Cannot create SSL certificate on brand new installation

Discussion in 'Installation/Configuration' started by renatom, Jul 28, 2022.

  1. renatom

    renatom New Member

    I've just installed ISPConfig on Debian 11:

    - Configured a brand new server (hostname, hosts, /network/interfaces)
    - Followed the installation instructions on ispconfig-autoinstall-debian-ubuntu:
    The install log:
    Code:
    root@ispconfig:~# wget -O - get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades
    --2022-07-28 11:36:39--  get.ispconfig.org/
    Resolving get.ispconfig.org (get.ispconfig.org)... 104.26.11.246, 104.26.10.246, 172.67.75.112, ...
    Connecting to get.ispconfig.org (get.ispconfig.org)|104.26.11.246|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2004 (2.0K) [application/octet-stream]
    Saving to: ‘STDOUT’
    
    -                   100%[===================>]   1.96K  --.-KB/s    in 0s
    
    2022-07-28 11:36:39 (30.3 MB/s) - written to stdout [2004/2004]
    
    WARNING! This script will reconfigure your complete server!
    It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
    Type 'yes' if you really want to continue: yes
    [INFO] Starting perfect server setup for Debian GNU/Linux 11 (bullseye)
    [INFO] Checking hostname.
    [INFO] Enabling contrib and non-free repositories.
    [INFO] Updating packages
    [INFO] Updated packages
    [INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, software-properties-common, ntp
    [INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, software-properties-common, ntp
    [INFO] Activating rspamd repository.
    [INFO] Activating sury php repository.
    [INFO] Activating GoAccess repository.
    [INFO] Updating packages (after enabling 3rd party repos).
    [INFO] Updated packages
    [INFO] Default shell is currently dash.
    [INFO] Setting bash as default shell.
    [INFO] Default shell is now bash.
    [INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, rkhunter, binutils, sudo, getmail
    [INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, rkhunter, binutils, sudo, getmail
    [INFO] Installing packages dovecot-imapd, dovecot-pop3d, dovecot-mysql, dovecot-sieve, dovecot-managesieved, dovecot-lmtpd
    [INFO] Installed packages dovecot-imapd, dovecot-pop3d, dovecot-mysql, dovecot-sieve, dovecot-managesieved, dovecot-lmtpd
    [INFO] Generating mySQL password.
    [INFO] Writing MySQL config files.
    [INFO] Configuring postfix.
    [INFO] Restarting postfix
    [INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, spamassassin, rspamd, redis-server, postgrey, p7zip, p7zip-full, unrar-free, lrzip
    [INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, spamassassin, rspamd, redis-server, postgrey, p7zip, p7zip-full, unrar-free, lrzip
    [INFO] Stopping Rspamd.
    [INFO] (Re)starting Bind.
    [INFO] Disabling spamassassin daemon.
    [INFO] Checking local dns resolver.
    [INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    [INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    [INFO] Installing packages php-pear, php-memcache, php-imagick, mcrypt, imagemagick, libruby, memcached, php-apcu, jailkit, php5.6, php5.6-common, php5.6-gd, php5.6-mysql, php5.6-imap, php5.6-cli, php5.6-mcrypt, php5.6-curl, php5.6-intl, php5.6-pspell, php5.6-recode, php5.6-sqlite3, php5.6-tidy, php5.6-xmlrpc, php5.6-xsl, php5.6-zip, php5.6-mbstring, php5.6-soap, php5.6-opcache, php5.6-cgi, php5.6-fpm, php7.0, php7.0-common, php7.0-gd, php7.0-mysql, php7.0-imap, php7.0-cli, php7.0-mcrypt, php7.0-curl, php7.0-intl, php7.0-pspell, php7.0-recode, php7.0-sqlite3, php7.0-tidy, php7.0-xmlrpc, php7.0-xsl, php7.0-zip, php7.0-mbstring, php7.0-soap, php7.0-opcache, php7.0-cgi, php7.0-fpm, php7.1, php7.1-common, php7.1-gd, php7.1-mysql, php7.1-imap, php7.1-cli, php7.1-mcrypt, php7.1-curl, php7.1-intl, php7.1-pspell, php7.1-recode, php7.1-sqlite3, php7.1-tidy, php7.1-xmlrpc, php7.1-xsl, php7.1-zip, php7.1-mbstring, php7.1-soap, php7.1-opcache, php7.1-cgi, php7.1-fpm, php7.2, php7.2-common, php7.2-gd, php7.2-mysql, php7.2-imap, php7.2-cli, php7.2-curl, php7.2-intl, php7.2-pspell, php7.2-recode, php7.2-sqlite3, php7.2-tidy, php7.2-xmlrpc, php7.2-xsl, php7.2-zip, php7.2-mbstring, php7.2-soap, php7.2-opcache, php7.2-cgi, php7.2-fpm, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm, php7.4, php7.4-common, php7.4-gd, php7.4-mysql, php7.4-imap, php7.4-cli, php7.4-curl, php7.4-intl, php7.4-pspell, php7.4-sqlite3, php7.4-tidy, php7.4-xmlrpc, php7.4-xsl, php7.4-zip, php7.4-mbstring, php7.4-soap, php7.4-opcache, php7.4-cgi, php7.4-fpm, php8.0, php8.0-common, php8.0-gd, php8.0-mysql, php8.0-imap, php8.0-cli, php8.0-curl, php8.0-intl, php8.0-pspell, php8.0-sqlite3, php8.0-tidy, php8.0-xsl, php8.0-zip, php8.0-mbstring, php8.0-soap, php8.0-opcache, php8.0-cgi, php8.0-fpm, php8.1, php8.1-common, php8.1-gd, php8.1-mysql, php8.1-imap, php8.1-cli, php8.1-curl, php8.1-intl, php8.1-pspell, php8.1-sqlite3, php8.1-tidy, php8.1-xsl, php8.1-zip, php8.1-mbstring, php8.1-soap, php8.1-opcache, php8.1-cgi, php8.1-fpm
