how to downgrade to 3.03

Discussion in 'Installation/Configuration' started by georges, Jan 31, 2012.

Page 1 of 2
  1. georges

    georges New Member

    Hello,
    I have multiple issue with the last version of Ispconfig3 (3.04) debian 6 and I would like to downgrade. Unfortunately, I have no backup (only .sql). Is there a way to downgrade to 3.03?
    thanks
     
    georges, Jan 31, 2012
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Downgrading is a very bad idea. Instead of downgrading to 3.0.3. you should update your server to the current release 3.0.4.2. 3.0.4 had some issues and they had all been fixed in 3.0.4.2.
     
    till, Jan 31, 2012
    #2
  3. georges

    georges New Member

    Not really for me
    Whathever
    Anyway is there a way to downgrade?
    Thanks
     
    georges, Jan 31, 2012
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please describe the issues that you have.
     
    till, Jan 31, 2012
    #4
  5. georges

    georges New Member

    They are multiple issues that one of my colleage has already talked about in other thread and no solution was found. Now we have to move quickly because we receive many complains: some browser like opera give blank page instead of the real page, Google cannot analyse the page, etc.
    Is there a way to downgrade?
    thanks
     
    georges, Jan 31, 2012
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    There are no known major problems (at least none that were not already present in 3.0.3 as well), please see bugtracker. The current ISPConfig 3.0.4.2 version is installed on > ten thousand servers already. So if your the only one who has this problem, then its most likely a configuration issue and not a bug from a statistical standpoint. If you do not post the problems nor report them to the bugtracker nor post the link to which thread you refer, we can not fix them or help you to fix them.

    Regarding the downgrade, a downgrade can cause a lot of problems (different database layout, different configuration files etc) and will most likely not fix any of your issues but cause a lot of new ones.

    Then I dont understand why you waste time by not explaining the issues in detail.
     
    till, Jan 31, 2012
    #6
  7. georges

    georges New Member

    They are a lot of issue (http://www.howtoforge.com/forums/showthread.php?t=55897) and we discover another problem every day. Maybe it's a configuration error. Whatever it is, we have to do something. An easy solution is to downgrade. We were happy with 3.03

    Google:
    But if you have a better and fast solution, we get it.
     
    georges, Jan 31, 2012
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    The thread above is about problems with a ssl cert from startssl that is used on the server. It does not depend on the ispconfig version as the ssl configuration (3 lines in the vhost file by the way) between 3.0.3 and 3.0.4 has not been changed, so downgrading to 3.0.3 does not make sense nor fix the problem. So the reason of your problems according to the thread above are the changes in the ssl certificate configuration and not the ispconfig update.

    This error means that a browser is trying to speak ssl to an non-ssl vhost.

    1) In which logfile do you get this error.
    2) You get this error when you try to access which URL?
    3) Are there any errors in the ssl log?
    4) Post the vhost file of the affected virtualhost.
     
    till, Jan 31, 2012
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    and one more thing,please post the output of:

    ls /usr/local/ispconfig/server/conf-custom/
     
    till, Jan 31, 2012
    #9
  10. georges

    georges New Member

    That’s right. We made the ssl right away the update. We discover other issues after writing the initial thread

    We receive some warnings from Mr Google.
    We do not use Opera, but some people says there is a blank page in the home page. And we check that. That is correct and new.[/QUOTE]

    xxxxxxxxx - - [29/Jan/2012:17:55:14 +0100] "\x16\x03\x01" 501 298 "-" "-"
    xxxx - - [29/Jan/2012:22:04:29 +0100] "\x16\x03\x01" 501 298 "-" "-"
    xxx - - [29/Jan/2012:22:04:34 +0100] "\x16\x03\x01" 501 298 "-" "-"


    4) Post the vhost file of the affected virtualhost.[/QUOTE]

    Code:
    ######################################################
# This virtual host contains the configuration
# for the ISPConfig controlpanel
######################################################

 Listen 8080
NameVirtualHost *:8080

<VirtualHost _default_:8080>
  ServerAdmin webmaster@localhost

  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
      Options Indexes FollowSymLinks MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
      Order allow,deny
      Allow from all
    </Directory>
  </IfModule>

  <IfModule mod_php5.c>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
      Options FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
         php_value magic_quotes_gpc        0
    </Directory>
  </IfModule>

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>

  # SSL Configuration
#  SSLEngine On
#  SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
#  SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

</VirtualHost>
    (in order the server runs, we add some comments...)
     
    georges, Jan 31, 2012
    #10
  11. georges

    georges New Member

    Code:
    
root@nsxxxx:~# ls /usr/local/ispconfig/server/conf-custom/
error  index  mail
root@xxxx:~#
     
    georges, Jan 31, 2012
    #11
  12. georges

    georges New Member

    There is one ton of message like that...
     
    georges, Jan 31, 2012
    #12
  13. georges

    georges New Member

    False
    The blank page is the home page of the forum (vbulletin 4.10)
     
    georges, Jan 31, 2012
    #13
  14. georges

    georges New Member

    Apache error.log
     
    georges, Jan 31, 2012
    #14
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so the issues are from your ssl changes and not the update.

    To fix them, you have to enable ssl in the ispconfig vhost again so that ssl requests to port 8080 can be answered with ssl by apache. Edit the ispconfig vhost file and remove the # in front of the lines:

    # SSLEngine On
    # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

    so that they look like this:

    SSLEngine On
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

    Then restart apache. If you encounter any problems on apache restart, then the ssl cert or key is broken. You should create a new key and cert then with these commands:

    Code:
    cd /usr/local/ispconfig/interface/ssl
mv ispserver.crt ispserver.crt_bak
mv ispserver.key ispserver.key_bak
openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr -signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key
    and restart apache again.
     
    till, Jan 31, 2012
    #15
  16. georges

    georges New Member

    Every time i did that, apache failed.
    I try pt 2.
     
    georges, Jan 31, 2012
    #16
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    Then your ssl cert is broken.
     
    till, Jan 31, 2012
    #17
  18. georges

    georges New Member

    Hum, I pretty sure this file was there initially
     
    georges, Jan 31, 2012
    #18
  19. georges

    georges New Member

    What is the relation with this message

     
    georges, Jan 31, 2012
    #19
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    The missing or broken ssl cert. The message indicates that the apache vhost was not able to answer requests due to the broken ssl configuration.

    So to sum this thread up, it was not a problem with the ispconfig update or 3.0.4 version. It was just a broken ssl cert which happened during the installation of new startsl certs.

    I'am sorry to say that, but if you would have posted the info that apache always failed when you uncomment the ssl directives in a vhost instead of insisting to downgrade ispconfig (which would not have solved this by the way) we could have solved your problems earlier.
     
    till, Jan 31, 2012
    #20
Page 1 of 2

Share This Page