Hey HTF friends, I am currently a little confused in the problem i am having. I keep getting "Secure Connection Failed" error on my panel.webhost.com server interface. This all happened after i used certbot to issue my panel cert. I accidentally went over my let's encrypt limit and forgot to save my certs after i restore from a snapshot. Every time i try to manually create a new cert, it doesn't seem to work regardless of what i try. My only workaround is to run the ispconfig update file manually and choose "yes" to issue a new cert. It works for a while and afre a random amount of time it just goes bad again to "Secure Connection Failed" and i need to run the updater again. I have checked the services and everything seems to be running and no errors to see in the syslog while in deug mode. The only thing i see is "nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument". It's also very slow to respond, i get : performing a TLS handshake. my setup : multi server setup with separate panel server. nginx mysql php7.0
If you run cerbot manually, that tends to confuse ISPConfig usage of cerbot. Try to clean the certificates and let ISPConfig create new ones. See the letsencrypt log, it probably show what errors are happening. Nice setup, but you omitted to tell what operating system you have.
Im running Ubuntu 16.04.6 LTS Actually, the log shows 0 errors. The certs are there and works when i renew them but after i go to the server configuration tab and it auto-saves, it goes back to "Secure Connection Failed". It's like it not even loading the correct certificate while the symlinks are fine. Directory Info : Code: drwxr-x--- 2 root root 36864 May 21 16:07 . drwxr-x--- 9 ispconfig ispconfig 4096 Jan 22 2018 .. lrwxrwxrwx 1 root root 55 May 21 16:07 ispserver.crt -> /etc/letsencrypt/live/panel.mysite.com/fullchain.pem -rwxr-x--- 1 root root 1024 Jan 28 2018 .ispserver.crt-180128233438.bak.swp lrwxrwxrwx 1 root root 55 May 21 15:52 ispserver.crt-190521160704.bak -> /etc/letsencrypt/live/panel.mysite.com/fullchain.pem -rw-r--r-- 1 root root 1760 May 21 15:40 ispserver.csr lrwxrwxrwx 1 root root 53 May 21 16:07 ispserver.key -> /etc/letsencrypt/live/panel.mysite.com/privkey.pem lrwxrwxrwx 1 root root 53 May 21 15:52 ispserver.key-190521160704.bak -> /etc/letsencrypt/live/panel.mysite.com/privkey.pem -rw-r--r-- 1 root root 3243 May 21 15:39 ispserver.key.secure -rw------- 1 root root 5274 May 21 16:07 ispserver.pem -rw------- 1 root root 5450 May 21 15:52 ispserver.pem-190521160704.bak
Try updating ISPConfig to git-stable, there's a bugfix in there for certbot; I don't know if it would cause your exact symptoms, but it's in that neighborhood, so is a quick fix if it works.
