If there were a problem in a vhost file, I'd expect apachectl to report that, but to answer your question, remove all the symlinks in sites-enabled, then reinstall and reconfigure services - I think that will put the two default ispconfig links (000-ispconfig.conf and 000-ispconfig.vhost) and assuming your ssl certificate files are sane (you could remove the files in /usr/local/ispconfig/interface/ssl/ and let the installer generate new ones), should hopefully get ispconfig ui going again. Then resync websites.
THanks Till Ive tried several times to run the update as you suggested but it always falls over then it comes to restarting the services. Code: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Mailman Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Ubuntu Firewall Configuring Database Updating ISPConfig Certificate exists. Not creating a new one. Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. I've tried this 3 times but cannot get past starting apache. Surely it cannot be this difficult just because ISPC3 cert went out of date!
Hi Jesse Thanks for getting back to me. I have re-run the install and taken the reports as quickly as I could these are listed below Code: # systemctl status apache2.service ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2021-04-16 09:57:32 BST; 37s ago Docs: https://httpd.apache.org/docs/2.4/ Process: 14756 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) Apr 16 09:56:24 martin systemd[1]: Starting The Apache HTTP Server... Apr 16 09:57:26 martin apachectl[14756]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.vhost:7 Apr 16 09:57:32 martin apachectl[14756]: Action 'start' failed. Apr 16 09:57:32 martin apachectl[14756]: The Apache error log may have more information. Apr 16 09:57:32 martin systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE Apr 16 09:57:32 martin systemd[1]: apache2.service: Failed with result 'exit-code'. Apr 16 09:57:32 martin systemd[1]: Failed to start The Apache HTTP Server. ************************************* Apache error.log [ 2021-04-16 09:57:29.7588 14781/7f1784ada980 age/Wat/WatchdogMain.cpp:1291 ]: Starting Passenger watchdog... [ 2021-04-16 09:57:31.6642 14784/7f4c5755c980 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core... [ 2021-04-16 09:57:31.6644 14784/7f4c5755c980 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode. [ 2021-04-16 09:57:31.9365 14784/7f4c5755c980 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 14784 [ 2021-04-16 09:57:32.1874 14802/7fb7451f8980 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter... [ 2021-04-16 09:57:32.2993 14802/7fb7451f8980 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 14802 [Fri Apr 16 09:57:32.356794 2021] [ssl:emerg] [pid 14760] AH02565: Certificate and private key martin.gregson.me.uk:8080:0 from /usr/local/ispconfig/interface/ssl/ispserve$ AH00016: Configuration Failed [ 2021-04-16 09:57:32.5529 14784/7f4c56c23700 age/Cor/CoreMain.cpp:532 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown) [ 2021-04-16 09:57:32.5530 14802/7fb7450f9700 age/Ust/UstRouterMain.cpp:422 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown) [ 2021-04-16 09:57:32.5532 14802/7fb7451f8980 age/Ust/UstRouterMain.cpp:492 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected... [ 2021-04-16 09:57:32.5532 14802/7fb744877700 Ser/Server.h:817 ]: [UstRouterApiServer] Freed 0 spare client objects [ 2021-04-16 09:57:32.5532 14802/7fb744877700 Ser/Server.h:464 ]: [UstRouterApiServer] Shutdown finished [ 2021-04-16 09:57:32.5532 14784/7f4c5755c980 age/Cor/CoreMain.cpp:901 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected... [ 2021-04-16 09:57:32.5533 14784/7f4c563a1700 Ser/Server.h:817 ]: [ServerThr.2] Freed 128 spare client objects [ 2021-04-16 09:57:32.5533 14784/7f4c563a1700 Ser/Server.h:464 ]: [ServerThr.2] Shutdown finished [ 2021-04-16 09:57:32.5538 14784/7f4c56c23700 Ser/Server.h:817 ]: [ServerThr.1] Freed 128 spare client objects [ 2021-04-16 09:57:32.5538 14784/7f4c56c23700 Ser/Server.h:464 ]: [ServerThr.1] Shutdown finished [ 2021-04-16 09:57:32.5539 14802/7fb7450f9700 Ser/Server.h:464 ]: [UstRouter] Shutdown finished [ 2021-04-16 09:57:32.5547 14802/7fb7451f8980 age/Ust/UstRouterMain.cpp:523 ]: Passenger UstRouter shutdown finished [ 2021-04-16 09:57:32.6428 14784/7f4c55b1f700 Ser/Server.h:817 ]: [ApiServer] Freed 0 spare client objects [ 2021-04-16 09:57:32.6428 14784/7f4c55b1f700 Ser/Server.h:464 ]: [ApiServer] Shutdown finished [ 2021-04-16 09:57:32.7110 14784/7f4c5755c980 age/Cor/CoreMain.cpp:967 ]: Passenger core shutdown finished *************************************************** journalctl -xe Apr 16 09:57:46 martin named[14855]: managed-keys-zone: loaded serial 5 Apr 16 09:57:46 martin named[14855]: zone 0.in-addr.arpa/IN: loaded serial 1 Apr 16 09:57:46 martin named[14855]: zone 127.in-addr.arpa/IN: loaded serial 1 Apr 16 09:57:46 martin named[14855]: zone 255.in-addr.arpa/IN: loaded serial 1 Apr 16 09:57:46 martin named[14855]: zone localhost/IN: loaded serial 2 Apr 16 09:57:46 martin named[14855]: all zones loaded Apr 16 09:57:46 martin systemd[1]: Started BIND Domain Name Server. -- Subject: A start job for unit bind9.service has finished successfully -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- A start job for unit bind9.service has finished successfully. -- -- The job identifier is 23439. Apr 16 09:57:46 martin named[14855]: running Apr 16 09:58:03 martin CRON[14867]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 16 09:58:03 martin CRON[14868]: pam_unix(cron:session): session opened for user root by (uid=0) Apr 16 09:58:03 martin CRON[14870]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; do Apr 16 09:58:03 martin CRON[14871]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done Apr 16 09:58:17 martin postfix/smtpd[14882]: warning: cannot get RSA private key from file "/etc/postfix/smtpd.key": disabling TLS support Apr 16 09:58:17 martin postfix/smtpd[14882]: warning: TLS library problem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:../crypto/x50 Apr 16 09:58:19 martin CRON[14867]: pam_unix(cron:session): session closed for user root Apr 16 09:58:20 martin CRON[14868]: pam_unix(cron:session): session closed for user root Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: Global time limit set to 120000 milliseconds. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: Global size limit set to 104857600 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: File size limit set to 26214400 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: Recursion level limit set to 16. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: Files limit set to 10000. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxPartitions limit set to 50. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxIconsPE limit set to 100. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: MaxRecHWP3 limit set to 16. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: PCREMatchLimit limit set to 10000. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: PCRERecMatchLimit limit set to 5000. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Limits: PCREMaxFileSize limit set to 26214400. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Archive support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> AlertExceedsMax heuristic detection disabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Heuristic alerts enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Portable Executable support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> ELF support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Mail files support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> OLE2 support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> PDF support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> SWF support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> HTML support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> XMLDOCS support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> HWP3 support enabled. Apr 16 09:58:20 martin clamd[14745]: Fri Apr 16 09:58:20 2021 -> Self checking every 3600 seconds.
Try to remove But you remove the symlinks in sites-enabled like jesse described before you ran the update?
Ive just re-run the install removing the symlinks again recreated the SSL certs Here is the output Code: # ispconfig_update.sh --force -------------------------------------------------------------------------------- _____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ -------------------------------------------------------------------------------- >> Update Please choose the update method. For production systems select 'stable'. WARNING: The update from GIT is only for development systems and may break your current setup. Do not use the GIT version on servers that host any live websites! Note: On Multiserver systems, enable maintenance mode and update your master server first. Then update all slave servers, and disable maintenance mode when all servers are updated. Select update method (stable,nightly,git-develop) [stable]: Downloading ISPConfig update. Unpacking ISPConfig update. -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Update Operating System: Debian 10.0 (Buster) or compatible This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: n Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: no Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.zIkGVQcT1N/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Mailman Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Ubuntu Firewall Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for martin.gregson.me.uk Using certificate path /root/.acme.sh/martin.gregson.me.uk Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/martin.gregson.me.uk Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
Ok, so we have to test this more systematically. Move all symlinks in sites-enabled folder to a different directory, e.g. /tmp. then try to restart apache. if ist restarts successfully, then move back one by one so that we can see which vhost is causing this.
Good call Till It's the 000-apps.vhost link that is stopping apache from running How do I fix the problem?
Well Thom that's the problem I cannot work out what the error is.. My gut feeling is that it has something to do with the certs
Code: ###################################################### # This virtual host contains the configuration # for the ISPConfig apps vhost ###################################################### Listen 8081 # NameVirtualHost *:8081 <VirtualHost _default_:8081> ServerAdmin webmaster@localhost <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA$ SSLHonorCipherOrder On <IfModule mod_headers.c> # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'" Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" Header set X-Content-Type-Options: nosniff Header set X-Frame-Options: SAMEORIGIN Header set X-XSS-Protection: "1; mode=block" Header always edit Set-Cookie (.*) "$1; HTTPOnly" Header always edit Set-Cookie (.*) "$1; Secure" <IfVersion >= 2.4.7> Header setifempty Strict-Transport-Security "max-age=15768000" </IfVersion> <IfVersion < 2.4.7> Header set Strict-Transport-Security "max-age=15768000" </IfVersion> RequestHeader unset Proxy early </IfModule> <IfModule mod_php5.c> DocumentRoot /var/www/apps AddType application/x-httpd-php .php <Directory /var/www/apps> Options FollowSymLinks AllowOverride None Require all granted </Directory> </IfModule> <IfModule mod_php7.c> DocumentRoot /var/www/apps AddType application/x-httpd-php .php <Directory /var/www/apps> Options FollowSymLinks AllowOverride None Require all granted </Directory> </IfModule> <IfModule mod_fcgid.c> DocumentRoot /var/www/apps SuexecUserGroup ispapps ispapps <Directory /var/www/apps> Options +Indexes +FollowSymLinks +MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo <FilesMatch "\.php$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/apps/.php-fcgi-starter .php Require all granted </Directory> </IfModule> </VirtualHost> <IfModule mod_ssl.c> SSLStaplingCache shmcb:/var/run/ocsp(128000) </IfModule>
So apache does not start if that file is in sites-enabled? Or what? What Till asked you to do was to move every file that is a symling from sites-enabled to somewhere else, test that apache start. Then move them back one at the time to see which of them break apache. There may be several, so move the first failing one back to the somewhere else, and test the remaining symlinks the same way.
