domain displays wrong domain instead of forwarding to https

Discussion in 'Installation/Configuration' started by niemand-glaumy, Feb 22, 2019.

  1. niemand-glaumy

    niemand-glaumy Member

    This might be a duplicate question. Feel free to simply link solutions.

    Problem: Customer domain abc.de forwards to www.abc.de and displays xyz.de (my main domain) - while it should forward to https://abc.de, which, if typed manually, displays the correct content.

    I found that problem, read my SSL might be incorrect and used the certbot command to recreate the certificate of abc.de and updated ISPConfig (which lead to apache2 unable to start because it did not configure the 000-apps.vhost Line 6 ("Listen") correctly - it just left it empty. (This problem I solved by adding my IP: port behind "Listen".)

    Before writing this post, I found another post stating I should uncheck "LetsEncrypt SSL" in the domain settings of abc.de within ISPConfig, which did not change anything except insecuring the connection.
     
    Last edited: Feb 22, 2019
    niemand-glaumy, Feb 22, 2019
    #1
  2. niemand-glaumy

    niemand-glaumy Member

    Proceeding onwards.
    After alot of googling and playing around, I destroyed my certs and with that apache2 and then had to reinstall apache2 and ispconfig.
    They are now both running, but ip:8080/domain.tld:8080 will timeout (apache2 is listening on port 8080). And domain.tld shows the apache2 placeholder page.

    Anyone up for a rescue mission? :D
     
    niemand-glaumy, Feb 25, 2019
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Run an ispconfig update, choose to reconfigure services during update and choose to create a new ssl cert for the ispconfig UI when the installer asks.
     
    till, Feb 25, 2019
    #3
  4. niemand-glaumy

    niemand-glaumy Member

    Done, no changes. :/

    Editing this:
    Code:
    sudo netstat -ntlp
    does not list Port 8080 or ispconfig.

    port 8080 is setup in
    Code:
    /etc/apache2/sites-enabled/000-ispconfig.vhost -> /etc/apache2/sites-available/ispconfig.vhost
    Testscript output:
    Code:
    root@web:/etc/apache2# sudo cat htf_report.txt | more

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
IP-address(es) (as per ifconfig): ***.***.***.***
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1.13p1


##### VERSION CHECK #####

[INFO] php (cli) version is 7.0.33-0ubuntu***.***.***.***

##### PORT CHECK #####

[WARN] Port 8080 (ISPConfig) seems NOT to be listening
[WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening
[WARN] Port 80 (Webserver) seems NOT to be listening
[WARN] Port 443 (Webserver SSL) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[WARN] I could not determine which web server is running.
[INFO] I found the following mail server(s):
        Postfix (PID 26190)
[INFO] I found the following pop3 server(s):
        Dovecot (PID 26247)
[INFO] I found the following imap server(s):
        Dovecot (PID 26247)
[INFO] I found the following ftp server(s):
        PureFTP (PID 26322)

##### LISTENING PORTS #####
(only           ()
Local           (Address)
[anywhere]:995          (26247/dovecot)
[localhost]:10023               (1474/postgrey.pid)
[localhost]:10024               (26223/amavisd-new)
[localhost]:10025               (26190/master)
[localhost]:10026               (26223/amavisd-new)
[localhost]:10027               (26190/master)
[anywhere]:587          (26190/master)
[localhost]:11211               (1099/memcached)
[anywhere]:110          (26247/dovecot)
[anywhere]:143          (26247/dovecot)
[anywhere]:465          (26190/master)
[anywhere]:30033                (1128/ts3server)
***.***.***.***:53              (26331/named)
[localhost]:53          (26331/named)
[anywhere]:21           (26322/pure-ftpd)
[anywhere]:22           (1140/sshd)
[localhost]:953         (26331/named)
[anywhere]:25           (26190/master)
[anywhere]:10011                (1128/ts3server)
[anywhere]:993          (26247/dovecot)
*:*:*:*::*:64738                (1553/murmurd)
*:*:*:*::*:995          (26247/dovecot)
*:*:*:*::*:10023                (1474/postgrey.pid)
*:*:*:*::*:10024                (26223/amavisd-new)
*:*:*:*::*:10026                (26223/amavisd-new)
*:*:*:*::*:3306         (1548/mysqld)
*:*:*:*::*:587          (26190/master)
[localhost]10           (26247/dovecot)
[localhost]43           (26247/dovecot)
*:*:*:*::*:465          (26190/master)
*:*:*:*::*:30033                (1128/ts3server)
*:*:*:*::*:53           (26331/named)
*:*:*:*::*:21           (26322/pure-ftpd)
*:*:*:*::*:22           (1140/sshd)
*:*:*:*::*:953          (26331/named)
*:*:*:*::*:25           (26190/master)
[localhost]0011         (1128/ts3server)
*:*:*:*::*:993          (26247/dovecot)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-dovecot-pop3imap  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993
f2b-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-dovecot-pop3imap (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-pureftpd (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0
    I also disabled UFW via
    Code:
    sudo ufw disable
    , in case it was enabled. Then I rebooted.