    [INFO] Installed packages php-pear, php-memcache, php-imagick, mcrypt, imagemagick, libruby, memcached, php-apcu, jailkit, php5.6, php5.6-common, php5.6-gd, php5.6-mysql, php5.6-imap, php5.6-cli, php5.6-mcrypt, php5.6-curl, php5.6-intl, php5.6-pspell, php5.6-recode, php5.6-sqlite3, php5.6-tidy, php5.6-xmlrpc, php5.6-xsl, php5.6-zip, php5.6-mbstring, php5.6-soap, php5.6-opcache, php5.6-cgi, php5.6-fpm, php7.0, php7.0-common, php7.0-gd, php7.0-mysql, php7.0-imap, php7.0-cli, php7.0-mcrypt, php7.0-curl, php7.0-intl, php7.0-pspell, php7.0-recode, php7.0-sqlite3, php7.0-tidy, php7.0-xmlrpc, php7.0-xsl, php7.0-zip, php7.0-mbstring, php7.0-soap, php7.0-opcache, php7.0-cgi, php7.0-fpm, php7.1, php7.1-common, php7.1-gd, php7.1-mysql, php7.1-imap, php7.1-cli, php7.1-mcrypt, php7.1-curl, php7.1-intl, php7.1-pspell, php7.1-recode, php7.1-sqlite3, php7.1-tidy, php7.1-xmlrpc, php7.1-xsl, php7.1-zip, php7.1-mbstring, php7.1-soap, php7.1-opcache, php7.1-cgi, php7.1-fpm, php7.2, php7.2-common, php7.2-gd, php7.2-mysql, php7.2-imap, php7.2-cli, php7.2-curl, php7.2-intl, php7.2-pspell, php7.2-recode, php7.2-sqlite3, php7.2-tidy, php7.2-xmlrpc, php7.2-xsl, php7.2-zip, php7.2-mbstring, php7.2-soap, php7.2-opcache, php7.2-cgi, php7.2-fpm, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm, php7.4, php7.4-common, php7.4-gd, php7.4-mysql, php7.4-imap, php7.4-cli, php7.4-curl, php7.4-intl, php7.4-pspell, php7.4-sqlite3, php7.4-tidy, php7.4-xmlrpc, php7.4-xsl, php7.4-zip, php7.4-mbstring, php7.4-soap, php7.4-opcache, php7.4-cgi, php7.4-fpm, php8.0, php8.0-common, php8.0-gd, php8.0-mysql, php8.0-imap, php8.0-cli, php8.0-curl, php8.0-intl, php8.0-pspell, php8.0-sqlite3, php8.0-tidy, php8.0-xsl, php8.0-zip, php8.0-mbstring, php8.0-soap, php8.0-opcache, php8.0-cgi, php8.0-fpm, php8.1, php8.1-common, php8.1-gd, php8.1-mysql, php8.1-imap, php8.1-cli, php8.1-curl, php8.1-intl, php8.1-pspell, php8.1-sqlite3, php8.1-tidy, php8.1-xsl, php8.1-zip, php8.1-mbstring, php8.1-soap, php8.1-opcache, php8.1-cgi, php8.1-fpm
    [INFO] Disabling conflicting apache modules.
    [INFO] Enabling apache modules.
    [INFO] Enabling default PHP-FPM config.
    [INFO] Setting default system php version.
    [INFO] Installing package phpmyadmin
    [INFO] HTTPoxy config.
    [INFO] Installing acme.sh (Let's Encrypt).
    [INFO] acme.sh (Let's Encrypt) installed.
    [INFO] ISPConfig does not yet support mailman3 and mailman2 is no longer available in Debian 11.
    [INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    [INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    [INFO] Adding quota to fstab.
    [INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, awstats, goaccess, awffull
    [INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, awstats, goaccess, awffull
    [INFO] Enabling TLS for pureftpd
    [INFO] Disabling awstats cron.
    [INFO] Installing packages fail2ban, ufw
    [INFO] Installed packages fail2ban, ufw
    [INFO] Installing UnattendedUpgrades
    [INFO] Installing packages unattended-upgrades, apt-listchanges
    [INFO] Installed packages unattended-upgrades, apt-listchanges
    [INFO] Installing roundcube.
    [INFO] Installing packages roundcube, roundcube-core, roundcube-mysql, roundcube-plugins
    [INFO] Installed packages roundcube, roundcube-core, roundcube-mysql, roundcube-plugins
    [INFO] Installing ISPConfig3.
    [INFO] Adding php versions to ISPConfig.
    [INFO] Checking all services are running.
    [INFO] mysql: OK
    [INFO] clamav-daemon: OK
    [INFO] postfix: OK
    [INFO] bind9: OK
    [INFO] pureftpd: OK
    [INFO] apache2: OK
    [INFO] rspamd: OK
    [INFO] redis-server: OK
    [INFO] dovecot: OK
    [INFO] Installation ready.
    [INFO] Your ISPConfig admin password is: -----
    [INFO] Your MySQL root password is: -----
    [INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!
    root@ispconfig:~#

