Hi there Hopefully, this question only requires a quick reply. Having checked the status of my server on mxtoolbox, I am getting a warning that might cause problems further down the line. this is the warning I get Code: A Certificate in the chain will expire within the month Is there a quick fix for this warning? If so what is it?
The certificate for your website https://gregson.me.uk/ will expire in 27 days. It should be renewed automatically, so take a look at the Let's Encrypt log to see what is going wrong. You can view this log in the panel -> Monitor -> Let's Encrypt log.
The log is empty and I cannot find any let's encrypt log files I've also checked the other two servers
I'm using acme.sh as listed in the following guide Code: https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/#-install-lets-encrypt
Yes but it's empty... there are rotated log files with entries in them but nothing stands out to me that says there has been a problem
I can figure out how to get it off the server... I've tried mounting a USB stick that a problem at the mo tried scp but that keeps timing out, ssh don't tx files, tried mind control and that's not working. I can copy and past or I can grep some keywords to find the errors
Well that was a ask and a half, I had to use WinSPC in the end I don't really want to share the log file here, it has auth codes in it. Any ideas? Also its bigger that 2000 chars
Alright, let's try this in a different way (as described in the read before posting (https://www.howtoforge.com/community/threads/please-read-before-posting.58408/) -> I can't issue a Let's Encrypt cert (box is unchecked/error in log, etc) -> LE FAQ (https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/). Disable LE for the site, then go through this: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/ then enable LE and run the server.sh script manually. Check the output.
Nothing Code: root@martin:~# /usr/local/ispconfig/server/server.sh finished server.php. My Bad Didn't save after changing log level
Code: 11.03.2021-19:40 - DEBUG - Unable to register function 'vm_insert' from plugin ' openvz_plugin' for event 'openvz_vm_insert' 11.03.2021-19:40 - DEBUG - Unable to register function 'vm_update' from plugin ' openvz_plugin' for event 'openvz_vm_update' 11.03.2021-19:40 - DEBUG - Unable to register function 'vm_delete' from plugin ' openvz_plugin' for event 'openvz_vm_delete' 11.03.2021-19:40 - DEBUG - Calling function 'check_phpini_changes' from plugin ' webserver_plugin' raised by action 'server_plugins_loaded'. 11.03.2021-19:40 - DEBUG - Found 2 changes, starting update process. 11.03.2021-19:40 - DEBUG - Calling function 'server_ip' from plugin 'apache2_plu gin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0 11.03.2021-19:40 - DEBUG - Writing the conf file: /etc/apache2/sites-available/i spconfig.conf 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'apps_vhost_plu gin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'network_settin gs_plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - Network configuration disabled in server settings. 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'postfix_server _plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - safe_exec cmd: which 'dovecot' 2> /dev/null - return code: 0 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'server_service s_plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - Calling function 'server_update' from plugin 'webserv er_plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - Processed datalog_id 739 11.03.2021-19:40 - DEBUG - Calling function 'server_ip' from plugin 'apache2_plu gin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0 11.03.2021-19:40 - DEBUG - Writing the conf file: /etc/apache2/sites-available/i spconfig.conf 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'apps_vhost_plu gin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - retu rn code: 0 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'network_settin gs_plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - Network configuration disabled in server settings. 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'postfix_server _plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - safe_exec cmd: which 'dovecot' 2> /dev/null - return code: 0 11.03.2021-19:40 - DEBUG - Calling function 'update' from plugin 'server_service s_plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - Calling function 'server_update' from plugin 'webserv er_plugin' raised by event 'server_update'. 11.03.2021-19:40 - DEBUG - Processed datalog_id 740 11.03.2021-19:40 - DEBUG - Calling function 'restartHttpd' from module 'web_modu le'. 11.03.2021-19:40 - DEBUG - Restarting httpd: systemctl restart apache2.service 11.03.2021-19:40 - DEBUG - Calling function 'restartPostfix' from module 'mail_module'. 11.03.2021-19:40 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
Is this after enabling LE? Did you disable the server.sh cronjob? Also, part of the output is cut off, please share the full output.
