Sorry for reply-ing not sooner. First I used: ispconfig_update.sh --force There I updated the certificate. In the certificate I used the hostname "mail.my-url.nl"
Post the output of your ispconfig_update.sh session. You might also try updating to "nightly" instead of stable.
Code: rob]# /usr/local/bin/ispconfig_update.sh --force -------------------------------------------------------------------------------- _____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ -------------------------------------------------------------------------------- >> Update Please choose the update method. For production systems select 'stable'. WARNING: The update from GIT is only for development systems and may break your current setup. Do not use the GIT version on servers that host any live websites! Note: On Multiserver systems, enable maintenance mode and update your master server first. Then update all slave servers, and disable maintenance mode when all servers are updated. Select update method (stable,nightly,git-develop) [stable]: Downloading ISPConfig update. Unpacking ISPConfig update. -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Update Operating System: CentOS 8.4 This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.4fLa71o1FN/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for xxx Using certificate path /root/.acme.sh/xxx PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2920 PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2921 PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2922 PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2925 PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2926 PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2927 PHP Warning: symlink(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2930 PHP Warning: chown(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2931 PHP Warning: chmod(): No such file or directory in /tmp/update_runner.sh.4fLa71o1FN/install/lib/installer_base.lib.php on line 2932 which: no certbot in (/sbin:/bin:/usr/sbin:/usr/bin) which: no letsencrypt in (/root/.local/share/letsencrypt/bin) which: no certbot in (/opt/eff.org/certbot/venv/bin) which: no letsencrypt in (/sbin:/bin:/usr/sbin:/usr/bin) which: no acme.sh in (/usr/local/ispconfig/server/scripts) Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/xxxxx Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: which: no acme.sh in (/usr/local/ispconfig/server/scripts) Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished. [root@xxx rob]#
sorry, I didn't know how to write outside the code box. I have done the stable update first and then the nightly, but that seems to have broken something. With the stable update I got to update the certificate, wth the nightly I didn't get that and now with the stable again I don't get to update the certificate anymore and I get errors of some things which don't exist. Apart from that I got an email from "Letscert" saying I need to update my certificate of this server because it is about to expire. Is this related? The previous server I had, had the same problem, all the websites on the old server where not reachable anymore because I ignored a mail from letscert. Site on the old server where considered insecure by chrome and other browsers. I do hope this is not going to happen on this new server.
the directory is there, but this part did work before, the nightly update did something, three links are broken Code: [root@xxx bin]# pwd /usr/local/bin [root@xxx bin]# ls -l totaal 24 lrwxrwxrwx. 1 root root 51 21 jul 17:17 ispconfig_patch -> /usr/local/ispconfig/server/scripts/ispconfig_patch lrwxrwxrwx. 1 root root 55 20 aug 17:47 ispconfig_update_from_dev.sh -> /usr/local/ispconfig/server/scripts/ispconfig_update.sh lrwxrwxrwx. 1 root root 55 21 jul 17:17 ispconfig_update.sh -> /usr/local/ispconfig/server/scripts/ispconfig_update.sh lrwxrwxrwx. 1 root root 63 21 jul 17:16 letsencrypt_post_hook.sh -> /tmp/ispconfig3_install/server/scripts/letsencrypt_post_hook.sh lrwxrwxrwx. 1 root root 62 21 jul 17:16 letsencrypt_pre_hook.sh -> /tmp/ispconfig3_install/server/scripts/letsencrypt_pre_hook.sh lrwxrwxrwx. 1 root root 64 21 jul 17:16 letsencrypt_renew_hook.sh -> /tmp/ispconfig3_install/server/scripts/letsencrypt_renew_hook.sh -rwxr-xr-x. 1 root root 6200 21 jul 16:51 mod_python -rwxr--r--. 1 getmail root 499 20 aug 17:47 run-getmail.sh
these report as broken links: Code: lrwxrwxrwx. 1 root root 63 21 jul 17:16 letsencrypt_post_hook.sh -> /tmp/ispconfig3_install/server/scripts/letsencrypt_post_hook.sh lrwxrwxrwx. 1 root root 62 21 jul 17:16 letsencrypt_pre_hook.sh -> /tmp/ispconfig3_install/server/scripts/letsencrypt_pre_hook.sh lrwxrwxrwx. 1 root root 64 21 jul 17:16 letsencrypt_renew_hook.sh -> /tmp/ispconfig3_install/server/scripts/letsencrypt_renew_hook.sh
Code: [root@xxx bin]# ls -l /tmp/ispconfig3_install/server/scripts/letsencrypt_post_hook.sh ls: kan geen toegang krijgen tot '/tmp/ispconfig3_install/server/scripts/letsencrypt_post_hook.sh': No such file or directory [root@xxx bin]# ls /tmp/ispconfig3_install/server/scripts/letsencrypt_pre_hook.sh ls: kan geen toegang krijgen tot '/tmp/ispconfig3_install/server/scripts/letsencrypt_pre_hook.sh': No such file or directory [root@xxx bin]# ls /tmp/ispconfig3_install/server/scripts/letsencrypt_pre_hook.sh ls: kan geen toegang krijgen tot '/tmp/ispconfig3_install/server/scripts/letsencrypt_pre_hook.sh': No such file or directory
The installer checks for a non-existent file, but that doesn't account for a dangling symlink, which also returns true for that check. You probably had a previous install fail in some way so those symlinks were created but never corrected at the end of the install. For now, just remove those three and symlink them to the actual files under /usr/local/ispconfig/server/scripts/
If you want, you could grab the file from https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1516 and test it. (download the installer, replace installer_base.lib.php with that file, then run the installation).
