error 500 on ispconfig panel:

Discussion in 'General' started by Xzave, Mar 11, 2022.

  1. Xzave

    Xzave Member

    my control panel is out error SSL_ERROR_RX_RECORD_TOO_LONG on firefox


    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)

    [INFO] uptime: 02:43:29 up 9:17, 1 user, load average: 0.07, 0.13, 0.13

    [INFO] memory:
    total used free shared buff/cache available
    Mem: 31Gi 3.8Gi 1.1Gi 432Mi 26Gi 26Gi
    Swap: 11Gi 4.0Mi 11Gi

    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.2.7p1


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 7.3.33-1+0~20211119.91+debian10~1.gbp618351
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.2.34

    ##### PORT CHECK #####

    [WARN] Port 22 (SSH server) seems NOT to be listening

    ##### MAIL SERVER CHECK #####


    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Apache 2 (PID 30124)
    [INFO] I found the following mail server(s):
    Postfix (PID 23420)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 23624)
    [INFO] I found the following imap server(s):
    Dovecot (PID 23624)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 23806)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    [localhost]:53 (23819/named)
    [anywhere]:21 (23806/pure-ftpd)
    [localhost]:953 (23819/named)
    [anywhere]:25 (23420/master)
    [anywhere]:993 (23624/dovecot)
    [anywhere]:5666 (995/nrpe)
    [anywhere]:995 (23624/dovecot)
    [localhost]:10024 (23568/amavisd-new)
    [localhost]:10025 (23420/master)
    [localhost]:10026 (23568/amavisd-new)
    [localhost]:3306 (23134/mariadbd)
    [localhost]:10027 (23420/master)
    [anywhere]:587 (23420/master)
    [anywhere]:6379 (834/redis-server)
    [localhost]:11211 (725/memcached)
    [anywhere]:110 (23624/dovecot)
    [anywhere]:143 (23624/dovecot)
    [anywhere]:465 (23420/master)
    [anywhere]:2257 (800/sshd)
    *:*:*:*::*:53 (23819/named)
    *:*:*:*::*:21 (23806/pure-ftpd)
    *:*:*:*::*:3128 (19639/(squid-1))
    *:*:*:*::*:953 (23819/named)
    *:*:*:*::*:25 (23420/master)
    *:*:*:*::*:443 (30124/apache2)
    *:*:*:*::*:7134 (1300/java)
    *:*:*:*::*:993 (23624/dovecot)
    *:*:*:*::*:5666 (995/nrpe)
    *:*:*:*::*:995 (23624/dovecot)
    *:*:*:*::*:10024 (23568/amavisd-new)
    *:*:*:*::*:10026 (23568/amavisd-new)
    *:*:*:*::*:587 (23420/master)
    [localhost]10 (23624/dovecot)
    [localhost]43 (23624/dovecot)
    *:*:*:*::*:8080 (30124/apache2)
    *:*:*:*::*:80 (30124/apache2)
    *:*:*:*::*:8081 (30124/apache2)
    *:*:*:*::*:465 (23420/master)
    *:*:*:*::*:2257 (800/sshd)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy DROP)
    target prot opt source destination
    DOCKER-USER all -- [anywhere]/0 [anywhere]/0
    DOCKER-ISOLATION-STAGE-1 all -- [anywhere]/0 [anywhere]/0
    ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED
    DOCKER all -- [anywhere]/0 [anywhere]/0
    ACCEPT all -- [anywhere]/0 [anywhere]/0
    ACCEPT all -- [anywhere]/0 [anywhere]/0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain DOCKER (1 references)
    target prot opt source destination

    Chain DOCKER-ISOLATION-STAGE-1 (1 references)
    target prot opt source destination
    DOCKER-ISOLATION-STAGE-2 all -- [anywhere]/0 [anywhere]/0
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain DOCKER-ISOLATION-STAGE-2 (1 references)
    target prot opt source destination
    DROP all -- [anywhere]/0 [anywhere]/0
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain DOCKER-USER (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)

    [INFO] uptime: 02:43:29 up 9:17, 1 user, load average: 0.07, 0.13, 0.13

    [INFO] memory:
    total used free shared buff/cache available
    Mem: 31Gi 3.8Gi 1.1Gi 432Mi 26Gi 26Gi
    Swap: 11Gi 4.0Mi 11Gi