    No changes so far. :(
     
    Last edited: Feb 25, 2019
    niemand-glaumy, Feb 25, 2019
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if apache is not running at all. Restart apache, if it does not start, then remove the vhost symlink in the apache sites-enabled directory that you suspect to be the cause of the problem and try to restart apache again.
     
    till, Feb 25, 2019
    #5
  6. niemand-glaumy

    niemand-glaumy Member

    But the apache placeholder page is shown: https://echstreme.de/ - this should mean apache2 is running, or am I wrong?
    Also, service apache2 restart does not echo any errors.

    The logfile ("/var/log/apache2/error.log") does: Edited 25th Feb, 20:18pm GMT+1
    Code:
    [Mon Feb 25 20:16:30.747804 2019] [ssl:warn] [pid 7986:tid 139685681391488] AH01906: echstreme.de:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 25 20:16:30.747891 2019] [ssl:error] [pid 7986:tid 139685681391488] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=$
[Mon Feb 25 20:16:30.747896 2019] [ssl:error] [pid 7986:tid 139685681391488] AH02604: Unable to configure certificate echstreme.de:8080:0 for stapling
[Mon Feb 25 20:16:33.385223 2019] [ssl:emerg] [pid 7986:tid 139685681391488] AH02580: Init: Pass phrase incorrect for key echstreme.de:443:0
[Mon Feb 25 20:16:33.385253 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Feb 25 20:16:33.385263 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Feb 25 20:16:33.385279 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Feb 25 20:16:33.385285 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Feb 25 20:16:33.385292 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Feb 25 20:16:33.385297 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Feb 25 20:16:33.385302 2019] [ssl:emerg] [pid 7986:tid 139685681391488] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KE$
[Mon Feb 25 20:16:33.385306 2019] [ssl:emerg] [pid 7986:tid 139685681391488] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Mon Feb 25 20:16:33.385309 2019] [ssl:emerg] [pid 7986:tid 139685681391488] AH02564: Failed to configure encrypted (?) private key echstreme.de:443:0, check /etc/letsencrypt/live/echstrem$
AH00016: Configuration Failed
    Urr... seems I failed SSLing somewhere. Apache2 now starts asking me for a passphrase when restarting, how do I get rid of it? :D

    Reinstalling apache2? Removing a speshl .conf (which?)?
     
    Last edited: Feb 25, 2019
    niemand-glaumy, Feb 25, 2019
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    I can't tell you which SSL cert you changed manually so that apache is not starting anymore. If you don't remember what you did, then the only chance is to remove all website vhost symlinks in sites in apache sites-enabled folder (leve the default and ispconfig ones there, and then try to restart apache. if it still fails, then the cause must be the ssl cert of the ispconfig vhost. If it does not fail, then you can get ispconfig to re-enable all websites by using tools > resync.
     
    till, Feb 27, 2019
    #7
    niemand-glaumy likes this.
  8. niemand-glaumy

    niemand-glaumy Member

    Thank you for the answer, will try that tonight.

    What if it is the ssl cert of the ispc vhost? Just find the key file (any hints where to look?) and rm it?
    Because, as said, reconfing ISPC doesn't do the trick.
     
    niemand-glaumy, Feb 27, 2019
    #8
  9. niemand-glaumy

    niemand-glaumy Member

    So far, so good.
    Apache2 starts without passphrasing me or failing. (systemctl states it's active).

    Still: Port 8080 is not being listened to. <= SOLVED. See #EDIT# below please!
    It is in sites-available/ispcconfig.vhost as port to listen to. :/
    But not in netstat -ntlp.

