Postfix version without port 465

Discussion in 'General' started by MaxT, Nov 26, 2022.

  1. MaxT

    MaxT Member

    I'm doing a migration to a VPS after a long time time without updating ISPC. In the new ISPC installation, I have found there is no port 465 available for postfix, only 587.

    I was not able to find a guide explaining these changes.
    Also I have found a warning about no dnssec is configured, although I suposse this is not problematic because the mail works well by 587 port.

    Is the absence of 465 a normal thing?. Is there is some way to enable 465 again?
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    How did you set up the new server? Which guide did you follow? Which OS are you using?

    It should be enabled on a proper set up server.
    MaxT likes this.
  3. MaxT

    MaxT Member

    yes, it's solved now. This line inside was commented.
    #smtps inet n - - - - smtpd"

    thx anyway
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    MaxT likes this.
  5. MaxT

    MaxT Member

    Is there an autoinstaller?. good and sad, because is too late to me!
    I have been disconnected for quite time. Now I see there are new ISPC characteristics and utilities. Good news

    I'm finishing one vps installation with that guide. All works well except Let's Encrypt. The vps has 3 websites although all are loading the same certificate of one website.

    Time ago, I had ISPC with certbot but now is missing. I have found this script: /usr/local/ispconfig/server/scripts/

    to force the certificates updates. And I check the certificates with:
    # openssl x509 -in -text -noout

    and I can see all the certificates belongs to their right domain names. However, the 3 websites are loading the same certificate of one website, giving error. I cannot understand this behavior.

    Perhaps Do you know something about this problem?. It can be because dns cache, propagation, or something like that?

    thx for any help!
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  7. MaxT

    MaxT Member

    all the logs don't have errors, and certificates are present.

    The only point could be: "You have HTTPS enabled for domain A but not for domain B, will visiting domain B over HTTPS. It is Apache's default behaviour to show the first website in the list that has HTTPS enabled."

    However, all the sites have SSL <Virtual :443> sections. Perhaps there is some option inside ISPC impeding HTTPS?.

    Honestly, I don't know how to solve this. The logs don't show any information. When I load a website its log is empty, it directly jumps to the only website appearing for all the websites.

    I check the sections <Virtual :443> of the .vhost files and all the sites are identical. Only one website (the last ID website) is loading for all, the others no.

    some thoughts?
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely you selected for the latest website an IP address in the IPv4 address field while you selected * there for the other sites. Don't mix * and IP as an IP is always a stronger match than an IP, either use * for all sites (recommended) or the IP address for all sites.
    MaxT likes this.
  9. MaxT

    MaxT Member

    Hi Till,
    no.. I havel the 3 websites with *. Also I have tried to set all with ip. Same result.
    Also I have tried to set a different one with IP and the rest with *, and same result. It doesn't care the website, only load the same website.

    However, the http:80 requests are loading well. This is strange, because the certificates are right and also the .vhosts files
    are right showing right /path to certificates with a <Virtual 443> section.

    I have tried also to set all the Stapling to off, without result

    Just I wonder why the load is for the last ID website. It seems like a bypass of the previous ones of port 443.
    I have tried with the mobile phone to discard DNS problems but same result.

    No idea what I can do because there is no any info inside the logs. The websites are not loading SSL, only http. Only the last ID website is doing.
    What can it be?
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Do you have SSL enabled for all domains and is there a SSL cert in place?

    All should have either the IP or *, not a mix.
    MaxT likes this.
  11. MaxT

    MaxT Member

    I think I have found the cause. The .vhosts files inside /etc/apache2/sites-enabled/ are not symbolic links pointing to ../sites-available/
    What can be the cause of this failure?.

    The Virtualhosts insides /sites-enabled and /sites-available are all with *, although inside /sites-enabled there are no sections :443;
    # grep -i Virtualhost * -R
    000-default.conf:<VirtualHost *:80>
    000-ispconfig.vhost:NameVirtualHost *:8080
    000-ispconfig.vhost:<VirtualHost _default_:8080>
    000-ispconfig.vhost:</VirtualHost><VirtualHost *:80></VirtualHost></VirtualHost><VirtualHost *:80></VirtualHost><VirtualHost *:80>
    ...and there is no connection through 443
     # openssl s_client -connect
    140313677636800:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
    no peer certificate available
    What can be the cause of losing the symbolic links?. The port is opened
     # netstat -atpn | grep apache2
    tcp        0      0  *               LISTEN      29478/apache2  
    tcp        0      0    *               LISTEN      29478/apache2  
    tcp        0      0   *               LISTEN      29478/apache2   
    Can it be fixed inside the ISPC interface? . inside -> "Web Domain" section it shows :
    SSL [x]
    Let's Encrypt SSL [X]
  12. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Try resync tool.
    MaxT likes this.
  13. MaxT

    MaxT Member

    Where can I donwload the resync tool?

    * Is resync tool the migration tool or is a different one?. I cannot find by that name inside ISCP website
    Last edited: Nov 27, 2022
  14. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The resync tool can be found in the panel: Tools > Resync
    MaxT likes this.
  15. MaxT

    MaxT Member

    ok, thanks. I have created manually the symbolic links, and now it seems is working. Although I have done that Resynchronization with the option "Websites" checked.

    I don't know why the symbolic links /sites-enabled were replaced by files. It is a new install. Beyond the installation guide, the only global option I did, it was launching the script, to force creation for the certs.

    Anyway, now it seems the things are normal and the vps is working. Thanks a lot for your help to clean doubts.

    In the past two years I was a monthly contributor to this great board, although these days are a bit difficult. As soon my economy can allow a new subscription I will rejoin again
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    E.g. manual editing of files, manual copying of files or manually running programs that can cause this like manually running an LE client with wrong commandline options.

    Manually creating certs can cause such issues too. Always use the let's encrypt checkbox in website settings to create certs and if this fails, then there are good reasons for this failure and the underlying issue needs to be fixed instead of creating an SSL cert manually. See FAQ for debugging Let's encrypt SSL issues:
    MaxT likes this.
  17. MaxT

    MaxT Member

    Yes, probably the manual generation was the cause. I save that FAQ in my notes.

Share This Page