Freshly installed ISPconfig, no SSL via letsencrypt ; cryptic error

Discussion in 'Installation/Configuration' started by sjak_congnac, Jan 23, 2022.

  1. sjak_congnac

    sjak_congnac New Member

    • Installed a server according to perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1
    • When i create a site via the panel then i get working default place holder over http
    • When i enable ssl/letencrpt via admin the place holder via https is not working
    • I can see the certs are succesfully created
    I do not see any updates being done to the file in /etc/apache2 in regards to creating a 443 virtualhost.

    Any help is appreciated


    I enabled debug mode via *debugging-ispconfig-3-server-actions-in-case-of-a-failure/
    whenever i enable ssl/letsencrypt the log show me this:
    Code:
     Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web2' - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web2'|awk 'END{print $2,$NF}' - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: setquota -u 'web2' '0' '0' 0 0 -a &> /dev/null - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: setquota -T -u 'web2' 604800 604800 -a &> /dev/null - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web2' - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Verified domain * should be reachable for letsencrypt.
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Verified domain * should be reachable for letsencrypt.
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Trying to use Systemd to restart service
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Create Let's Encrypt SSL Cert for: *
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - Let's Encrypt SSL Cert domains:
Sun 23 Jan 2022 03:50:08 AM CET 23.01.2022-03:50 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue  -d * -d * -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert  -d * -d * --key-file '/var/www/clients/client1/web2/ssl/xxx.tv-le.key' --fullchain-file '/var/www/clients/client1/web2/ssl/xxx.tv-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C  ; fi
Sun 23 Jan 2022 03:50:09 AM CET sh: 1: [[: not found
Sun 23 Jan 2022 03:50:09 AM CET sh: 1: 2: not found
Sun 23 Jan 2022 03:50:09 AM CET sh: 1: [[: not found
Sun 23 Jan 2022 03:50:09 AM CET 23.01.2022-03:50 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0



[CODE]
##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 10 (buster)

[INFO] uptime:  03:51:24 up  3:47,  3 users,  load average: 0.03, 0.09, 0.03

[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          7.8Gi       1.7Gi       5.9Gi        15Mi       233Mi       5.9Gi
Swap:            0B          0B          0B

[INFO] systemd failed services status:
  UNIT               LOAD   ACTIVE SUB    DESCRIPTION             
● networking.service loaded failed failed Raise network interfaces

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.7p1


##### VERSION CHECK #####

[INFO] php (cli) version is 7.3.31-1~deb10u1
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.31

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 9983)
[INFO] I found the following mail server(s):
    Postfix (PID 8647)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 8692)
[INFO] I found the following imap server(s):
    Dovecot (PID 8692)
[INFO] I found the following ftp server(s):
    PureFTP (PID 8802)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:10024        (8677/amavisd-new)
[localhost]:10025        (8647/master)
[localhost]:10026        (8677/amavisd-new)
[localhost]:10027        (8647/master)
[anywhere]:587        (8647/master)
[localhost]:11211        (10887/memcached)
[anywhere]:110        (8692/dovecot)
[anywhere]:143        (8692/dovecot)
[anywhere]:8080        (9983/apache2)
[anywhere]:80        (9983/apache2)
[anywhere]:8081        (9983/apache2)
[anywhere]:465        (8647/master)
***.***.***.***:53        (8814/named)
***.***.***.***:53        (8814/named)
[localhost]:53        (8814/named)
[anywhere]:21        (8802/pure-ftpd)
[anywhere]:22        (497/sshd)
[localhost]:953        (8814/named)
[anywhere]:25        (8647/master)
[anywhere]:443        (9983/apache2)
[anywhere]:993        (8692/dovecot)
[anywhere]:995        (8692/dovecot)
*:*:*:*::*:3306        (8375/mysqld)
*:*:*:*::*:587        (8647/master)
[localhost]10        (8692/dovecot)
[localhost]43        (8692/dovecot)
*:*:*:*::*:465        (8647/master)
*:*:*:*::*:53        (8814/named)
*:*:*:*::*:21        (8802/pure-ftpd)
*:*:*:*::*:22        (497/sshd)
*:*:*:*::*:25        (8647/master)
*:*:*:*::*:993        (8692/dovecot)
*:*:*:*::*:995        (8692/dovecot)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination         
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-track-forward (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:63005
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:63005
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1194
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22 /* 'dapp_OpenSSH' */
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:8080
ACCEPT     tcp  --  ***.***.***.***/24         ***.***.***.***       tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:80

