Postfix version without port 465

I'm doing a migration to a VPS after a long time time without updating ISPC. In the new ISPC installation, I have found there is no port 465 available for postfix, only 587.

I was not able to find a guide explaining these changes.
Also I have found a warning about no dnssec is configured, although I suposse this is not problematic because the mail works well by 587 port.

Is the absence of 465 a normal thing?. Is there is some way to enable 465 again?

 

yes, it's solved now. This line inside master.cf was commented.
#smtps inet n - - - - smtpd"

thx anyway

 

Is there an autoinstaller?. good and sad, because is too late to me!
I have been disconnected for quite time. Now I see there are new ISPC characteristics and utilities. Good news

I'm finishing one vps installation with that guide. All works well except Let's Encrypt. The vps has 3 websites although all are loading the same certificate of one website.

Time ago, I had ISPC with certbot but now is missing. I have found this script: /usr/local/ispconfig/server/scripts/letsencrypt_renew_hook.sh

to force the certificates updates. And I check the certificates with:
# openssl x509 -in website.com.crt -text -noout

and I can see all the certificates belongs to their right domain names. However, the 3 websites are loading the same certificate of one website, giving error. I cannot understand this behavior.

Perhaps Do you know something about this problem?. It can be because dns cache, propagation, or something like that?

thx for any help!

 

all the logs don't have errors, and certificates are present.

The only point could be: "You have HTTPS enabled for domain A but not for domain B, will visiting domain B over HTTPS. It is Apache's default behaviour to show the first website in the list that has HTTPS enabled."

However, all the sites have SSL <Virtual :443> sections. Perhaps there is some option inside ISPC impeding HTTPS?.

Honestly, I don't know how to solve this. The logs don't show any information. When I load a website its log is empty, it directly jumps to the only website appearing for all the websites.

I check the sections <Virtual :443> of the .vhost files and all the sites are identical. Only one website (the last ID website) is loading for all, the others no.

some thoughts?

 

Hi Till,
no.. I havel the 3 websites with *. Also I have tried to set all with ip. Same result.
Also I have tried to set a different one with IP and the rest with *, and same result. It doesn't care the website, only load the same website.

However, the http:80 requests are loading well. This is strange, because the certificates are right and also the .vhosts files
are right showing right /path to certificates with a <Virtual 443> section.

I have tried also to set all the Stapling to off, without result

Just I wonder why the load is for the last ID website. It seems like a bypass of the previous ones of port 443.
I have tried with the mobile phone to discard DNS problems but same result.

No idea what I can do because there is no any info inside the logs. The websites are not loading SSL, only http. Only the last ID website is doing.
What can it be?

 

I think I have found the cause. The .vhosts files inside /etc/apache2/sites-enabled/ are not symbolic links pointing to ../sites-available/
What can be the cause of this failure?.

The Virtualhosts insides /sites-enabled and /sites-available are all with *, although inside /sites-enabled there are no sections :443;

Code:

# grep -i Virtualhost * -R
000-default.conf:<VirtualHost *:80>
000-default.conf:</VirtualHost>
000-ispconfig.vhost:NameVirtualHost *:8080
000-ispconfig.vhost:<VirtualHost _default_:8080>
000-ispconfig.vhost:</VirtualHost>
100-website1.com.vhost:<VirtualHost *:80>
100-website1.com.vhost:</VirtualHost>
100-website2.com.vhost:</VirtualHost>
100-website2.com.vhost:<VirtualHost *:80>
100-website3.com.vhost:</VirtualHost>
100-website3.com.vhost:<VirtualHost *:80>

...and there is no connection through 443

Code:

 # openssl s_client -connect website2.com:443
CONNECTED(00000004)
140313677636800:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
---
no peer certificate available
...

What can be the cause of losing the symbolic links?. The port is opened

Code:

 # netstat -atpn | grep apache2
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      29478/apache2  
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      29478/apache2  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      29478/apache2   

Can it be fixed inside the ISPC interface? . inside -> "Web Domain" section it shows :
SSL [x]
Let's Encrypt SSL [X]

 

Try resync tool.

 

Where can I donwload the resync tool?

* Is resync tool the migration tool or is a different one?. I cannot find by that name inside ISCP website

 

ok, thanks. I have created manually the symbolic links, and now it seems is working. Although I have done that Resynchronization with the option "Websites" checked.

I don't know why the symbolic links /sites-enabled were replaced by files. It is a new install. Beyond the installation guide, the only global option I did, it was launching the script letsencrypt_renew_hook.sh, to force creation for the certs.

Anyway, now it seems the things are normal and the vps is working. Thanks a lot for your help to clean doubts.

In the past two years I was a monthly contributor to this great board, although these days are a bit difficult. As soon my economy can allow a new subscription I will rejoin again

 

Yes, probably the manual generation was the cause. I save that FAQ in my notes.
thanks!