I've just done it again with the LE checked Code: root@martin:~# /usr/local/ispconfig/server/server.sh 11.03.2021-20:16 - DEBUG - Unable to register function 'vm_insert' from plugin 'openvz_plugin' for event 'openvz_vm_insert' 11.03.2021-20:16 - DEBUG - Unable to register function 'vm_update' from plugin 'openvz_plugin' for event 'openvz_vm_update' 11.03.2021-20:16 - DEBUG - Unable to register function 'vm_delete' from plugin 'openvz_plugin' for event 'openvz_vm_delete' 11.03.2021-20:16 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 11.03.2021-20:16 - DEBUG - Found 1 changes, starting update process. 11.03.2021-20:16 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 11.03.2021-20:16 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 11.03.2021-20:16 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web1' - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web1' - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client1/web1'|awk 'END{print $2,$NF}' - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: setquota -u 'web1' '0' '0' 0 0 -a &> /dev/null - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: setquota -T -u 'web1' 604800 604800 -a &> /dev/null - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client1/web1' - return code: 0 11.03.2021-20:16 - DEBUG - Verified domain gregson.me.uk should be reachable for letsencrypt. 11.03.2021-20:16 - DEBUG - Verified domain www.gregson.me.uk should be reachable for letsencrypt. 11.03.2021-20:16 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 11.03.2021-20:16 - DEBUG - Create Let's Encrypt SSL Cert for: gregson.me.uk 11.03.2021-20:16 - DEBUG - Let's Encrypt SSL Cert domains: 11.03.2021-20:16 - DEBUG - exec: R=0 ; C=0 ; /root/.acme.sh/acme.sh --issue -d gregson.me.uk -d www.gregson.me.uk -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [[ $R -eq 0 || $R -eq 2 ]] ; then /root/.acme.sh/acme.sh --install-cert -d gregson.me.uk -d www.gregson.me.uk --key-file '/var/www/clients/client1/web1/ssl/gregson.me.uk-le.key' --fullchain-file '/var/www/clients/client1/web1/ssl/gregson.me.uk-le.crt' --reloadcmd 'systemctl force-reload apache2.service' --log '/var/log/ispconfig/acme.log'; C=$? ; fi ; if [[ $C -eq 0 ]] ; then exit $R ; else exit $C ; fi 11.03.2021-20:16 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 11.03.2021-20:16 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web1/.php-fcgi-starter' - return code: 0 11.03.2021-20:16 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web1/.php-fcgi-starter 11.03.2021-20:16 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web1/.php-fcgi-starter' - return code: 0 11.03.2021-20:16 - DEBUG - Enable SSL for: gregson.me.uk 11.03.2021-20:16 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/gregson.me.uk.vhost 11.03.2021-20:16 - DEBUG - Apache status is: running 11.03.2021-20:16 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 11.03.2021-20:16 - DEBUG - Restarting httpd: systemctl restart apache2.service 11.03.2021-20:16 - DEBUG - Apache restart return value is: 0 11.03.2021-20:16 - DEBUG - Apache online status after restart is: running 11.03.2021-20:16 - DEBUG - Processed datalog_id 741 11.03.2021-20:16 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php.
FWIW, the auth codes are not terrible sensitive/useful info, to abuse them you would also need the contents of the auth file as well as to intercept http traffic from letsencrypt servers to your server (either en-route or via dns attack), within the short time which letsencrypt will honor the particular request auth. But if you can manage the http interception, you can simply perform a new request for certificate, you don't need the actual auth file that is sitting on your real server. So not a big worry (spend time setting up your dnssec for protection).
Your log shows acme.sh completed with no problems (and indeed, checking the certificate on your web site, it was issued today) - see /var/log/ispconfig/acme.log for possibly more info.