    All fine. I have then configured the server:
    Firewall - default entry
    DNS - my domain DNS
    Customer - Added a new customer
    Site - Added a new site (without SSL)

    I've then checked the following the LEtsencrypt FAQ guide:
    1. Check that you have a Let’s Encrypt client installed. On servers installed before the release of ISPConfig 3.2, this is most likely certbot. On servers installed after the release, it's most likely acme.sh.
    Acme. Checked on installation log above

    1. Check that the Let's encrypt client 'certbot' is updated (when using certbot).
    Not using certbot, but acme as above.
    1. Check that you run the latest ISPConfig version.
    Yes. 3.2.8p1
    1. When your server is behind a NAT router so that the server itself can not reach the hosted domains, then enable the option "Skip Letsencrypt check" under System -> Server config -> server1.example.com -> Web.
    I'm behind a firewall (Pfsense with NAT. Ports 80, 443 and 8080 opened to my server at address 10.0.0.100). Checked Skip Letsencrypt check.

    1. If you are using Cloudflare proxy, then you can not get a Let's Encrypt SSL cert. Using Cloudflare DNS (without proxy function enabled) is fine though.
    Not the case.
    1. Check that all domain names (incl. auto subdomain www etc), subdomains and aliasdomains really point to the right website in DNS and are working. Open one after another in your browser and test that.
    Checked. All points to my static public IP address.
    1. If you still use Apache 2.2, then update your ispconfig to the latest version with the ispconfig_update.sh script to get an updated vhost template. After you did that, use Tools > resync to apply the new template to all sites or apply it to a single site by altering a value in the site settings and press save, before you try to activate Let’s Encrypt again. This is only necessary on apache 2.2 systems, newer apache 2.4 or nginx systems are not affected.
      Not the case.
    2. If you updated from ISPConfig < 3.1 to ISPConfig > 3.1 and deselected the "Reconfigure services" option during update (which is selected by default), then Let’s Encrypt will fail as your server is missing the Let’s Encrypt configuration in the ispconfig apache configuration files. Redo the update and chose to reconfigure services in that case.
      Not the case.
    3. Check that 'Server Migration Mode' option under System > Server Config is not enabled, as migration mode disables the creation of new Let's encrypt certificates.
      Not the case. Unchecked.
    Unfortunatelly when setting my site to use SSL and Let's Encrypt, the system works and then disable the SSL and Let's Encrypt options with no further information. There is no /var/log/letsencrypt nor /etc/letsencrypt files.

