Hi! I installed a fresh Debian 11 and ISPConfig with the script: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ I have a problem with HTTPS: the only thing that works is the ISPConfig panel when typing my IP: https:// 5.185.54.134:8080 Already attempting to open https:// 5.185.54.134/webmail ends with ERR_SSL_PROTOCOL_ERROR Websites without HTTPS work without any problems, for example: http:// szmaragd.pl. With https - the same error as above. Attempting to open https:// localhost or https:// localhost/webmail on the local server shows the error: SSL_ERROR_RX_RECORD_TOO_LONG Of course, I can't enable SSL and Let's Encrypt in the ISPconfig panel. I have public, static IP. Server is in DMOZ (i tried port forwarding as well). htf_report: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 11 (bullseye) [INFO] uptime: 10:12:56 up 2 days, 19:25, 1 user, load average: 1,75, 0,71, 0,30 [INFO] memory: razem użyte wolne dzielone buf/cache dostępne Pamięć: 31Gi 4,5Gi 23Gi 209Mi 3,3Gi 26Gi Wymiana: 976Mi 0B 976Mi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● networking.service loaded failed failed Raise network interfaces LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.6 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.24 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.24 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 565773) [INFO] I found the following mail server(s): Postfix (PID 2363) [INFO] I found the following pop3 server(s): Dovecot (PID 944) [INFO] I found the following imap server(s): Dovecot (PID 944) [INFO] I found the following ftp server(s): PureFTP (PID 1529) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:995 (944/dovecot) [localhost]:11332 (566010/rspamd:) [localhost]:11333 (566010/rspamd:) [localhost]:11334 (566010/rspamd:) [localhost]:10023 (778/postgrey) [anywhere]:587 (2363/master) [localhost]:6379 (988/redis-server) [localhost]:11211 (949/memcached) [anywhere]:110 (944/dovecot) [anywhere]:143 (944/dovecot) [anywhere]:465 (2363/master) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) ***.***.***.***:53 (950/named) [anywhere]:21 (1529/pure-ftpd) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [localhost]:53 (950/named) [anywhere]:22 (1026/sshd:) [anywhere]:25 (2363/master) [localhost]:953 (950/named) [anywhere]:4190 (944/dovecot) [anywhere]:993 (944/dovecot) *:*:*:*::*:995 (944/dovecot) *:*:*:*::*:11332 (566010/rspamd:) *:*:*:*::*:11333 (566010/rspamd:) *:*:*:*::*:11334 (566010/rspamd:) *:*:*:*::*:10023 (778/postgrey) *:*:*:*::*:3306 (1131/mariadbd) *:*:*:*::*:587 (2363/master) *:*:*:*::*:6379 (988/redis-server) [localhost]10 (944/dovecot) [localhost]43 (944/dovecot) *:*:*:*::*:8080 (565773/apache2) *:*:*:*::*:80 (565773/apache2) *:*:*:*::*:8081 (565773/apache2) *:*:*:*::*:465 (2363/master) *:*:*:*::*:21 (1529/pure-ftpd) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) *:*:*:*::*56a8:74c:b98:4:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) fdc4:2b44:885c:d00:2:53 (950/named) *:*:*:*::*:22 (1026/sshd:) *:*:*:*::*:25 (2363/master) *:*:*:*::*:953 (950/named) *:*:*:*::*:443 (565773/apache2) *:*:*:*::*:4190 (944/dovecot) *:*:*:*::*:993 (944/dovecot) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
Ifconfig below, because there is some warn: Code: root@server:~# ifconfig enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.170 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::56a8:74c:b98:48b2 prefixlen 64 scopeid 0x20<link> inet6 fdc4:2b44:885c:d00:261e:b88f:c3e7:dd49 prefixlen 64 scopeid 0x0<global> ether 0a:e0:af:c1:05:9a txqueuelen 1000 (Ethernet) RX packets 288331 bytes 87540846 (83.4 MiB) RX errors 0 dropped 50 overruns 0 frame 0 TX packets 1106110 bytes 63367946 (60.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 3769055 bytes 415401565 (396.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3769055 bytes 415401565 (396.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
SSL certs are for hostnames and domains, not IP addresses. So accessing a https service by IP must throw an error. Use the server hostname that you issued the SSL cert for instead of the IP. You are accessing a HTTP host by https. This means that the SSL default vhost is not enabled, it is not used by ISPConfig, so that's generally fine. See: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and take care to disable let's encrypt check, mentioned in the FAQ as well, as your server is behind a router that probably blocks the check.
