Hello, I made an edit last night, but it was late and I never saved it. The rspamd thing was mostly a comment. I started to write this about the server returning the wrong cert, but what is happening is that when creating a new website, the website's user didn't get created, I had create the user manually. The bind mount for the logs did not get creatted, the links to the ssl certs didn't get created. the symlinks for the ssl certs were never the user not getting created was the part that kept the apache config file from being created properly. The entire ssl section was missing. I copied from from a different config file and modified it to suit the new website Then things worked normally Do you have any ideas where I should start to troubleshoot the user not being created? Should I run the updater and reconfigure services and see if that fixes it?
The integration is done by ISPConfig automatically when you switch from amavis to Rspamd, so nothing is missing in the guide as it tells you to do that in the ISPConfig GUI.
OK, thanks. I was already using rspamd. so after I installed amavis, I installed rspamd during the install.
I had made an edit and added another question to the bottom of that post. I must have fat fingered something because I noticed it was not added to the post. More digression. The main reason for the post in the first place ws that I having troubles with apache and started to post about apache returning the incorrect certificate for a website and was returning the default server cert. It turns out that during the site creation problem, the entire ssl section of the config file was never created. It was actually worse than that. When I ran apache2ctl configtest with the site.example.net.err file renamed to be the site.example.net, I got an invalid user error. ispconfig never created the user and never created the bind mount in the /etc/fstab. It never created the symlinks to the cert and key. I created them manually and copied the ssl section from another config and modified it to match what should have been done and that is all working. Any idea where to start with that or should I run the updater and reconfigure services to see if that fixes it? Thanks, Curtis
The problem turned out to be that there were multiple entries for sshusers in the /etc/group file. (I missed one.) The next problem, suddenly is letsencrypt stopped working. letsencrypt tells me the response was 403 (that's bad). the /var/log/ispconfig/httpd/web77/error.log gives me a client denied by server config. Is this a hint that I need to switch to acme.sh which I have been avoiding?
No, ISPConfig supports acme.sh and certbot in the exact same way and you should not switch a system that used certbot to acme.sh or vice versa. See Let's encrypt error FAQ to find out why you do not get LE certs: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/
I finally got tot the bottom of things. letsencrypt was failing due to problems with apache. I wasn't sure how ispconfig called letsencrypt/certbot or whether it used the apache plugin or not, but in the end when i found a whole host of websites not working, I discovered that all of the websites relying on phpn.n-fpm were not creating the sockets or executing the scripts. To resolve the problem, I changed the php version of each website and changed them back. One website complained about root ownership and I was forced to delete it and re-create it. That fixed it's trouble. So all is well. Thank you for your help. I had to remove /etc/letsencrypt/live/domain.example.com and the /etc/letsencrypt/archve/domain.example.com when I recreated the domain as letsencrypt complained that the archive folder for the domain existed. I then re-ran the server.sh and the domain was signed normally. Thank you, again.
