New Install, used migration tool. 1 site not working

Discussion in 'Installation/Configuration' started by ShaferTech, Sep 25, 2023.

Tags:
  1. ShaferTech

    ShaferTech Member

    Working through a few issues.
    The biggest issue now we have an older code base that worked on the previous server (ISPconfig 3.2.2 centos). After the migration it won't work on the new server. It gives a 500 error. Nothing is in the sites error log, except for a sslstapling warning.
    I did try to change the PHP version to 7.2, that has had no effect. I'd like to try to switch PHP to mod-php. I installed mod-php7.2 version but it's not an option in the php drop down.
    The code is a codegniter project called ospos (opensource point of sale).
    Is there a log file i'm over looking? I've check the php-fpm7.2 log, it doesn't report any errors nor does the sites apache error.log.
    Fresh install on Ubuntu 22.04 LTS

    **update** I do have this error on almost every site:
    ssl_stapling_init_cert: can't retrieve issuer certificate!
     
    Last edited: Sep 25, 2023
    ShaferTech, Sep 25, 2023
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Taleman, Sep 27, 2023
    #2
  3. ShaferTech

    ShaferTech Member

    To answer the question, i used the options available in ispconfig for the site.
    also, i realized i shouldn't have created a new thread and moved my questions to my original thread here: https://forum.howtoforge.com/thread...ith-migration-kit-question.91178/#post-449959
     
    ShaferTech, Sep 27, 2023
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Switch the site to php 5.6. If you used the auto installer, then you should have all PHP versions from PHP 5.6 up to 8.2 installed by default. And use php mode php-fpm.

    You should undo that. mod_php is not used anymore today as its incompatible with http/2.

    You can find the reason for the error in the error.log file which in in the log folder of the website.

    This is unrelated and can be ignored.
     
    till, Sep 27, 2023
    #4
  5. ShaferTech

    ShaferTech Member

    I do.


    I did.

    Nothing in the error logs. Anywhere. I had to adjust php.ini for the site to display_errors = yes to finally get the error it was complaining about. The site in question is now working. However i have some other issues noted below.

    I have most of it working.

    Biggest issues I still have after the migration,
    1. ispconfig isn't managing certs properly. Dns is working. Let's say domain-b.com existed previously with a site defined domain-b.com, auto www option selected, LE cert was working on old server. It migrated over, and stopped working. The site isn't changed to www automatically. User is presented with an invalid cert because it belongs to another site. The domain-b vhost file was there with a :443 entry and pointing to the cert iin /etc/letsencrypt/live/domain-b.com/. Yet domain-b.com when visited from a browser is pulling the cert for domain-a.com. On a side note, the option for auto www, does nothing on the new server for ANY site. I have to select SEO Redirect tld.com -> www.tld.com option to get an auto www.

    Multiple sites have this cert issue, with a correct config.

    What would cause this with migration? Is ubuntu 22.04lts not allowing overrides by default? (assuming that ISPConfig writes to the .htaccess for the auto www option). Something didn't work with the migration.

    The only fix i have found is i can either:
    1. backup the web files, delete the site and certs manually. Add the site back and copy the files back over.
    or
    2. change the site from domain-b.com to www.domain-b.com in the panel. Then uncheck ssl and le options. save. Check the boxes for ssl and le options.
     
    ShaferTech, Sep 27, 2023
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you are most likely using a different LE client on old and new system. In that case, LE certs can not be migrated. See prerequisites section of Migration Tool tutorial: https://www.howtoforge.com/tutorial...-confixx-plesk-to-ispconfig-31-single-server/

    To fix that, go to site settings, untick LE checkbox, press save, enable LE checkbox again and press save. The new LE client you use will then get sued to request a new cert.
     
    till, Sep 27, 2023
    #6
    ShaferTech likes this.
  7. ShaferTech

    ShaferTech Member

    certbot on old and new.
     
    ShaferTech, Sep 27, 2023
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, then all certs should be there. Please check if the certs have been copied over to /etc/letsencrypt/ from old server and check that you do not have a folder /root/.acme.sh (e.g. with /root/.acme.sh).
     
    till, Sep 27, 2023
    #8
  9. ShaferTech

    ShaferTech Member

    certs are in /etc/letsencrypt.
    /root/.acme.sh folder does not exist.
     
    ShaferTech, Sep 27, 2023
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, that's good. So no acme.sh on the system.

    Disable Let's encrypt checkbox for the affected site in ISPConfig, press save, enable it again, press save. Does the site works, then? (after waiting until changes were written to disk)

    .htaccess files are not used by ISPConfig to configure your server and also this issue is likely not caused by the migration but by your new server system setup. One possible reason for your issue is described in Read before posting:

    https://forum.howtoforge.com/threads/please-read-before-posting.58408/

    See 'when visiting domain b, domain a shows up'. This happens when you mix up * and IPv4 addresses in sites. I'll always recommend you use * for all sites. If you have a single site with an IP, then this site gets all traffic, so take care all sites use *. Another possibility is that you use a wrong IP (that's why one should use *), because this will cause all sites to receive no traffic at all, no matter if the domain name matches or not.
     
    till, Sep 27, 2023
    #10
  11. ShaferTech

    ShaferTech Member

    They all have * for the ip.

    Just found this domain, it's dns is hosted elsewhere so just the www A record to points to my server. There's a wildcard redirect -> https://www.domainb.com from the dns provider.
    In the panel the site is listed as www.domainb.com. SSL is checked, but LE is NOT checked. This was site was correct previously. So if i check the LE box, nothing happens.
    The vhost file is also missing the :443 section.
    I had to uncheck ssl, save. Once finished, check ssl and le. Now it works.
     
    ShaferTech, Sep 27, 2023
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    See let's encrypt error FAQ https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ . It explains in detail why LE might refuse to issue a cert, like incorrect DNS records. If LE refuses to issue the cert, then no 443 section can be added as the web server would fail to start in that case. The FAQ links also to the debug instructions in case you want to see all the details why SSL or LE can not be activated for a site.
     
    till, Sep 27, 2023
    #12

Share This Page