I proceeded with an update via the Ispconfig3 dashboard. The Control Panel is now no longer accessible. ***** This site can’t provide a secure connection 192.168.1.70 sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR ***** This Ispconfig3 setup is in place solely for managing email accounts. I understand this is very little information to work with. I am relatively new to this and would appreciate some guidance. I followed instructions for doing a forced update (ispconfig_update.sh --force) and tried to generate a new certificate but received: Unable to find renew-hook command letsencrypt_renew_hook.sh in the PATH. (PATH is /usr/local/sbin:/usr/local/sbin:/usr/bin:/root/bin). Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by Letsencrypt. Below is contents of letsencrypt.log: 2021-05-03 03:00:10,768: DEBUG:certbot._internal.main:certbot version: 1.11.0 2021-05-03 03:00:10,768: DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt 2021-05-03 03:00:10,768: DEBUG:certbot._internal.main: Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"] 2021-05-03 03:00:10,768: DEBUG:certbot._internal.main: Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2021-05-03 03:00:10,845: DEBUG:certbot._internal.log:Root logging level set at 20 2021-05-03 03:00:10,846: INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: No renewals were attempted. 2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: No hooks were run. 2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2021-05-03 03:00:10,847: DEBUG:certbot._internal.renewal:no renewal failures I should probably mention that email and Roundcube are working without issue. Can anyone provide some insight?
I should have been clearer 1) http: //internalIP gives Apache default page 2) https: //internalIP: 8080 gives ***** This site can’t provide a secure connection INTERNALIP sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR ***** 3) https: //internalIP gives *** Your connection isn't private Attackers might be trying to steal your information from INTERNALIP (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID *** Followed by This server couldn't prove that it's INTERNALIP; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Continue to 1internalIP (unsafe) Followed by Apache default page (unsecured)
Ok, and I asked you what you get when you enter: http://yourserver.tld:8080/ or alternatively: http://internalIP:8080/
Follow these instructions, read the complete article from beginning to end. https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ I did not know ISPConfig 3 can be updated via the dasboard? You do mean the ISPConfig Panel in browser when you write dashboard? Seems that ISPConfig 3 server is in an intranet, and uses non routable IP-number 192.168.1.70. This means it is not reachable from the public internet and Let's Encrypt can not issue a certificate for it. At least not with extra hoops to set up to make it work. Did you during ispconfig_update.sh check it is trying to create a self-signed certificate (that should work and you can access the panel after accepting security exeption in the browser).
Taleman / Till I have read the httxx://www.howtoforge.com/community/threads/please-read-before-posting.58408/ Unfortunately I am using a non-GUI environment so I could not run the test script as per instruction provided. I did, however, examine the contents of the php file to see what you are looking for. Below is what I can provide: 1) OS CentOS Linux release 7.4.1708 (Core) ***** 2) PHP version PHP 5.4.16 (cli) (built: Apr 1 2020 04:07:17) ***** 3) Listening on Ports LISTENING ON PORTS tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1713/amavisd (maste tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1029/php-fpm: maste tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2205/smtpd tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 1713/amavisd (maste tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1374/mysqld tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 2198/smtpd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 42165/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 42165/dovecot tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.1.70:53 0.0.0.0:* LISTEN 1350/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1350/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1060/pure-ftpd (SER tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 977/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2333/smtpd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1350/named tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 42165/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 42165/dovecot tcp6 0 0 ::1:10024 :::* LISTEN 1713/amavisd (maste tcp6 0 0 ::1:10026 :::* LISTEN 1713/amavisd (maste tcp6 0 0 :::110 :::* LISTEN 42165/dovecot tcp6 0 0 :::143 :::* LISTEN 42165/dovecot tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::8080 :::* LISTEN 699/httpd tcp6 0 0 :::80 :::* LISTEN 699/httpd tcp6 0 0 :::53 :::* LISTEN 1350/named tcp6 0 0 :::21 :::* LISTEN 1060/pure-ftpd (SER tcp6 0 0 :::22 :::* LISTEN 977/sshd tcp6 0 0 :::25 :::* LISTEN 2333/smtpd tcp6 0 0 ::1:953 :::* LISTEN 1350/named tcp6 0 0 :::443 :::* LISTEN 699/httpd tcp6 0 0 :::993 :::* LISTEN 42165/dovecot tcp6 0 0 :::995 :::* LISTEN 42165/dovecot udp 0 0 192.168.1.70:53 0.0.0.0:* 1350/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1350/named udp 0 0 127.0.0.1:323 0.0.0.0:* 746/chronyd udp6 0 0 :::53 :::* 1350/named udp6 0 0 ::1:323 :::* 746/chronyd ***** 4) IP_Tables IP_TABLES Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,urd,submission f2b-dovecot tcp -- anywhere anywhere multiport dports pop3,pop3s,imap,imaps f2b-FTP tcp -- anywhere anywhere tcp dpt:ftp f2b-sshd tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-FTP (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- anywhere anywhere ***** I realize that this is probably not entirely what you are looking for and will provide whatever I can.
