you have fully understood the concept of ISPConfig server and database yet, master-master, master-slave and/or standalone. No worries, I was like you and I was there too and even now, I am still discovering a lot regarding this great piece of software myself while it is developing to its best time after time. I guess, unless I am running and maintaining fully functioning ISPConfig servers, I may not learn all the great deals about it like some do, but this is not my full time career yet though I have already planned and prepared for that; as there are something I got to achieve elsewhere before coming to this.

    That said, head back to the guides, tutorials and/or threads that you read and followed to create the same, as there may be some answers and/or steps that you are looking for. @Chris_UK answer sounds good to follow as well. Good luck.
    Mikeal Wolfe likes this.

Share This Page