    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.2.7p1


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 7.3.33-1+0~20211119.91+debian10~1.gbp618351
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.2.34

    ##### PORT CHECK #####

    [WARN] Port 22 (SSH server) seems NOT to be listening

    ##### MAIL SERVER CHECK #####


    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Apache 2 (PID 30124)
    [INFO] I found the following mail server(s):
    Postfix (PID 23420)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 23624)
    [INFO] I found the following imap server(s):
    Dovecot (PID 23624)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 23806)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    ***.***.***.***:53 (23819/named)
    [localhost]:53 (23819/named)
    [anywhere]:21 (23806/pure-ftpd)
    [localhost]:953 (23819/named)
    [anywhere]:25 (23420/master)
    [anywhere]:993 (23624/dovecot)
    [anywhere]:5666 (995/nrpe)
    [anywhere]:995 (23624/dovecot)
    [localhost]:10024 (23568/amavisd-new)
    [localhost]:10025 (23420/master)
    [localhost]:10026 (23568/amavisd-new)
    [localhost]:3306 (23134/mariadbd)
    [localhost]:10027 (23420/master)
    [anywhere]:587 (23420/master)
    [anywhere]:6379 (834/redis-server)
    [localhost]:11211 (725/memcached)
    [anywhere]:110 (23624/dovecot)
    [anywhere]:143 (23624/dovecot)
    [anywhere]:465 (23420/master)
    [anywhere]:2257 (800/sshd)
    *:*:*:*::*:53 (23819/named)
    *:*:*:*::*:21 (23806/pure-ftpd)
    *:*:*:*::*:3128 (19639/(squid-1))
    *:*:*:*::*:953 (23819/named)
    *:*:*:*::*:25 (23420/master)
    *:*:*:*::*:443 (30124/apache2)
    *:*:*:*::*:7134 (1300/java)
    *:*:*:*::*:993 (23624/dovecot)
    *:*:*:*::*:5666 (995/nrpe)
    *:*:*:*::*:995 (23624/dovecot)
    *:*:*:*::*:10024 (23568/amavisd-new)
    *:*:*:*::*:10026 (23568/amavisd-new)
    *:*:*:*::*:587 (23420/master)
    [localhost]10 (23624/dovecot)
    [localhost]43 (23624/dovecot)
    *:*:*:*::*:8080 (30124/apache2)
    *:*:*:*::*:80 (30124/apache2)
    *:*:*:*::*:8081 (30124/apache2)
    *:*:*:*::*:465 (23420/master)
    *:*:*:*::*:2257 (800/sshd)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy DROP)
    target prot opt source destination
    DOCKER-USER all -- [anywhere]/0 [anywhere]/0
    DOCKER-ISOLATION-STAGE-1 all -- [anywhere]/0 [anywhere]/0
    ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED
    DOCKER all -- [anywhere]/0 [anywhere]/0
    ACCEPT all -- [anywhere]/0 [anywhere]/0
    ACCEPT all -- [anywhere]/0 [anywhere]/0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain DOCKER (1 references)
    target prot opt source destination

    Chain DOCKER-ISOLATION-STAGE-1 (1 references)
    target prot opt source destination
    DOCKER-ISOLATION-STAGE-2 all -- [anywhere]/0 [anywhere]/0
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain DOCKER-ISOLATION-STAGE-2 (1 references)
    target prot opt source destination
    DROP all -- [anywhere]/0 [anywhere]/0
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain DOCKER-USER (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Code:
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.3.33-1+0~20211119.91+debian10~1.gbp618351
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.2.34
    Fix the default PHP version for the OS back to original.
    Code:
    update-alternatives --config php
    update-alternatives --config php-cgi
     