1) I did not know ISPConfig 3 can be updated via the dasboard? You do mean the ISPConfig Panel in browser when you write dashboard? Yes, I meant to say Control Panel 2) Seems that ISPConfig 3 server is in an intranet, and uses non routable IP-number 192.168.1.70. This means it is not reachable from the public internet and Let's Encrypt can not issue a certificate for it. At least not with extra hoops to set up to make it work. Did you during ispconfig_update.sh check it is trying to create a self-signed certificate (that should work and you can access the panel after accepting security exeption in the browser). Yes, during ispconfig_update.sh I proceeded with the self-signed certificate (see below) ** Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for my.IMapServer.com Using certificate path /etc/letsencrypt/live/my.IMapServer.com PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2912 PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2913 PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2914 PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2917 PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2918 PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2919 PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2922 PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2923 PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2924 which: no certbot in (/opt/eff.org/certbot/venv/bin) which: no acme.sh in (/usr/local/ispconfig/server/scripts) which: no acme.sh in (/root/.acme.sh) Using apache for certificate validation Unable to find renew-hook command letsencrypt_renew_hook.sh in the PATH. (PATH is /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt Could not issue letsencrypt certificate, falling back to self-signed. Generating RSA private key, 4096 bit long modulus ...................++ .......................................................................................++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CA State or Province Name (full name) []:XXXXXXXXX Locality Name (eg, city) [Default City]:XXXXXXXXX Organization Name (eg, company) [Default Company Ltd]:XXXXXXXXX Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []: Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:XXXXXXXXX An optional company name []: writing RSA key Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time *** which: no acme.sh in (/usr/local/ispconfig/server/scripts) which: no acme.sh in (/root/.acme.sh) Reconfigure Crontab? (yes,no) [yes]: yes Updating Crontab Update finished.
When your browser informs you have you accepted the security exception to let browser continue to the control panel? Since the certificate is self signed, the browser does not trust it and you must allow that security exception. Seems neither certbot nor acme.sh is installed on that ISPConfig host. Is this intentional? How was ISPConfig installed on this host?
1) https://192.168.1.70:8080 throws the "ERR_SSL_PROTOCOL_ERROR" message immediately. There is no option to accept the security exception 2) https://192.168.1.70 DOES go to the security exception but when I click on "Proceed to 192.168.1.70 (unsafe)" I am directed to the Apache default page
You wrote in #9 Have you read it completely and followed the instructions? It has a FAQ about wrong website shown and panel not showing.
Yes, I have completely read the information on the page. The parts that seem relevant to the problem: 1) How to run test script This cannot be done because I am working in a non-GUI environment. I previously posted what information I could - after examining the script code. 2) When visiting domain B, the content of domain A is showing This server does not host multiple domains. Its sole purpose is for handling email. I have a separate web server which I use for our domains and subdomains. 3) Something is not working after updating ISPConfig I used the ispconfig_update.sh --force command. However, when asked to update services I used the "selected" option and responded no the postfix Imap/POP3 option. This is my production mail server and I cannot risk the update destroying my ability to send/receive mail. My assumption is that the postfix option should have no bearing on the ability to display the Control Panel. 4) Panel not showing up /server.sh script error OS: CentOS7 PHP version: 5.4.16 5) Problems with websites or PHP Using Apache server. No websites hosted on this machine.
That I do not understand. I do not have GUI on any of my servers, and I can run the script just fine. Can you not write commands on the terminal on your server? If you just can not copy-paste the command, write the command to a file, copy that file to your server and issue the command that way.
I SSH into the server and run : wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php It hangs...does nothing at all...after about 20 minutes I force out of SSH, sign back in through SSH and run cat htf_report.txt | more. Below is the result: [root@mail ~]# cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [root@mail ~]#
How has that failure anything to do with having or not having GUI? Looks like the php script fails to run. Maybe you have not installed some component it needs? Or the PHP 5.4 version is too old for running the script?
You are correct...it doesn't...I look at so many php scripts running inside an html shell every day that I just projected into this one... In any event, it is not worth quibbling about. Perhaps I will try updating/reinstalling php. Current version is 5.4.16...according to documentation it is the correct version for ispconfig running on centos 7. At this point I am close to giving up.
On centOS, you can use a newer PHP version like PHP 7.4 as all PHP versions use the exact same path. But you should consider not install a new server by using such an outdated OS. Either use centOS 8 or even better, use one of the OS that is recommended to be used for ISPConfig: Debian 10 or Ubuntu 20.04. Your server will be easier to install, run smoother and will be easier to update and more stable when you switch to Debian or Ubuntu. Plus the installation process is much easier by using the auto installer: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/