I am not sure what you mean exactly, but I have remove the dangling symbolic links and made new symlinks to the corresponding scripts under /usr/local/ispconfig/server/scripts/ Code: [root@xxx bin]# pwd /usr/local/bin [root@xxx bin]# ls -ltr totaal 20 -rwxr-xr-x. 1 root root 6200 21 jul 16:51 mod_python lrwxrwxrwx. 1 root root 55 21 jul 17:17 ispconfig_update.sh -> /usr/local/ispconfig/server/scripts/ispconfig_update.sh lrwxrwxrwx. 1 root root 51 21 jul 17:17 ispconfig_patch -> /usr/local/ispconfig/server/scripts/ispconfig_patch -rwxr--r--. 1 getmail root 499 20 aug 17:47 run-getmail.sh lrwxrwxrwx. 1 root root 55 20 aug 17:47 ispconfig_update_from_dev.sh -> /usr/local/ispconfig/server/scripts/ispconfig_update.sh lrwxrwxrwx. 1 root root 59 20 aug 20:38 letsencrypt_pre_hook.sh -> /usr/local/ispconfig/server/scripts/letsencrypt_pre_hook.sh lrwxrwxrwx. 1 root root 61 20 aug 20:39 letsencrypt_renew_hook.sh -> /usr/local/ispconfig/server/scripts/letsencrypt_renew_hook.sh lrwxrwxrwx. 1 root root 60 20 aug 20:40 letsencrypt_post_hook.sh -> /usr/local/ispconfig/server/scripts/letsencrypt_post_hook.sh what's next?
acme script is still missing Code: bin]# /usr/local/bin/ispconfig_update.sh --force -------------------------------------------------------------------------------- _____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ -------------------------------------------------------------------------------- >> Update Please choose the update method. For production systems select 'stable'. WARNING: The update from GIT is only for development systems and may break your current setup. Do not use the GIT version on servers that host any live websites! Note: On Multiserver systems, enable maintenance mode and update your master server first. Then update all slave servers, and disable maintenance mode when all servers are updated. Select update method (stable,nightly,git-develop) [stable]: Downloading ISPConfig update. Unpacking ISPConfig update. -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Update Operating System: CentOS 8.4 This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.sYYkNKi69Q/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for xxxx Using certificate path /root/.acme.sh/xxx which: no certbot in (/sbin:/bin:/usr/sbin:/usr/bin) which: no letsencrypt in (/root/.local/share/letsencrypt/bin) which: no certbot in (/opt/eff.org/certbot/venv/bin) which: no letsencrypt in (/sbin:/bin:/usr/sbin:/usr/bin) which: no acme.sh in (/usr/local/ispconfig/server/scripts) Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/xxx Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: which: no acme.sh in (/usr/local/ispconfig/server/scripts) Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished. bin]# ls -l /usr/local/ispconfig/server/scripts totaal 88 -rwxr-x--x. 1 root root 305 23 aug 10:52 create_daily_nginx_access_logs.sh -rwxr-x--x. 1 root root 1092 23 aug 10:52 create_jailkit_chroot.sh -rwxr-x--x. 1 root root 388 23 aug 10:52 create_jailkit_programs.sh -rwxr-x--x. 1 root root 1073 23 aug 10:52 create_jailkit_user.sh -rwxr-x---. 1 root root 3101 23 aug 10:52 ispconfig_htaccess.php -rwxr-x---. 1 root root 4961 23 aug 10:52 ispconfig_patch -rwxr-x---. 1 root root 4031 23 aug 10:52 ispconfig_update.php -rwx------. 1 root root 1012 23 aug 10:52 ispconfig_update.sh -rwxr-x--x. 1 root root 2485 23 aug 10:52 letsencrypt_post_hook.sh -rwxr-x--x. 1 root root 2516 23 aug 10:52 letsencrypt_pre_hook.sh -rwxr-x--x. 1 root root 3453 23 aug 10:52 letsencrypt_renew_hook.sh -rwx------. 1 root root 102 23 aug 10:52 update_from_dev.sh -rwxr-x--x. 1 root root 102 23 aug 10:52 update_from_dev_stable.sh -rwxr-x--x. 1 root root 68 23 aug 10:52 update_from_svn.sh -rwxr-x--x. 1 root root 2090 23 aug 10:52 update_runner.sh -rwx------. 1 root root 102 23 aug 10:52 update_stable.sh -rwxr-x---. 1 root root 19189 23 aug 10:52 vlogger This is not like it was previous then I could generate a new certificate, I don't know what happened here.
The messages indicate it succeeded, no? Is there a problem now or did the certificate get setup in /usr/local/ispconfig/interface/ssl/ ?
no, there is not a new certificate in the dir /usr/local/ispconfig/interface/ssl/ , files there are of 20/8 the update gave message "which: no acme.sh in (/usr/local/ispconfig/server/scripts)" I do see this script in /root/.acme.sh/acme.sh Can I just move or copy this file to /usr/local/ispconfig/server/scripts ?
You must use dev version for the forced update, see: https://www.howtoforge.com/community/threads/acme.87423/page-2#post-426211
No, the message said it doesn't exist in /usr/local/ispconfig/server/scripts/ and an earlier message confirmed it is using acme.sh from /root/.acme.sh/. Everything looks correct there.
it still doesn't want me to add the mail-address, I still get: "TLS Negotiation failed, the certificate doesn't match the host., code: 0"
And you used as incoming and outgoing server in your mail client the hostname that is shown by the command: hostname -f ?