No UI SSL access after New Server ISPConfig 3 Install

Discussion in 'Installation/Configuration' started by cjsdfw, Aug 9, 2023.

Tags:
  1. cjsdfw

    cjsdfw Member

    Hi guys,
    I have followed the ISPConfig Perfect Server setup for Ubuntu 22.04 ISPConfig 3.2.12:

    https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/

    Installs with no problem but when I try to access the ISPConfig UI using https://servername.com:8080, it opens with http instead.

    I was under the impression the script now created SSL certificates for ISPConfig, Postfix, etc automatically. Do I need to specify some other option when installing for this ti happen?

    I tried creating a website for the servername.com domain with LetsEncrypt selected but that did not solve the issue.

    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    It does, unless LE refuses to issue a cert, which must have happened here.

    No.


    Please undo that, it makes things worse and will cause SSL issuing to fail for the UI.

    To create a sl cert for the ISPConfig UI if it failed during install (this happens when LE was unable to reach your hostname at install time), then just run:

    ispconfig_update.sh --force

    and choose to reconfigure services during update and then let the updater create a new SSL cert. Take care that the server hostname exists find DNS before doing the update and also take care that thy system can be reached on port 80 from the internet, as that#s what LE is doing to verify the hostname before issuing the cert.
     
  3. cjsdfw

    cjsdfw Member

     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no benefit in reinstalling it, it just takes longer. Just run the command to update ISPConfig that I mentioned and chose to reconfigure ispconfig and recreate SSL when it asks for that.
     
  5. cjsdfw

    cjsdfw Member

    Hi Tilll,
    I ran
    ispconfig_update.sh --force

    I still can not access with ssl (https://)
    Here is relevant output:
    ...
    ISPConfig Port [8080]:

    Create new ISPConfig SSL certificate (yes,no) [no]: yes

    Checking / creating certificate for srv1.onpointswr.com
    Using certificate path /root/.acme.sh/srv1.onpointswr.com
    sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file
    Using apache for certificate validation
    acme.sh is installed, overriding certificate path to use /root/.acme.sh/srv1.onpointswr.com
    Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

    Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]:
    ...

    Here is UFW Status
    To Action From
    -- ------ ----
    21/tcp ALLOW Anywhere
    22/tcp ALLOW Anywhere
    25/tcp ALLOW Anywhere
    53/tcp ALLOW Anywhere
    80/tcp ALLOW Anywhere
    110/tcp ALLOW Anywhere
    143/tcp ALLOW Anywhere
    443/tcp ALLOW Anywhere
    465/tcp ALLOW Anywhere
    587/tcp ALLOW Anywhere
    993/tcp ALLOW Anywhere
    995/tcp ALLOW Anywhere
    3306/tcp ALLOW Anywhere
    4190/tcp ALLOW Anywhere
    8080/tcp ALLOW Anywhere
    8081/tcp ALLOW Anywhere
    9003/tcp ALLOW Anywhere
    40110:40210/tcp ALLOW Anywhere
    53/udp ALLOW Anywhere
    21/tcp (v6) ALLOW Anywhere (v6)
    22/tcp (v6) ALLOW Anywhere (v6)
    25/tcp (v6) ALLOW Anywhere (v6)
    53/tcp (v6) ALLOW Anywhere (v6)
    80/tcp (v6) ALLOW Anywhere (v6)
    110/tcp (v6) ALLOW Anywhere (v6)
    143/tcp (v6) ALLOW Anywhere (v6)
    443/tcp (v6) ALLOW Anywhere (v6)
    465/tcp (v6) ALLOW Anywhere (v6)
    587/tcp (v6) ALLOW Anywhere (v6)
    993/tcp (v6) ALLOW Anywhere (v6)
    995/tcp (v6) ALLOW Anywhere (v6)
    3306/tcp (v6) ALLOW Anywhere (v6)
    4190/tcp (v6) ALLOW Anywhere (v6)
    8080/tcp (v6) ALLOW Anywhere (v6)
    8081/tcp (v6) ALLOW Anywhere (v6)
    9003/tcp (v6) ALLOW Anywhere (v6)
    40110:40210/tcp (v6) ALLOW Anywhere (v6)
    53/udp (v6) ALLOW Anywhere (v6)

    And
    ping srv1.onpointswr.com
    root@srv1:~# ping srv1.onpointswr.com
    PING srv1.onpointswr.com (127.0.1.1) 56(84) bytes of data.
    64 bytes from srv1.onpointswr.com (127.0.1.1): icmp_seq=1 ttl=64 time=0.029 ms
    64 bytes from srv1.onpointswr.com (127.0.1.1): icmp_seq=2 ttl=64 time=0.056 ms

    Any more suggestions?
    Is this normal?
    sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file

    Thanks again
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    No, that's not normal. Seems as if you got a SSL cert, but somehow it's not recognized. I have not seen this error message on any of my systems, but I know we had this in another support thread quite some time ago. What kind of server is this? If its a virtual server, which virtualization do you use?

    please run the command:

    sudo ls -la /root/.acme.sh/srv1.onpointswr.com

    and post the result.