    Edit: "cat htf_report.txt | more"
    Code:
    ##### SERVER #####
IP-address (as per hostname): ***.***.***.***
IP-address(es) (as per ifconfig): ***.***.***.***
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1dev


##### VERSION CHECK #####

[INFO] php (cli) version is 7.0.33-0ubuntu***.***.***.***

##### PORT CHECK #####

[WARN] Port 8080 (ISPConfig) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
        Apache 2 (PID 1533)
[INFO] I found the following mail server(s):
        Postfix (PID 1890)
[INFO] I found the following pop3 server(s):
        Dovecot (PID 1175)
[INFO] I found the following imap server(s):
        Dovecot (PID 1175)
[INFO] I found the following ftp server(s):
        PureFTP (PID 1761)

##### LISTENING PORTS #####
(only           ()
Local           (Address)
[anywhere]:995          (1175/dovecot)
[localhost]:10023               (1547/postgrey.pid)
[localhost]:10024               (1694/amavisd-new)
[localhost]:10025               (1890/master)
[localhost]:10026               (1694/amavisd-new)
[localhost]:10027               (1890/master)
[anywhere]:587          (1890/master)
[localhost]:11211               (1123/memcached)
[anywhere]:110          (1175/dovecot)
[anywhere]:143          (1175/dovecot)
[anywhere]:465          (1890/master)
[anywhere]:30033                (1158/ts3server)
[anywhere]:21           (1761/pure-ftpd)
***.***.***.***:53              (1132/named)
[localhost]:53          (1132/named)
[anywhere]:22           (1166/sshd)
[anywhere]:25           (1890/master)
[localhost]:953         (1132/named)
[anywhere]:10011                (1158/ts3server)
[anywhere]:993          (1175/dovecot)
*:*:*:*::*:64738                (1628/murmurd)
*:*:*:*::*:995          (1175/dovecot)
*:*:*:*::*:10023                (1547/postgrey.pid)
*:*:*:*::*:10024                (1694/amavisd-new)
*:*:*:*::*:10026                (1694/amavisd-new)
*:*:*:*::*:3306         (1624/mysqld)
*:*:*:*::*:587          (1890/master)
[localhost]10           (1175/dovecot)
[localhost]43           (1175/dovecot)
*:*:*:*::*:80           (1533/apache2)
*:*:*:*::*:465          (1890/master)
*:*:*:*::*:30033                (1158/ts3server)
*:*:*:*::*:8081         (1533/apache2)
*:*:*:*::*:21           (1761/pure-ftpd)
*:*:*:*::*:53           (1132/named)
*:*:*:*::*:22           (1166/sshd)
*:*:*:*::*:25           (1890/master)
*:*:*:*::*:953          (1132/named)
[localhost]0011         (1158/ts3server)
*:*:*:*::*:443          (1533/apache2)
*:*:*:*::*:993          (1175/dovecot)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-dovecot-pop3imap  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993
f2b-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-dovecot-pop3imap (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-pureftpd (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0
    #EDIT# - Solution and New Problem (Self Signed SSL = Untrusted)
    I solved the problem, by adding a symlink towards ispconfig.vhost into sites-enabled, because it was missing:
    Code:
    ln -s /etc/apache2/sites-available/ispconfig.vhost sites-enabled/000-ispconfig.vhost
    Sadly, I now have another problem:
    This was annoying when my song of failure and issues startet and is increasingly annoying near the end of it.

    Another edit: Added a SSL via "certbot --apache" for my domain. Sadly, it didn't seem to change anything for the 8080.

    Solution?-Edit:
    Would this script from https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ do what I want? It's last edited Oct '18, so I'm asking before running it. :D
    Code:
    cd /etc/ssl
wget https://raw.githubusercontent.com/ahrasis/LE4ISPC/master/le4ispc.sh --no-check-certificate
chmod +x le4ispc.sh
./le4ispc.sh
     
    Last edited: Feb 28, 2019
    niemand-glaumy, Feb 28, 2019
    #9
  10. niemand-glaumy

    niemand-glaumy Member

    Once more I triple post. Sorry about that, as usual. I do that because a new issue arose: Apache2 default page instead of ispconfig.

    I was able to get rid of the Browser-Warning-Message with
    Code:
    cd /usr/local/ispconfig/interface/ssl/
ln -s /etc/letsencrypt/live/echstreme.de-0001/fullchain.pem ispserver.crt
ln -s /etc/letsencrypt/live/echstreme.de-0001/privkey.pem ispserver.key
cat ispserver.{key,crt} > ispserver.pem
    Now https://echstreme.de:8080 just shows the default apache page instead of ISPC. Searching through posts right now, but most stuff I find is from before 2017 and for not-ubuntu. :/

    Edit: Of course I also did a "ispconfig_update.sh", but that changed nothing.
     
    Last edited: Mar 1, 2019
    niemand-glaumy, Feb 28, 2019
    #10

Share This Page