    I have no idea on what to do next to make SSL work for my sites. Help appreciated.
     
    Last edited: Jul 28, 2022
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. renatom

    renatom New Member

    Sorry. Have read all threads and FAQs.

    Running on Apache:
    Code:
    Server version: Apache/2.4.54 (Debian)
    Server built:   2022-06-09T04:26:43
    The htf_report.txt file:
    Code:
    root@ispconfig:~# cat htf_report.txt
    
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 11 (bullseye)
    
    [INFO] uptime:  14:46:38 up  3:17,  1 user,  load average: 0.00, 0.00, 0.00
    
    [INFO] memory:
                   total        used        free      shared  buff/cache   available
    Mem:           3.8Gi       2.0Gi       129Mi        84Mi       1.7Gi       1.5Gi
    Swap:          974Mi       9.0Mi       965Mi
    
    [INFO] systemd failed services status:
      UNIT LOAD ACTIVE SUB DESCRIPTION
    0 loaded units listed.
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.8p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.4.30
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.30
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
        Apache 2 (PID 307087)
    [INFO] I found the following mail server(s):
        Postfix (PID 182776)
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 182796)
    [INFO] I found the following imap server(s):
        Dovecot (PID 182796)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 182887)
    
    ##### LISTENING PORTS #####
    (only        ()
    Local        (Address)
    [anywhere]:4190        (182796/dovecot)
    [anywhere]:993        (182796/dovecot)
    [anywhere]:995        (182796/dovecot)
    [localhost]:11332        (182783/rspamd:)
    [localhost]:11333        (182783/rspamd:)
    [localhost]:11334        (182783/rspamd:)
    [localhost]:10023        (42346/postgrey)
    [anywhere]:587        (182776/master)
    [localhost]:11211        (147771/memcached)
    [localhost]:6379        (42106/redis-server)
    [anywhere]:110        (182796/dovecot)
    [anywhere]:143        (182796/dovecot)
    [anywhere]:465        (182776/master)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    ***.***.***.***:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [localhost]:53        (183031/named)
    [anywhere]:21        (182887/pure-ftpd)
    [anywhere]:22        (395/sshd:)
    [localhost]:953        (183031/named)
    [anywhere]:25        (182776/master)
    *:*:*:*::*:4190        (182796/dovecot)
    *:*:*:*::*:993        (182796/dovecot)
    *:*:*:*::*:995        (182796/dovecot)
    *:*:*:*::*:11332        (182783/rspamd:)
    *:*:*:*::*:11333        (182783/rspamd:)
    *:*:*:*::*:11334        (182783/rspamd:)
    *:*:*:*::*:10023        (42346/postgrey)
    *:*:*:*::*:3306        (182122/mariadbd)
    *:*:*:*::*:587        (182776/master)
    *:*:*:*::*:6379        (42106/redis-server)
    [localhost]10        (182796/dovecot)
    [localhost]43        (182796/dovecot)
    *:*:*:*::*:8080        (307087/apache2)
    *:*:*:*::*:80        (307087/apache2)
    *:*:*:*::*:8081        (307087/apache2)
    *:*:*:*::*:465        (182776/master)
    *:*:*:*::*:21        (182887/pure-ftpd)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*5422:90ff:fe5f:53        (183031/named)
    *:*:*:*::*:22        (395/sshd:)
    *:*:*:*::*:25        (182776/master)
    *:*:*:*::*:953        (183031/named)
    *:*:*:*::*:443        (307087/apache2)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination
    
    
    
    
    ##### LET'S ENCRYPT #####
    acme.sh is installed in /root/.acme.sh/acme.sh
    
    
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

Share This Page