Hello everyone, I have a question that may have been asked before. Sorry for this, this is not intended. Together with a few friends, we've rented a dedicated server from a hosting provider. We run proxmox as hypervisor, with Debian/ISPConfig on top of this. Yeah, an ambitious project for sure... But, independent (from US cloud providers) and in full control over our data. Now, I'm running into an issue where services such as Postfix and FTP, do not seem to work with Let's Encrypt certificates. During the investigation why this is not working and reading up on forum posts here, a couple of times the advice is to run "ispconfig_update.sh". Since I believed this could not hurt and the server is not yet fully into production, why not give this a try. However, when running this command, I received an error: "Unable to retrieve version file". But, as far as I can judge, everything seems to be working fine. Netwerk, DNS, etc. I just do not understand why the update script is not working. Fortunatelly, Im already bald, so I can skip the part where I'm pulling my hair out... Thanks in advance if you’re willing to assist me. I've already gathered some information from this forum that seems relevant to the challenge I'm facing. In some places, I needed to scramble the results a bit, since this forum didn't allow me to post as-is because it detected links. Installation method Code: Debian 12, fully updates before installation Installation based on the installation script from ISPConfig. Version: ISPConfig version is 3.3.0p2 host ispconfig. org Code: ispconfig. org has address 172. 67. 75. 112 ispconfig. org has address 104. 26. 11. 246 ispconfig. org has address 104. 26. 10. 246 ispconfig. org has IPv6 address 2606: 4700: 20::681a:af6 ispconfig. org has IPv6 address 2606: 4700: 20::681a:bf6 ispconfig. org has IPv6 address 2606: 4700: 20::ac43:4b70 ispconfig. org mail is handled by 10 mail. ispconfig. org. cat /etc/bind/named. conf. options Code: options { directory "/var/cache/bind"; forwarders { 185.12.64.2; 2a01:4ff:ff00::add:1; 185.12.64.1; 2a01:4ff:ff00::add:2; }; version "unknown"; allow-transfer {none;}; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; cat /etc/resolv. conf Code: nameserver 127.0.0.1 cat /etc/hosts Code: 127.0.0.1 localhost. localdmain localhost 127.0.1.1 nexus001. notmyrealdomain. com nexus001 ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters cat /etc/network/interfaces Code: source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug ens18 iface ens18 inet static address 1.2.3.4/26 (IP address redacted for publication) gateway 1.2.3.4 (IP address redacted for publication) autoconf 0 iface ens18 inet6 static address (IP address redacted for publication) gateway fe80::1 autoconf 0 nslookup ispconfig. org Code: Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: ispconfig. org Address: 172.67.75.112 Name: ispconfig. org Address: 104.26.11.246 Name: ispconfig. org Address: 104.26.10.246 Name: ispconfig. org Address: 2606:4700:20::ac43:4b70 Name: ispconfig. org Address: 2606:4700:20::681a:af6 Name: ispconfig. org Address: 2606:4700:20::681a:bf6 ping ispconfig. org Code: PING ispconfig. org(2606:4700:20::681a:af6 (2606:4700:20::681a:af6)) 56 data bytes 64 bytes from 2606:4700:20::681a:af6 (2606:4700:20::681a:af6): icmp_seq=1 ttl=57 time=1.81 ms wget -q -O htf-common-issues.php "http: // gitplace. net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php root@nexus001:~# cat htf_report.txt | more Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 12 (bookworm) [INFO] uptime: 13:54:34 up 3 min, 2 users, load average: 0.00, 0.00, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 7.8Gi 1.0Gi 6.6Gi 65Mi 490Mi 6.7Gi Swap: 974Mi 0B 974Mi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION 0 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.3.0p2 ##### VERSION CHECK ##### [INFO] php (cli) version is 8.2.29 [INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.29 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 940) [INFO] I found the following mail server(s): Postfix (PID 1460) [INFO] I found the following pop3 server(s): Dovecot (PID 651) [INFO] I found the following imap server(s): Dovecot (PID 651) [INFO] I found the following