  3. Xzave

    Xzave Member

    my OS is debian 10 then I change for php7.3 and php-cgi 7.3 too
    all my websites is down, ispconfig is down, apache2 don't restart

    apache2 log
    Code:
    [Fri Mar 11 15:54:26.333964 2022] [ssl:warn] [pid 31617:tid 140557146440832] AH01906: ns3129236.ip-188-165-214.eu:443:0 server certificate is a CA certifica$
    [Fri Mar 11 15:54:26.334135 2022] [ssl:error] [pid 31617:tid 140557146440832] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: $
    [Fri Mar 11 15:54:26.334149 2022] [ssl:error] [pid 31617:tid 140557146440832] AH02604: Unable to configure certificate ns3129236.ip-188-165-214.eu:443:0 for$
    [Fri Mar 11 15:54:26.334566 2022] [ssl:emerg] [pid 31617:tid 140557146440832] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/ispconfig/htt$
    AH00016: Configuration Failed
    
    
    [ 2022-03-11 15:54:26.3564 31623/7f28bffff700 age/Cor/CoreMain.cpp:532 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force $
    [ 2022-03-11 15:54:26.3564 31630/7f3d947ff700 age/Ust/UstRouterMain.cpp:422 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to f$
    [ 2022-03-11 15:54:26.3564 31623/7f28ccf56980 age/Cor/CoreMain.cpp:901 ]: Received command to shutdown gracefully. Waiting until all clients have disconnect$
    [ 2022-03-11 15:54:26.3565 31630/7f3d948b7980 age/Ust/UstRouterMain.cpp:492 ]: Received command to shutdown gracefully. Waiting until all clients have disco$
    [ 2022-03-11 15:54:26.3567 31630/7f3d947ff700 Ser/Server.h:464 ]: [UstRouter] Shutdown finished
    

    New report

    Code:
    ##### SCRIPT FINISHED #####
    Results can be found in htf_report.txt
    To view results use your favourite text editor or type 'cat htf_report.txt | more' on the server console.
    
    If you want to see the non-anonymized output start the script with --debug as parameter (php -q htf-common-issues.php --debug).
    
    root@ns3129236:/etc/apache2/sites-enabled# cat htf_report.txt | more
    
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)
    
    [INFO] uptime:  16:03:17 up 12:22,  1 user,  load average: 0.18, 0.19, 0.18
    
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:           31Gi       3.1Gi        23Gi       508Mi       5.1Gi        27Gi
    Swap:          11Gi          0B        11Gi
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.7p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.3.33-1+0~20211119.91+debian10~1.gbp618351
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.33
    
    ##### PORT CHECK #####
    
    [WARN] Port 8080 (ISPConfig) seems NOT to be listening
    [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening
    [WARN] Port 80 (Webserver) seems NOT to be listening
    [WARN] Port 443 (Webserver SSL) seems NOT to be listening
    [WARN] Port 22 (SSH server) seems NOT to be listening
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [WARN] I could not determine which web server is running.
    [INFO] I found the following mail server(s):
            Postfix (PID 30733)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 30991)
    [INFO] I found the following imap server(s):
            Dovecot (PID 30991)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 31070)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [localhost]:953         (31092/named)
    [anywhere]:25           (30733/master)
    [anywhere]:993          (30991/dovecot)
    [anywhere]:5666         (884/nrpe)
    [anywhere]:995          (30991/dovecot)
    [localhost]:10024               (30881/amavisd-new)
    [localhost]:10025               (30733/master)
    [localhost]:10026               (30881/amavisd-new)
    [localhost]:3306                (30418/mariadbd)
    [localhost]:10027               (30733/master)
    [anywhere]:587          (30733/master)
    [localhost]:11211               (760/memcached)
    [anywhere]:6379         (856/redis-server)
    [anywhere]:110          (30991/dovecot)
    [anywhere]:143          (30991/dovecot)
    [anywhere]:465          (30733/master)
    [anywhere]:2257         (866/sshd)
    ***.***.***.***:53              (31092/named)
    ***.***.***.***:53              (31092/named)
    ***.***.***.***:53              (31092/named)
    ***.***.***.***:53              (31092/named)
    ***.***.***.***:53              (31092/named)
    ***.***.***.***:53              (31092/named)
    ***.***.***.***:53              (31092/named)
    [localhost]:53          (31092/named)
    [anywhere]:21           (31070/pure-ftpd)
    *:*:*:*::*:3128         (1123/(squid-1))
    *:*:*:*::*:953          (31092/named)
    *:*:*:*::*:25           (30733/master)
    *:*:*:*::*:7134         (1505/java)
    *:*:*:*::*:993          (30991/dovecot)
    *:*:*:*::*:5666         (884/nrpe)
    *:*:*:*::*:995          (30991/dovecot)
    *:*:*:*::*:10024                (30881/amavisd-new)
    *:*:*:*::*:10026                (30881/amavisd-new)
    *:*:*:*::*:587          (30733/master)
    [localhost]10           (30991/dovecot)
    [localhost]43           (30991/dovecot)
    *:*:*:*::*:465          (30733/master)
    *:*:*:*::*:2257         (866/sshd)
    *:*:*:*::*:53           (31092/named)
    *:*:*:*::*:21           (31070/pure-ftpd)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    DOCKER-USER  all  --  [anywhere]/0            [anywhere]/0
    DOCKER-ISOLATION-STAGE-1  all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    DOCKER     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-pureftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain DOCKER (1 references)
    target     prot opt source               destination
    