No, to the stable relase. ISPConfig version is 3.1.13p1 Somewhere here is when it all went bad Code: May 21 16:27:01 panel CRON[23559]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:27:43 panel postfix/anvil[23448]: statistics: max connection rate 1/60s for (smtp:125.64.94.211) at May 21 16:24:22 May 21 16:27:43 panel postfix/anvil[23448]: statistics: max connection count 1 for (smtp:125.64.94.211) at May 21 16:24:22 May 21 16:27:43 panel postfix/anvil[23448]: statistics: max cache size 1 at May 21 16:24:22 May 21 16:28:01 panel CRON[23576]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:28:01 panel CRON[23577]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:29:01 panel CRON[23596]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:29:01 panel CRON[23597]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:29:01 panel systemd[1]: Reloading A high performance web server and a reverse proxy server. May 21 16:29:01 panel systemd[1]: Reloaded A high performance web server and a reverse proxy server. May 21 16:30:01 panel CRON[23638]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:30:01 panel CRON[23639]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:30:30 panel systemd[1]: Stopping A high performance web server and a reverse proxy server... May 21 16:30:30 panel systemd[1]: Stopped A high performance web server and a reverse proxy server. May 21 16:30:30 panel systemd[1]: Starting A high performance web server and a reverse proxy server... May 21 16:30:30 panel systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument May 21 16:30:30 panel systemd[1]: Started A high performance web server and a reverse proxy server. May 21 16:31:01 panel CRON[23728]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:31:01 panel CRON[23729]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:32:01 panel CRON[23759]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:32:01 panel CRON[23760]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:32:23 panel systemd[1]: Stopping A high performance web server and a reverse proxy server... May 21 16:32:23 panel systemd[1]: Stopped A high performance web server and a reverse proxy server. May 21 16:32:23 panel systemd[1]: Starting A high performance web server and a reverse proxy server... May 21 16:32:23 panel systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument May 21 16:32:23 panel systemd[1]: Started A high performance web server and a reverse proxy server. May 21 16:33:01 panel CRON[23800]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:33:01 panel CRON[23801]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) May 21 16:33:05 panel systemd[1]: Stopping A high performance web server and a reverse proxy server... May 21 16:33:05 panel systemd[1]: Stopped A high performance web server and a reverse proxy server. May 21 16:33:05 panel systemd[1]: Starting A high performance web server and a reverse proxy server...
Hey, my mistake, I mixed up this letsencrypt issue with another thread I just read, nevermind my suggestion (though it doesn't hurt to avoid that bug). For your issue, I'd watch the letsencrypt log file to see what's going on when it goes bad. Maybe check the output of 'certbot certificates' to make sure the names in your certificates look correct. What does 'ls -l /etc/letsencrypt/live/panel.mysite.com/' show? When you say you have to 'run the updater again', do you mean you re-run update.php from the ISPConfig installer to generate a self-signed certificate, in order to get nginx to start again?
The log actually shown no errors, the cert is issued properly and works for a few min/hours. ls -l shows Code: lrwxrwxrwx 1 root root 43 May 21 16:07 cert.pem -> ../../archive/panel.mysite.com/cert1.pem lrwxrwxrwx 1 root root 44 May 21 16:07 chain.pem -> ../../archive/panel.mysite.com/chain1.pem lrwxrwxrwx 1 root root 48 May 21 16:07 fullchain.pem -> ../../archive/panel.mysite.com/fullchain1.pem lrwxrwxrwx 1 root root 46 May 21 16:07 privkey.pem -> ../../archive/panel.mysite.com/privkey1.pem Looks incroorect to me, or not? Exactly, something in the updater causes my certs to work again and it's definitely not an nginx restart, i just can't seem to pinpoint what it is exactly.
I finally found where the issue keep deriving from. Each time i save this tab's information below my panel goes down. Can anyone look at the information below to see if something is configured incorrectly?
Surely your hosts IP address is not 127.0.0.1? That is just localhost for server internal communication.
Exactly, i was thinking the same thing but i thought this was the standard setting. Does anyone else have 127.0.0.1 as their panel's ip? My other servers have their own proper external i.p addresses assigned. I will try changing it to the external ip and see it if helps.
As long as the network configuration check box is not enabled (and it shall not be enabled!), then the IP in that field should not matter if I remember correctly. To find out why the panel goes down, try to compare the ispconfig vhost file before and after the panel is down.
Completely the same, no difference. Something just goes wrong and i can't seem to find why it's connected to that tab specifically.
When i do an SSL check i get Code: No SSL certificates were found on panel.website.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall. When i telnet ; 443 connects and i haven't got any strange firewall rules enabled, very confusing. Nginx throws no errors in the config file and all symlinks are properly linked.
Maybe you should consider asking Florian @florian030 from ISPConfig business support to take a look at your server directly to check the config.
Actually just got it solved, finally! I had an app listening on port 443, but the config of the app was not correct thus causing problems. Thanks a lot for the help guys!
