Control Panel inaccessible following update 3.1 --> 3.2.4

I proceeded with an update via the Ispconfig3 dashboard. The Control Panel is now no longer accessible.
*****
This site can’t provide a secure connection
192.168.1.70 sent an invalid response.

• Try running Windows Network Diagnostics.

ERR_SSL_PROTOCOL_ERROR
*****
This Ispconfig3 setup is in place solely for managing email accounts.
I understand this is very little information to work with. I am relatively new to this and would appreciate some guidance.
I followed instructions for doing a forced update (ispconfig_update.sh --force) and tried to generate a new certificate but received:

Unable to find renew-hook command letsencrypt_renew_hook.sh in the PATH.
(PATH is /usr/local/sbin:/usr/local/sbin:/usr/bin:/root/bin). Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by Letsencrypt.

Below is contents of letsencrypt.log:
2021-05-03 03:00:10,768: DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-05-03 03:00:10,768: DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2021-05-03 03:00:10,768: DEBUG:certbot._internal.main: Arguments: ['-n', '--post-hook', "echo '1' > /usr/local/ispconfig/server/le.restart"]
2021-05-03 03:00:10,768: DEBUG:certbot._internal.main: Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-05-03 03:00:10,845: DEBUG:certbot._internal.log:Root logging level set at 20
2021-05-03 03:00:10,846: INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: No renewals were attempted.
2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: No hooks were run.
2021-05-03 03:00:10,847: DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-05-03 03:00:10,847: DEBUG:certbot._internal.renewal:no renewal failures

I should probably mention that email and Roundcube are working without issue.
Can anyone provide some insight?

 

http:// gives default Apache page

 

I should have been clearer

1) http: //internalIP gives Apache default page

2) https: //internalIP: 8080 gives
*****
This site can’t provide a secure connection
INTERNALIP sent an invalid response.

• Try running Windows Network Diagnostics.

ERR_SSL_PROTOCOL_ERROR
*****

3) https: //internalIP gives
***
Your connection isn't private
Attackers might be trying to steal your information from INTERNALIP (for example, passwords, messages, or credit cards).

NET::ERR_CERT_AUTHORITY_INVALID
***

Followed by

This server couldn't prove that it's INTERNALIP; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

Continue to 1internalIP (unsafe)

Followed by Apache default page (unsecured)

 

ah, yes you did...my apologies

http://internalIP :8080 gives Apache default

 

Follow these instructions, read the complete article from beginning to end.
https://www.howtoforge.com/community/threads/please-read-before-posting.58408/

I did not know ISPConfig 3 can be updated via the dasboard? You do mean the ISPConfig Panel in browser when you write dashboard?

Seems that ISPConfig 3 server is in an intranet, and uses non routable IP-number 192.168.1.70. This means it is not reachable from the public internet and Let's Encrypt can not issue a certificate for it. At least not with extra hoops to set up to make it work. Did you during ispconfig_update.sh check it is trying to create a self-signed certificate (that should work and you can access the panel after accepting security exeption in the browser).

 

Taleman / Till

I have read the httxx://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Unfortunately I am using a non-GUI environment so I could not run the test script as per instruction provided. I did, however, examine the contents of the php file to see what you are looking for. Below is what I can provide:
1) OS
CentOS Linux release 7.4.1708 (Core)
*****
2) PHP version
PHP 5.4.16 (cli) (built: Apr 1 2020 04:07:17)
*****
3) Listening on Ports
LISTENING ON PORTS
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1713/amavisd (maste
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1029/php-fpm: maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2205/smtpd
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 1713/amavisd (maste
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1374/mysqld
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 2198/smtpd
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 42165/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 42165/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.1.70:53 0.0.0.0:* LISTEN 1350/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1350/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1060/pure-ftpd (SER
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 977/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2333/smtpd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1350/named
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 42165/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 42165/dovecot
tcp6 0 0 ::1:10024 :::* LISTEN 1713/amavisd (maste
tcp6 0 0 ::1:10026 :::* LISTEN 1713/amavisd (maste
tcp6 0 0 :::110 :::* LISTEN 42165/dovecot
tcp6 0 0 :::143 :::* LISTEN 42165/dovecot
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::8080 :::* LISTEN 699/httpd
tcp6 0 0 :::80 :::* LISTEN 699/httpd
tcp6 0 0 :::53 :::* LISTEN 1350/named
tcp6 0 0 :::21 :::* LISTEN 1060/pure-ftpd (SER
tcp6 0 0 :::22 :::* LISTEN 977/sshd
tcp6 0 0 :::25 :::* LISTEN 2333/smtpd
tcp6 0 0 ::1:953 :::* LISTEN 1350/named
tcp6 0 0 :::443 :::* LISTEN 699/httpd
tcp6 0 0 :::993 :::* LISTEN 42165/dovecot
tcp6 0 0 :::995 :::* LISTEN 42165/dovecot
udp 0 0 192.168.1.70:53 0.0.0.0:* 1350/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1350/named
udp 0 0 127.0.0.1:323 0.0.0.0:* 746/chronyd
udp6 0 0 :::53 :::* 1350/named
udp6 0 0 ::1:323 :::* 746/chronyd
*****
4) IP_Tables
IP_TABLES
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,urd,submission
f2b-dovecot tcp -- anywhere anywhere multiport dports pop3,pop3s,imap,imaps
f2b-FTP tcp -- anywhere anywhere tcp dpt:ftp
f2b-sshd tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-FTP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain f2b-dovecot (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain f2b-postfix-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
*****
I realize that this is probably not entirely what you are looking for and will provide whatever I can.