Chain ufw-user-output (1 references)
target     prot opt source               destination         

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh
    Sun 23 Jan 2022 03:50:09 AM CET 23.01.2022-03:50 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/xxx.tv.vhost[/CODE]
     
    sjak_congnac, Jan 23, 2022
    #1
  2. sjak_congnac

    sjak_congnac New Member

    i have installed certbot besides acme.sh and it is now working, i rechecked if certbot install was part of the manual and it seems it is not.
    Hope this helps someone
     
    sjak_congnac, Jan 23, 2022
    #2
  3. sjak_congnac

    sjak_congnac New Member

    now i add a new client and a new site and the problem is back
     
    Last edited: Jan 23, 2022
    sjak_congnac, Jan 23, 2022
    #3
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You failed to set bash as/bin/sh.

    You should only install one letsencrypt client to avoid confusion/errors.
     
    Jesse Norell, Jan 23, 2022
    #4
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    That is considered quite an old manual since the latest one suggest the use of ISPConfig Auto Installer on a minimal install instead and that would avoid all the troubles for most users especially new ones.
     
    ahrasis, Jan 23, 2022
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    As others mentioned, you did not follow the install guide closely, you skipped chapter 6, which now causes Let#s encrypt to fail. Redo chapter 6 if the installation guide to fix your setup.
     
    till, Jan 23, 2022
    #6
  7. sjak_congnac

    sjak_congnac New Member

    Thank you, i can confirm this works, and thank you for pointing me to the auto installer.
    Can i suggest that the availability of the auto installer is mentioned with those perfect server tutorials. It would have saved me some time, perhaps others can be prevented to make the same mistake like i did
     
    sjak_congnac, Jan 23, 2022
    #7
    Th0m likes this.
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Autoinstaller is mentioned in ISPConfig Documentation page: https://www.ispconfig.org/documentation/
    It is the first choice in the Installation instructions for ISPConfig 3 -chapter, and says
     
    Taleman, Jan 24, 2022
    #8
  9. sjak_congnac

    sjak_congnac New Member

    @Taleman Thank you, i think it can be a idea to add the availability of the auto installer to all the perfect server guides. If i search for perfect server guides via search engine i miss the page you referring too thus not seeing the availability of the auto installer. Like in the below site(i cannot post links yet because of freshness to the forum)

    upload_2022-1-24_11-16-23.png
     
    sjak_congnac, Jan 24, 2022
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    If you go to the central source for ISPConfig installation guides, the website ispconfig.org, then you find the auto-installer guide there listed as the recommended installation guide on the documentation page. The perfect server guides are the traditional manual ISPConfig setups, you searched for the name of the manual install guides and the search engines returned you the correct manual install guide.
     
    till, Jan 24, 2022
    #10
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    It maybe doable but if one would think that all ISPConfig perfect server tutorials need to be updated just for that, I kinda think it becomes somehow ridiculous since there are lot of them and one should be better upgrading his searching skills rather than hoping for whatever he thinks best is the best. :rolleyes:
     
    ahrasis, Jan 24, 2022
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    I'll add a link to the new automated guides step by step when updating the normal perfect server guides. But it's generally recommended to go to the ispconfig.org website as a starting point when searching for the latest recommended install method.
     
    till, Jan 24, 2022
    #12
  13. sjak_congnac

    sjak_congnac New Member

    thank you all for the responses to my suggestion, at least i understand now you are understanding my suggestion.
     
    sjak_congnac, Jan 24, 2022
    #13

Share This Page