Do I need to wait after hostname change before following the LE 8080 tutorial?

Hi there everyone!

I've got a site (mydomain.com) installed and operating correctly with an LE SSL cert and would like to perform the 8080 securing process now.

The server originally came preconfigured with another hostname (gibberish-ip.eu) so I changed my hostname to mydomain.com via shell.

Do I need to wait a period of time allow the hostname changes to take effect, do I need to perform a restart of either the machine or any services or am I ok to follow the tutorial immediately after the hostname change?

Thanks for your time!

 

Run hostname -f command and if it shows your server1.example.tld, then I think you should be good to proceed with creating its website. Note that it must be a subdomain for ISPConfig and not a root domain (example.tld). DO NOT continue if you cannot create its fqdn website or you cannot enable LE SSL on its fqdn website.

 

I'm sorry but I don't understand what you mean. I don't see anything at all in the tutorial that says I need to create a subdomain in the steps to work. Are you saying that I need to make hostname -f respond with "server.mydomain.com" and not "mydomain.com"? Do I need to do something in mydomain.com's dns records to reflect this as well?

 

Yes. Hostname for ISPConfig server should always be in a subdomain form. Do refer to the manual.

 

I'm trying to figure it out through the manual but I'm failing miserably it seems.

Following the Debian wiki for changing hostname, I first edited /etc/hosts:

Code:

127.0.0.1       localhost
127.0.1.1       server.mydomain.com       server

# The following lines are desirable for IPv6 capable hosts
::1     localhost       ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
91.121.134.207  server.mydomain.com       server

And /etc/hostname:

Code:

server

Then ran:

and rebooted:
On restart I shelled in:

hostname -f now shows properly but if I try to visit server.mydomain.com:8080 (or standard 80 for that matter), I get an unknown IP error:

In spite of that error, have I altered the hostname correctly? It seems I'm still lacking a step, according to the returned data at the top of the shell window.

 

Hi there,

I added an a record and the it's resolving correctly now. I've got an issue with performing the steps for securing 8080:

Code:

root@server:~# cd /usr/local/ispconfig/interface/ssl/
root@server:/usr/local/ispconfig/interface/ssl# mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
root@server:/usr/local/ispconfig/interface/ssl# mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
root@server:/usr/local/ispconfig/interface/ssl# mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
mv: cannot stat 'ispserver.pem': No such file or directory
root@server:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
root@server:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
root@server:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem
cat: ispserver.key: No such file or directory
cat: ispserver.crt: No such file or directory
root@server:/usr/local/ispconfig/interface/ssl#

I expected the first mv resulting in no file because the tutorial explained why. It's these two that I'm worried about:

Code:

root@server:/usr/local/ispconfig/interface/ssl# cat ispserver.{key,crt} > ispserver.pem
cat: ispserver.key: No such file or directory
cat: ispserver.crt: No such file or directory

Am I doing something wrong or is this expected for a new server with no previous certs issued? Is it because I need to have a separate site created in ISPConfig for server.mydomain even though I already have a site created for mydomain.com? It's a little confusing because I'm not sure if I'm allowed to include subdomains in the "domain" entry of the new site creation process.

 

Well, I may be in a pickle now. I used ISPConfig to create a new site "server.mydomain.com" to reflect the hostname, choosing to enable SSL and LE. Now, I am unable to access the server via IP, mydomain.com or any other URL via HTTP or HTTPS.

Any chance of fixing this?

 

Did a wipe on the server and will try it with a fresh start.

 

Yes, you were doing it all wrong.

From what I see, you did not follow the advise on subdomain for ISPConfig properly, thus you ended up not creating a website under its own hostname fqdn resulting no LE SSL certs were created for it under its own folder name.

Code:

root@server:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
root@server:/usr/local/ispconfig/interface/ssl# ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key

The above code are looking for the said subdomain LE SSL website folder, thus failed to be properly executed resulting in no symlinked ispserver.crt and ispserver.key created.

So, yes you need a separate site for the subdomain and not just a mere subdomain to a main domain website, so create it as a website or subdomain / alias domain with its own vhost.

You will not find the later available by default in the menu because you need to turn them on by ticking them in ISPConfig > System > Main Config > Sites:

Code:

Create subdomains as web site
[ ] You cannot disable this as long as vhost subdomains exist in the system!
Create aliasdomains as web site
[ ] You cannot disable this as long as vhost aliasdomains exist in the system!

By the way, no need to delete and redo everything just because some error occurs, try to be patient in learning and doing things, read and do it step by step; and you'll be just fine.

 

Thanks very much for your help, ahrasis. I was ok with starting fresh because so much of what I had tried to do had failed miserably(adding a usable PHP alternative, securing ISPC, mail, etc). I have managed to follow the tutorial correctly this time, everything seems to be working well and I accept that I won't have a usable alternate PHP version on the server

Thanks again for all your help!