ftp server(s): PureFTP (PID 1174) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:11211 (656/memcached) [localhost]:6379 (675/redis-server) [anywhere]:3306 (886/mariadbd) [localhost]:11333 (720/rspamd:) [localhost]:11332 (720/rspamd:) [localhost]:11334 (720/rspamd:) [localhost]:953 (657/named) [localhost]:953 (657/named) [localhost]:953 (657/named) [localhost]:953 (657/named) [anywhere]:995 (651/dovecot) [anywhere]:993 (651/dovecot) [anywhere]:587 (1460/master) [anywhere]:465 (1460/master) [anywhere]:143 (651/dovecot) [anywhere]:22 (686/sshd:) [anywhere]:21 (1174/pure-ftpd) [anywhere]:25 (1460/master) [localhost]:53 (657/named) [localhost]:53 (657/named) [localhost]:53 (657/named) [localhost]:53 (657/named) [anywhere]:110 (651/dovecot) [anywhere]:4190 (651/dovecot) [localhost]:10023 (674/postgrey) ***.***.***.***:53 (657/named) ***.***.***.***:53 (657/named) ***.***.***.***:53 (657/named) ***.***.***.***:53 (657/named) *:*:*:*::*3:53 (657/named) *:*:*:*::*3:53 (657/named) *:*:*:*::*3:53 (657/named) *:*:*:*::*3:53 (657/named) *:*:*:*::*:953 (657/named) *:*:*:*::*:953 (657/named) *:*:*:*::*:953 (657/named) *:*:*:*::*:953 (657/named) *:*:*:*::**:*:*:*::*53 (657/named) *:*:*:*::**:*:*:*::*53 (657/named) *:*:*:*::**:*:*:*::*53 (657/named) *:*:*:*::**:*:*:*::*53 (657/named) *:*:*:*::*:53 (657/named) *:*:*:*::*:53 (657/named) *:*:*:*::*:53 (657/named) *:*:*:*::*:53 (657/named) *:*:*:*::*:8081 (940/apache2) *:*:*:*::*:8080 (940/apache2) *:*:*:*::*:10023 (674/postgrey) *:*:*:*::*:3306 (886/mariadbd) *:*:*:*::*:995 (651/dovecot) *:*:*:*::*:993 (651/dovecot) *:*:*:*::*:587 (1460/master) *:*:*:*::*:443 (940/apache2) *:*:*:*::*:465 (1460/master) [localhost]43 (651/dovecot) *:*:*:*::*:22 (686/sshd:) *:*:*:*::*:21 (1174/pure-ftpd) *:*:*:*::*:25 (1460/master) *:*:*:*::*:6379 (675/redis-server) [localhost]10 (651/dovecot) *:*:*:*::*:80 (940/apache2) *:*:*:*::*:4190 (651/dovecot) *:*:*:*::*:11334 (720/rspamd:) *:*:*:*::*:11332 (720/rspamd:) *:*:*:*::*:11333 (720/rspamd:) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-before-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-input 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-input 0 -- [anywhere]/0 [anywhere]/0 ufw-track-input 0 -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-before-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-forward 0 -- [anywhere]/0 [anywhere]/0 ufw-track-forward 0 -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-before-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-output 0 -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output 0 -- [anywhere]/0 [anywhere]/0 ufw-reject-output 0 -- [anywhere]/0 [anywhere]/0 ufw-track-output 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input 17 -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT 1 -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT 17 -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT 17 -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ACCEPT 0 -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN 0 -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT 17 -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT 17 -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT 6 -- [anywhere]/0 [anywhere]/0 tcp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG 0 -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT 0 -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT 0 -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
You must have blocked access from your server to ispconfig.org. The updater tries to check the version and download the latest version, and this fails. So you have a networking issue or you blocked outgoing connections with a firewall. Probably the same reason why Let's Encrypt fails.
Yeah, you are right. I must have missed the IPv6 story part here. I added IPv6 at a later stage and I was really looking at DNS and got blindsided a bit. There was a IPv6 firewall active with the VPS/server provider. Thanks for the feedback till, much appreciated! For anyone else reading this, try testing with wget: For IPv4: Code: wget --inet4-only https://www.google.com/.well-known/security.txt For IPv6 Code: wget --inet6-only https://www.google.com/.well-known/security.txt