    Chain DOCKER-ISOLATION-STAGE-1 (1 references)
    target     prot opt source               destination
    DOCKER-ISOLATION-STAGE-2  all  --  [anywhere]/0            [anywhere]/0
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain DOCKER-ISOLATION-STAGE-2 (1 references)
    target     prot opt source               destination
    DROP       all  --  [anywhere]/0            [anywhere]/0
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain DOCKER-USER (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You could disable or delete the vhost file for ns3129236.ip-188-165-214.eu and see if apache will start, then work on fixing the certificate setup in that site.
     
  5. Xzave

    Xzave Member

    First, I verify apache2 syntax with configtest and I find on line 225 an error, I fix it. because I upgrade dovecot i have many problems with certificates. Now apache2 run.
    But not possible to restart my ispconfig, all the sites redirect on apache index file.
    Then i try to fix with
    Code:
    ispconfig_update.sh --force
    but i have an error in self certificate:

    Code:
    Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
      Domain: ns3129236.ip-188-165-214.eu
      Type:   connection
      Detail: Fetching http://ns3129236.ip-188-165-214.eu/.well-known/acme-challenge/uy7QcJDbuF1aEt1NE4p1Tywh9axWlJtsyMbe1Z8wzuo: Connection refused
    
    Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from
    this command line
    ls -la /usr/local/ispconfig/interface/ssl/
    Code:
    drwxr-s--- 2 root      root      4096 Mar 11 19:37 .
    drwxr-s--- 9 ispconfig ispconfig 4096 Aug 11  2020 ..
    -rwxr-x--- 1 root      root        45 Mar 11 19:37 empty.dir
    -rwxr-x--- 1 root      root      1939 Mar 11 19:37 ispserver.crt
    -rwxr-x--- 1 root      root      1476 Aug 11  2020 ispserver.crt-200812173355.bak
    -rwxr-x--- 1 root      root      1557 Aug 11  2020 ispserver.csr
    -rwxr-x--- 1 root      root      3272 Mar 11 19:37 ispserver.key
    -rwxr-x--- 1 root      root      1704 Aug 11  2020 ispserver.key-200812173402.bak
    -rwxr-x--- 1 root      root      3311 Aug 11  2020 ispserver.key.secure
    -rwxr-x--- 1 root      root      5211 Mar 11 19:37 ispserver.pem
    -rwxr-x--- 1 root      root      3063 Mar 11 01:00 ispserver.pem-20220311010035.bak
    
     
    Last edited: Mar 11, 2022
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    It would be best to assign your server a better hostname, the hostname of the system should be a subdomain of a domain you own like server1.yourdomain.tld, and this subdomain must point to your system in DNS with a DNS A-Record so that it's accessible from the internet. Then you must ensure that your system can be reached from the internet and apache must be running, you won't get an SSL cert issued from Let's encrypt when apache is down.

    There is also a let#s encrypt error FAQ that explains in detail which requirements must be met to get a Let#s encrypt SSL cert:

    https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
     
  7. Xzave

    Xzave Member

    apache2 run now, certbot is update i read the faq.
    when I would like to recreate a new certificate with force isponfig update, I have an error. how can I restart because when I force update to renew certificate, at the end of the process apache shutdown.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    See Jesse's post above, you must disable that vhost.
     

Share This Page