ISPConfig + Debian Update

Discussion in 'Installation/Configuration' started by 30uke, Jul 26, 2019.

  1. 30uke

    30uke Active Member HowtoForge Supporter

    I just finished updating ISPConfig from 3.1.3 to 3.1.14p2. After that I decided to update Debian Stretch 9.9 to Debian 10.0.
    I ran into several problems but after some searching I managed to fix these. I am hoping this may benefit someone.
    1. I was warned by Till but I looked over copying the postfix template to /usr/local/ispconfig/server/conf-custom/install/
      I had to edit /etc/postfix/ and I had removed the settings: reject_invalid_helo_hostname, reject_unknown_helo_hostname
    2. Websites which required PHP didn't work anymore. I remember that I had compiled and added several newer PHP versions by following the Howto "How to install PHP 7.1, 7.2 and 5.6 as PHP-FPM & FastCGI for ISPConfig 3 on Debian 9" | ref:
      So I just changed the PHP version per site over to "Default". The websites work again. I wil look into this later, as I have two PHP 7.3 versions on my VPS now...
    3. Updating the tables of Roundcube went wrong. Did not yet look into this as Roundcube seems to work.
      The error message appeared during package configuration:
      - Configuring roundcube-core
      - An error occurred while upgrading the database: ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld.sock' (2) [... etc ...].
      I think I have to run this database upgrade myself. But I did not yet find out how.
    4. IMAP didn't work well. Clients could not connect anymore.
      Error: Jul 26 21:41:27 s1 dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=xx.91.108.yy, lip=xxx.144.206.yy, session=<vy9xupqO7sFWW2xW>
      I was able to fix this by editing /etc/dovecot/dovecot.conf
      - Comment out: ssl_protocols = !SSLv3
      - Add: ssl_min_protocol = TLSv1.2
      - Add: ssl_dh =</usr/share/dovecot/dh.pem
      - Run: doveconf -Pn > dovecot-new-2.3.conf
      After that I had to restart dovecot: service dovecot restart
      I did also create a sym link so that dh.pem can also be read in /etc/dovecot (but I am not sure if that's really required; I don't think so)
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    When you plan to do a Distribution upgrade, then its important that you upgrade the Linux Distribution before you update ISPConfig. Otherwise, you will get a lot of problems as you noticed on your server.
  3. 30uke

    30uke Active Member HowtoForge Supporter

    :eek: I will keep that in mind for the next upgrade. I am happy e-mail and hosting seems to work fine now :cool:

Share This Page