ISPC3 on port 8080

Discussion in 'ISPConfig 3 Priority Support' started by mrbronz, Dec 28, 2020.

  1. mrbronz

    mrbronz Member HowtoForge Supporter

    Hi There

    I have just completed a complete rebuild of my servers ...Because I can!!! and I want to learn!!!

    Anyway...
    I cannot understand why the SSL cert for server1.mydomain.com:8080 are not working
    I have created another site mydomin.com and that works and is secure but when I direct it via port 8080 it is no longer secure.

    So my questions are,
    How can I find out / understand why the "Let's Encrypt" check box for server1.mydomain.com will not stay checked
    And why is it when I direct a secure site via port 8080 it's no longer secure

    Hope I've explained that well enough to understand

    Thanks in advance
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. mrbronz

    mrbronz Member HowtoForge Supporter

    Hi Till
    I am assuming it is up to date,
    ***"Check that you have Let’s Encrypt (certbot) installed. ISPConfig 3.1.16 and newer will also support acme.sh as client."

    I have just only yesterday reinstalled using your "The perfect server guide for Debian buster"
    You are missing a step in the guide btw "apt-get install curl" is missing from your installs list its required or you will not be able to run "curl https://get.acme.sh | sh -s"


    ***"Check that the Let's encrypt client 'certbot' is updated (when using certbot)."
    I was under the impression that this is taken care of as your guide states "ISPConfig is using acme.sh"

    ***"Check that you run the latest ISPConfig version."
    Yes confirmed.

    ***"When your server is behind a NAT router "
    I'm not so this is fine, besides it was previously working without changing this setting

    ***"- Check that all domain names"
    Yes this is confirmed, I have also created the "A" and "CNAME" etc records

    ***"- If you still use Apache 2.2"
    I am using the version you suggested in your guide

    ***"use Tools > resync to apply the new template to all sites"
    Confirmed this is completed successfully

    ***"I ran the ISPConfig 3.1 install script as suggested in your guide

    Still can't get it to work.
    Any other suggestions
    Many thanks
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You've gone through some steps of the FAQ, but not all. Follow the FAQ to the end and post the debug output.
     
  5. mrbronz

    mrbronz Member HowtoForge Supporter

    which steps have i missed?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

  7. mrbronz

    mrbronz Member HowtoForge Supporter

    ***Set log level to Debug under System > System > Server Config
    Confirm

    ***Run crontab -e
    Confirm

    ***Comment out "#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log"
    Confirm

    ***"Run the server script manually to get detailed debug output"
    Confirm

    ***Report the output
    "
    root@martin:/# /usr/local/ispconfig/server/server.sh
    finished server.php.
    root@martin:/#
    "
    The syslogs shows NO errors No errors or Debug info

    I've obviously missed something after looking over your FAQ at least 10 times or more and digging through the logs I don't know what else to do.
    It is quite obvious I have got something wrong but cannot put my finger on it.
    Sorry, this is a little negative but I'm willing to try anything at the moment.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Did you do in ISPCOnfig panel the operation that fails before doing
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Check again, you have not set the log level to debug yet. Probably you have set Send email to admin starting with the following level' to debug instead of 'loglevel' or something similar.
     
  10. mrbronz

    mrbronz Member HowtoForge Supporter

    I've just reinstalled again... but this time paid close attention to the messages I've been getting.
    Apart from when I'm installing ISPc3 everything is fine
    However,
    Code:
    Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:
    Checking / creating certificate for server1.mydomain.com
    Using certificate path /etc/letsencrypt/live/server1.mydomain.com
    Server's public ip(s) (123.123.123.123) not found in A/AAAA records for server1.mydomain.com:
    Ignore DNS check and continue to request certificate? (y,n) [n]: y
    When I continue
    and it asks for my sto secure ISP with SSL

    Code:
    Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:
    Checking / creating certificate for server1.mydomain.com
    Using certificate path /etc/letsencrypt/live/server1.mydomain.com
    Server's public ip(s) (123.123.123.123) not found in A/AAAA records for server1.mydomain.com:
    Ignore DNS check and continue to request certificate? (y,n) [n]: y
    
    Using apache for certificate validation
    [Tue 29 Dec 12:48:14 GMT 2020] server1.mydomain.com:Verify error:DNS problem: NXDOMAIN looking up A for server1.mydomain.com - check that a DNS record exists for this domain
    [Tue 29 Dec 12:48:14 GMT 2020] Please add '--debug' or '--log' to check more details.
    [Tue 29 Dec 12:48:14 GMT 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
    Could not issue letsencrypt certificate, falling back to self-signed.
    Could this be the issue?
    If so how do I fix it
    Many thanks
    PS I have not done anything to it at the moment its still a clean install
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    server1.mydomain.com must exits in DNS as A-Record and it must point to the IP address of your server so that it is reachable from the internet.
     
  12. mrbronz

    mrbronz Member HowtoForge Supporter

    Yes, this is confirmed... I have placed an A record with my Domain provider for the appropriate domain name server1.mydomain.com and mydomain.com and these are pointing to my external IP...
    I am aiming to get my own Name server working eventually
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    But the error shows that neither the ispconfig installer is able to reach your server under this name nor does let's encrypt systems are able to reach it. So either the DNS record is incorrect or you blocked access to port 80 and 443 from the internet e.g. by using an external firewall or you use a router and did not forward traffoc from your external Ip to the internal server IP.
     
  14. mrbronz

    mrbronz Member HowtoForge Supporter

    OK now I'm confused
    I have definitely and correcting entered my "A" records correctly and they have been in place for some time (I'm talking years) but when I put my HTTP or https://server1.mydomain.com it is not resolving.
    This can only be that my domain registrar Nameservers are not resolving my domain to my IP
    however, domain.com is being resolved correctly :(:confused::eek::oops:. ????
    I will contact them and see what's going on
     
    Last edited: Dec 29, 2020
  15. mrbronz

    mrbronz Member HowtoForge Supporter

    Seems there is an error with my domain registrar, and they are currently working on it to resolve the issue.
    I will keep you informed!
    Thanks for the input so far guys :)
     
    ahrasis and Th0m like this.
  16. mrbronz

    mrbronz Member HowtoForge Supporter

    OK, my domain registrar has managed to list my own Nameservers ns1 and ns2.

    Could I please have some guidance on how to recreate or test the for the previously mentioned error?
    Code:
    Using apache for certificate validation
    [Tue 29 Dec 12:48:14 GMT 2020] server1.mydomain.com:Verify error:DNS problem: NXDOMAIN looking up A for server1.mydomain.com - check that a DNS record exists for this domain
    [Tue 29 Dec 12:48:14 GMT 2020] Please add '--debug' or '--log' to check more details.
    [Tue 29 Dec 12:48:14 GMT 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
    Could not issue letsencrypt certificate, falling back to self-signed.
    Many thanks
     
  17. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My guess is server1.mydomain.com does not have A record.
    My signature has link to DNS tutorial, with info on how to test DNS is working.
    For example, test this way:
    Code:
    dig server1.mydomain.com A
     
  18. mrbronz

    mrbronz Member HowtoForge Supporter

    Talemen thanks for the speedy reply

    This is the result of the dig command:-
     
  19. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    So there is no DNS record and you need to create it.
     
  20. mrbronz

    mrbronz Member HowtoForge Supporter

    yes it has A records
    upload_2021-1-5_12-42-52.png
     

Share This Page