Hi I want to set the security headers for a website. I added this to the Apache Directives: Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header always append X-Frame-Options DENY Header set X-Content-Type-Options nosniff Header set Content-Security-Policy "default-src 'self';" Header set X-Permitted-Cross-Domain-Policies "none" Header set Referrer-Policy "no-referrer" Unfortunately, this has no effects.
Check the config directory which contains the vhost files, this is normally /etc/apache2/sites-available/ is there a copy of the vhost file of this site with a .err ending? If yes, then apache rejected the config e.g. due to syntax errors.
You seem to have used Let's encrypt on the shell instead of using it from within ispconfig. This locks the site and makes it uneditable. We had the same case yesterday: https://www.howtoforge.com/communit...rsion-5-6-7-0-and-7-2-issue-with-https.82310/
And that's the problem, certbot may not be used to modify apache config files outside of ISPConfig as certbot is not able to edit the apache config file correctly which then locks up the site. Read the thread that I linked to above, I explained the procedure to fix your issue there.
I updated to git stable. And removed the vhost. I deleted the webpage and set up a new one I checked the Lets Encrypt SSL ... but domain is not secured
I did this successfully for one domain but on other it dosn't work. what could be the issue? When I leave save Let's Encrypt ssl and reload the page the checkboxes are unchecked.