 

1) I did not know ISPConfig 3 can be updated via the dasboard? You do mean the ISPConfig Panel in browser when you write dashboard?
Yes, I meant to say Control Panel

2) Seems that ISPConfig 3 server is in an intranet, and uses non routable IP-number 192.168.1.70. This means it is not reachable from the public internet and Let's Encrypt can not issue a certificate for it. At least not with extra hoops to set up to make it work. Did you during ispconfig_update.sh check it is trying to create a self-signed certificate (that should work and you can access the panel after accepting security exeption in the browser).
Yes, during ispconfig_update.sh I proceeded with the self-signed certificate (see below)
**
Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for my.IMapServer.com
Using certificate path /etc/letsencrypt/live/my.IMapServer.com
PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2912
PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2913
PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2914
PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2917
PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2918
PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2919
PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2922
PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2923
PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.bv3LohT1tw/install/lib/installer_base.lib.php on line 2924
which: no certbot in (/opt/eff.org/certbot/venv/bin)
which: no acme.sh in (/usr/local/ispconfig/server/scripts)
which: no acme.sh in (/root/.acme.sh)
Using apache for certificate validation
Unable to find renew-hook command letsencrypt_renew_hook.sh in the PATH.
(PATH is /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt
Could not issue letsencrypt certificate, falling back to self-signed.
Generating RSA private key, 4096 bit long modulus
...................++
.......................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) []:XXXXXXXXX
Locality Name (eg, city) [Default City]:XXXXXXXXX
Organization Name (eg, company) [Default Company Ltd]:XXXXXXXXX
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:XXXXXXXXX
An optional company name []:
writing RSA key
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
***
which: no acme.sh in (/usr/local/ispconfig/server/scripts)
which: no acme.sh in (/root/.acme.sh)
Reconfigure Crontab? (yes,no) [yes]: yes

Updating Crontab
Update finished.

 

When your browser informs you

have you accepted the security exception to let browser continue to the control panel? Since the certificate is self signed, the browser does not trust it and you must allow that security exception.
Seems neither certbot nor acme.sh is installed on that ISPConfig host. Is this intentional? How was ISPConfig installed on this host?

 

1) https://192.168.1.70:8080 throws the "ERR_SSL_PROTOCOL_ERROR" message immediately. There is no option to accept the security exception

2) https://192.168.1.70 DOES go to the security exception but when I click on "Proceed to 192.168.1.70 (unsafe)" I am directed to the Apache default page

 

You wrote in #9

Have you read it completely and followed the instructions? It has a FAQ about wrong website shown and panel not showing.

 

Yes, I have completely read the information on the page.

The parts that seem relevant to the problem:
1) How to run test script
This cannot be done because I am working in a non-GUI environment. I previously posted what information I could - after examining the script code.
2) When visiting domain B, the content of domain A is showing
This server does not host multiple domains. Its sole purpose is for handling email. I have a separate web server which I use for our domains and subdomains.
3) Something is not working after updating ISPConfig
I used the ispconfig_update.sh --force command. However, when asked to update services I used the "selected" option and responded no the postfix Imap/POP3 option. This is my production mail server and I cannot risk the update destroying my ability to send/receive mail. My assumption is that the postfix option should have no bearing on the ability to display the Control Panel.
4) Panel not showing up /server.sh script error
OS: CentOS7
PHP version: 5.4.16
5) Problems with websites or PHP
Using Apache server. No websites hosted on this machine.

 

That I do not understand. I do not have GUI on any of my servers, and I can run the script just fine. Can you not write commands on the terminal on your server? If you just can not copy-paste the command, write the command to a file, copy that file to your server and issue the command that way.

 

I SSH into the server and run : wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php

It hangs...does nothing at all...after about 20 minutes I force out of SSH, sign back in through SSH and run cat htf_report.txt | more. Below is the result:

[root@mail ~]# cat htf_report.txt | more

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[root@mail ~]#

 

How has that failure anything to do with having or not having GUI?
Looks like the php script fails to run. Maybe you have not installed some component it needs? Or the PHP 5.4 version is too old for running the script?

 

You are correct...it doesn't...I look at so many php scripts running inside an html shell every day that I just projected into this one...

In any event, it is not worth quibbling about.

Perhaps I will try updating/reinstalling php. Current version is 5.4.16...according to documentation it is the correct version for ispconfig running on centos 7.

At this point I am close to giving up.

 

But why does the report common issues script not run on that CentOS?