ISPConfig panel fails after update to Debian Buster: suexec failure

I had a fully functioning ISPConfig server in Debian Stretch
After the upgrade to Debian Buster i run

Code:

ispconfig_update.sh

to update ispconfig to the last version.

However ISPConfig panel don't work. The Apache error message is "Internal Server Error"
In /var/log/apache2/error.log the error message is:

Code:

suexec failure: could not open log file
fopen: Permission denied
[Mon Aug 16 14:05:46.474854 2021] [fcgid:warn] [pid 13041] (104)Connection reset by peer: [client x.y.a.b:60237] mod_fcgid: error reading data from FastCGI server
[Mon Aug 16 14:05:46.474908 2021] [core:error] [pid 13041] [client x.y.a.b:60237] End of script output before headers: index.php

Debug report:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 10 (buster)

[INFO] uptime:  14:22:41 up  1:10,  1 user,  load average: 0.72, 0.65, 0.52

[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          5.9Gi       1.8Gi       3.9Gi        95Mi       196Mi       4.1Gi
Swap:            0B          0B          0B

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.5


##### VERSION CHECK #####

[INFO] php (cli) version is 7.2.34-23+0~20210701.63+debian10~1.gbpd7cd48
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.29

##### PORT CHECK #####

[WARN] Port 8080 (ISPConfig) seems NOT to be listening
[WARN] Port 22 (SSH server) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 16209)
[INFO] I found the following mail server(s):
    Postfix (PID 16020)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 16190)
[INFO] I found the following imap server(s):
    Dovecot (PID 16190)
[INFO] I found the following ftp server(s):
    PureFTP (PID 16240)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[anywhere]:110        (16190/dovecot)
[anywhere]:143        (16190/dovecot)
[anywhere]:465        (16020/master)
[localhost]:9011        (148/php-fpm:)
***.***.***.***:53        (16248/named)
[localhost]:53        (16248/named)
[anywhere]:21        (16240/pure-ftpd)
[localhost]:953        (16248/named)
[anywhere]:25        (16020/master)
[localhost]:9018        (145/php-fpm:)
[anywhere]:4190        (16190/dovecot)
[anywhere]:993        (16190/dovecot)
[anywhere]:995        (16190/dovecot)
[localhost]:9028        (148/php-fpm:)
[anywhere]:2244        (162/sshd)
[localhost]:10023        (293/postgrey)
[localhost]:10024        (16176/amavisd-new)
[localhost]:10025        (16020/master)
[localhost]:10026        (16176/amavisd-new)
[localhost]:10027        (16020/master)
[anywhere]:587        (16020/master)
[localhost]:11211        (159/memcached)
[localhost]10        (16190/dovecot)
[localhost]43        (16190/dovecot)
*:*:*:*::*:80        (16209/apache2)
*:*:*:*::*:8081        (16209/apache2)
*:*:*:*::*:465        (16020/master)
*:*:*:*::*:53        (16248/named)
*:*:*:*::*:21        (16240/pure-ftpd)
*:*:*:*::*:8086        (16209/apache2)
*:*:*:*::*:953        (16248/named)
*:*:*:*::*:25        (16020/master)
*:*:*:*::*:443        (16209/apache2)
*:*:*:*::*:4190        (16190/dovecot)
*:*:*:*::*:993        (16190/dovecot)
*:*:*:*::*:995        (16190/dovecot)
*:*:*:*::*:2244        (162/sshd)
*:*:*:*::*:10024        (16176/amavisd-new)
*:*:*:*::*:10026        (16176/amavisd-new)
*:*:*:*::*:3306        (15732/mysqld)
*:*:*:*::*:587        (16020/master)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


##### LET'S ENCRYPT #####
Certbot is installed in /usr/bin/letsencrypt

This seem to be a suexec error. However suexec is normally installed in Apache

Code:

 apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fcgid_module (shared)
 filter_module (shared)
 headers_module (shared)
 include_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php7_module (shared)
 proxy_module (shared)
 proxy_fcgi_module (shared)
 python_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)
 suexec_module (shared)

Can anyone give me a clue as to what is going on?

 

After upgrade to new OS version, you must go through the ISPConfig Perfect Server Guide for that new OS.
Then run forced ispconfig_update.sh.
Also, it seems your PHP version is wrong, this has info on fixing that: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/

 

Thank you very much for your quick response. It is already fixed.
To adapt to the new "systemctl containers" in Debian Buster I modified the Apache service configuration with the parameter

Code:

NoNewPrivileges=yes

However this configuration did not allow the Apache service to run suexec correctly.
Once this command was removed from the Apache configuration, suexec is working properly again and the ISPConfig panel is working again.