Last saturday I had problems updating two host cluster of ISPConfig to 3.2.12 (https://forum.howtoforge.com/thread...icate-cannot-open-dev-tcp-127-0-0-1-80.92689/) Now I try on ns2 host making sure host has created certificate from LE and not self-signed. But now ispconfig_update.sh does not ask about creating certificate. I have removed acme.sh certificate: Code: root@ns2:~# acme.sh --list Main_Domain KeyLength SAN_Domains CA Created Renew root@ns2:~# and there is no certificate directory in /root/.acme.sh/ . There is sertificate in /usr/local/ispconfig/interface/ssl/ but how to check if it is self-signed or from LE? Code: root@ns2:~# ls /usr/local/ispconfig/interface/ssl/ total 32 drwxr-x--- 2 root root 4096 Jul 13 13:18 . drwxr-x--- 9 ispconfig ispconfig 4096 Dec 23 2023 .. -rwxr-x--- 1 root root 768 Jul 17 15:31 dhparam4096.pem -rwxr-x--- 1 root root 45 Jul 17 15:31 empty.dir -rwxr-x--- 1 root root 2122 Jul 13 13:18 ispserver.crt -rwxr-x--- 1 root root 3272 Jul 13 13:09 ispserver.key -rwxr-x--- 1 root root 5394 Jul 13 13:18 ispserver.pem root@ns2:~# Certificate checking websites do not work here, since host does not run apache. It is only name server, so I think there are no services that would use a SSL certificate. It might be pointless to create certificate on this host, I'm just wondering why ispconfig_update.sh no longer asks if one should be created?
You can get the issuer of a ssl cert on the command-line like this: Code: openssl x509 -in certificate.crt -noout -issuer
Nice command. It shows the certificate is self-signed. If I remove the three certificate files, then ispconfig_update.sh maybe asks if new certificate shall be created?
I moved away the files in /usr/local/ispconfig/interface/ssl -directory. Now ispconfig_update.sh --force did create LE certificate, and placed the files in /root/.acme.sh/<myFQDN> and /usr/local/ispconfig/interface/ssl directories. However, I still got the error message sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file I tried to read the update PHP code, but did not understand what that error could be. I did notice the script writes about /etc/letsencrypt: Code: Checking / creating certificate for <myFQDN> Using certificate path /etc/letsencrypt/live/<myFQDN> sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/<myFQDN> Why is script Using certificate path /etc/letsencrypt/live ? This host does not have that directory and never had certbot installed. I also do not understand why script made self-signed certificate on Saturday. Maybe it was something temporary since now LE worked.
That's ok and not an error, you can ignore that. I'm not quite sure why some systems throw that message, but is has no negative side effects.
If this path really does not exist, cahcek with: ls -la /etc/letsencrypt/live/ then its likely an error that it gets mentioned. Its the same code for both LE clients.
If found the code in line 3100 in file ispconfig3_install/install/lib/installer_base.lib.php: Code: // Check http port 80 status as it cannot be determined at post hook stage $port80_status=exec('true &>/dev/null </dev/tcp/127.0.0.1/80 && echo open || echo close'); I checked on Debian 10, 11, 12 and Ubuntu 22.04 hosts, that file does not exist. None of those hosts had /dev/tcp directory. I have not seen that error message before this week, but it should happen every time on those linux hosts. Is there some setting that blocks displaying error messages in the updater PHP code and it does not get set every time?
No. The result of a PHP exec is usually not displayed anyway. Maybe it's related to a specific PHP version.
The is no letsencrypt directory in /etc: Code: # ls -lhd /etc/letsencrypt ls: cannot access '/etc/letsencrypt': No such file or directory