Error 403 on new web

Discussion in 'Installation/Configuration' started by rfnx, Jun 7, 2024.

  1. till

    till Super Moderator Staff Member ISPConfig Developer

    So you have a file with .err file ending there?
     
  2. rfnx

    rfnx Member

    Ugh, I need a coffee

    brb
     
  3. rfnx

    rfnx Member

    yes, for each web
     
  4. rfnx

    rfnx Member

    OK, I unticked it!
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    ztk.me likes this.
  6. rfnx

    rfnx Member

    what does that mean?


    Code:
    # apachectl -t -f /etc/apache2/sites-available/domain.tld.vhost.err
    AH00534: apache2: Configuration error: No MPM loaded.
    Action '-t -f /etc/apache2/sites-available/domain.tld.vhost.err' failed.
    The Apache error log may have more information.
    
    Here the error log tail:


    Code:
    # tail /var/log/apache2/error.log
    [Fri Jun 07 10:22:07.779366 2024] [ssl:error] [pid 23769:tid 140562428643200] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=maran.domain.io,OU=IT,O=G\\C3\\83\\C2\\B6tterland,L=Meerbusch,ST=Nordrheinwestphalen,C=DE / issuer: [email protected],CN=maran.domain.io,OU=IT,O=G\\C3\\83\\C2\\B6tterland,L=Meerbusch,ST=Nordrheinwestphalen,C=DE / serial: 60C29F7293241556F61962BEF1DE620EAD5A2EAC / notbefore: Dec 11 08:38:53 2023 GMT / notafter: Dec  8 08:38:53 2033 GMT]
    [Fri Jun 07 10:22:07.779372 2024] [ssl:error] [pid 23769:tid 140562428643200] AH02604: Unable to configure certificate maran.gotnet.io:8081:0 for stapling
    [Fri Jun 07 10:22:07.779540 2024] [:notice] [pid 23769:tid 140562428643200] mod_python: Creating 8 session mutexes based on 0 max processes and 25 max threads.
    [Fri Jun 07 10:22:07.779546 2024] [:notice] [pid 23769:tid 140562428643200] mod_python: using mutex_directory /tmp
    [ N 2024-06-07 10:22:07.7970 23745/T1 age/Cor/CoreMain.cpp:1325 ]: Passenger core shutdown finished
    [Fri Jun 07 10:22:07.800914 2024] [mpm_event:notice] [pid 23769:tid 140562428643200] AH00489: Apache/2.4.59 (Debian) mod_fcgid/2.3.9 Phusion_Passenger/6.0.17 OpenSSL/3.0.11 mod_python/3.5.0+git20211031.e6458ec Python/3.11.2 mod_perl/2.0.12 Perl/v5.36.0 configured -- resuming normal operations
    [Fri Jun 07 10:22:07.800962 2024] [core:notice] [pid 23769:tid 140562428643200] AH00094: Command line: '/usr/sbin/apache2'
    [ E 2024-06-07 10:22:09.8328 23782/T5 age/Cor/SecurityUpdateChecker.h:521 ]: A security update is available for your version (6.0.17) of Phusion Passenger(R). We strongly recommend upgrading to version 6.0.22.
    [ E 2024-06-07 10:22:09.8328 23782/T5 age/Cor/SecurityUpdateChecker.h:526 ]: Additional security update check information:
    - [Fixed in 6.0.19] [CVE-2023-38545] A vulnerability existed in libcurl before 8.4.0 which was the library used for Passenger proxy functionality. Exploiting this vulnerability would require two preconditions. First a SOCKS5 proxy to be configured for Passenger licensing, anonymous telemetry, or security update check which is not the default but is possible. Second the attacker would need to cause Passenger to use an attacker-controlled URL when performing these requests. Causing Passenger to use non-standard urls requires that the attacker already have code execution on the Passenger host, or control of the Passenger config. If exploited this vulnerability could lead to code execution, due to buffer overflow.
    
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    That you have not done what I asked you to do. The command you ran can not work. Havent you read my post at all on that link?
     
  8. rfnx

    rfnx Member

    Seems the Passenger produces the error ...

    can I get rid of it without issues?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Which error did you get after following the steps I asked you to do? (btw, neither the command you ran nor looking into the global error.log are part of the procedure that i asked you to follow or helpful to find the reason for the issue).
     
  10. rfnx

    rfnx Member

    I tried but /etc/apache2/sites-available/domain.tld.vhost.bak does not exist so I went a step back and tried

    Code:
    apachectl -t -f /etc/apache2/sites-available/adaptopedia.com.vhost.err
     
  11. rfnx

    rfnx Member

    I could not follow as there is no bak file on the location ;)
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The bak file is created by you when you run the commands ..... Or what else do you think the first command you shall execute is doing:

    mv /etc/apache2/sites-available/domain.tld.vhost /etc/apache2/sites-available/domain.tld.vhost.bak

    This command creates a copy of your current vhost config file and saves it with .bak file extension.
     
  13. rfnx

    rfnx Member

    no bak file:
    upload_2024-6-7_10-48-17.png
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    This just shows you did not follow the instructions from that post.
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

  16. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so after you followed the procure now but posted the result to the wrong thread, it shows that you must have entered wrong things into the website config. What's in the apache directives field of that website (options tab of the website)?
     
  17. rfnx

    rfnx Member

    Ok, i was blind


    There was no error for the mv but service apache2 restart shows errors:

    Code:
    # service apache2 restart
    Job for apache2.service failed because the control process exited with error code.
    See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details
    .
     
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    Of curse not. the mv command is not to show an error, its to make a backup copy of your config.
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    According to the message, you seem to have added config into the apache directives field that Apache does not understand. So, what did you add in Apache directives field of the website (options tab of the site)?
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    And also, what did you add in the custom php.ini field? As this might explain why php-fpm fails.
     

Share This Page