    Then please run:

    sudo dpkg-reconfigure dash

    and choose no in the dialog that shows up. Then try the ispconfig_update.sh --force again, do you get https access now?
     
  7. cjsdfw

    cjsdfw Member

    Hi Till,

    This morning everything worked, did nothing since yesterday :)
    Anyways here is the output from the command
    sudo ls -la /root/.acme.sh/srv1.onpointswr.com
    total 44
    drwxr-xr-x 3 root root 4096 Aug 9 19:34 .
    drwx------ 7 root root 4096 Aug 9 19:19 ..
    drwxr-xr-x 2 root root 4096 Aug 9 19:34 backup
    -rw-r--r-- 1 root root 3751 Aug 9 19:34 ca.cer
    -rw-r--r-- 1 root root 5873 Aug 9 19:34 fullchain.cer
    -rw-r--r-- 1 root root 2122 Aug 9 19:34 srv1.onpointswr.com.cer
    -rw-r--r-- 1 root root 911 Aug 9 19:40 srv1.onpointswr.com.conf
    -rw-r--r-- 1 root root 1708 Aug 9 19:34 srv1.onpointswr.com.csr
    -rw-r--r-- 1 root root 192 Aug 9 19:34 srv1.onpointswr.com.csr.conf
    -rw------- 1 root root 3243 Aug 9 19:19 srv1.onpointswr.com.key

    I did not ran the other commands as it is working now.

    Thank you so much for your help, you are amazing!
     
  8. cjsdfw

    cjsdfw Member

    Forgot to give you the server details:
    Hosted in VULTR.COM Shared Server:
    2 vCPUs
    RAM: 4096.00 MB
    Storage: 100 GB NVMe
    OS: Ubuntu 22.04 x64

    Let me know if you want me to run any command that provides info that may be helpful.
    Regards
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    If it works now, then everything should be ok. Server is fine as well, I just asked because some lxc containers sometimes cause strange issues when you run ISPConfig inside such a container.
     
  10. Koce

    Koce New Member

    Hello, i have same error after update with ispconfig_update.sh --force
    sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file

    I read on the forum about a solution to the problem with:
    dpkg-reconfigure dash this did not solve the problem. I using Debian 12 and "dpkg-reconfigure" dash no longer works
     
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Actually @till just said that to check but not to proceed as by default we use bash in our setup and not dash, so just share the output here. Autoinstaller should correctly define that already, so don't change it.

    Please share the above result.
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    On Debian 12, sh can no longer be changed from dash to bash, it will stay at dash even if you change it. But this should not cause issues in the current ISPConfig versions on Debian 12. Do you have any actual problem or just this warning? And the reason for this in the original post might well have been the use of a limited container environment like LXC instead of using a VM.
     
    ahrasis likes this.
  13. Koce

    Koce New Member

    root@server1:~# sudo ls -la /root/.acme.sh/server1.raidbo.com
    total 44
    drwxr-xr-x 3 root root 4096 Sep 2 14:50 .
    drwx------ 10 root root 4096 Sep 20 13:21 ..
    drwxr-xr-x 2 root root 4096 Sep 2 14:50 backup
    -rw-r--r-- 1 root root 3751 Sep 2 14:50 ca.cer
    -rw-r--r-- 1 root root 5869 Sep 2 14:50 fullchain.cer
    -rw-r--r-- 1 root root 2118 Sep 2 14:50 server1.raidbo.com.cer
    -rw-r--r-- 1 root root 910 Sep 21 15:38 server1.raidbo.com.conf
    -rw-r--r-- 1 root root 1704 Sep 2 14:50 server1.raidbo.com.csr
    -rw-r--r-- 1 root root 191 Sep 2 14:50 server1.raidbo.com.csr.conf
    -rw------- 1 root root 3243 Sep 2 14:50 server1.raidbo.com.key
    For now only this warning.
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Then I would just ignore it.
     
    Koce likes this.
  15. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Roger that though I thought one can simply run ln -sf /bin/bash to /bin/sh or something to fix the shortcoming, if needed.

    I might have to check my scripts whether they still gonna work in the latest environment.
     
  16. Koce

    Koce New Member

    Ok Thank You
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    manually changing the symlink will probably work, but who knows if it get changed back on Debian update later, using dpkg to change it does not work anymore.
     
    Last edited: Sep 22, 2023
  18. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

  19. till

    till Super Moderator Staff Member ISPConfig Developer

    I fear this won't help as the base issue is that PHP uses /bin/sh to execute commands when using e.g. exec() or open. PHP does not obey $PATH and even if you use /bin/bash to start that php script, it will use /bin/sh in the end internally to execute commands.

    But maybe we should go back to the original problem, that dash is causing this was one of my original assumptions, but it might well be that the real issue is just using LXC in a mode that prevents access to /dev/tcp/127.0.0.1/80, especially as I do not see such a message on any of my own systems which use full virtualizations like KVM or VMWare.
     

Share This Page