[SOLVED] SSL problem on 1 site

Discussion in 'General' started by Slimat, Jan 17, 2023.

  1. Slimat

    Slimat Member

    Hi All

    I have multiple WordPress sites which are all hosted and running fine with SSL enabled... but I have just moved a very old PHP 5.6 site which is not Wordpress into ISPConfig... I imported the files from /var/www/html and rewrote a few bespoke PHP scripts which referenced the old file structure and afterwards it was all working :)

    However the site will only run as HTTP and whenever I click the SSL & Lets Encrypt SSL boxes, it says its applying the settings, but once set the site will still only work in HTTP and the SSL/Lets Encrypt SSL boxes are unchecked again.

    I suspect the issue is because the original site was encrypted with Lets Encrypt and it may already have directories there which ISPConfig needs to write to but doesnt have permission. Short of setting the whole site to 777, I am not sure what to do - can anyone offer any advice where to start with fixing this?

    Many thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    As mentioned in any related thread, just follow the Let's encrypt error FAQ to find out why LE refuses to issue a certificate to you.

    https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/

    That#s not related and never change permissions of a sites web folder, especially not to 777 as the site might stop working then plus you open up a huge security hole.
     
  3. Slimat

    Slimat Member

    Thanks

    Yes, I would never do that for just that reason, it was supposed to be a flippant comment - thanks though :)
     
  4. Slimat

    Slimat Member

    It turns out certbot wasnt installed, so I installed it and it now shows as version 0.40.0 - but still wont work. Also there is no /var/log/letsencrypt directory... so I cant get any logs... so will follow the "Enable the ISPConfig debug mode" and post details back later.
    Thanks
     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  6. pyte

    pyte Well-Known Member HowtoForge Supporter

    As @Taleman mentioned already, ISPConfig uses acme.sh nowadays. Check /var/log/ispconfig/acme.log for debugging information.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    As @Taleman and @pyte mentioned, installing certbot was a bad idea and might have damaged your setup. Take care to remove certbot before proceeding.
     
  8. Slimat

    Slimat Member

    Thanks @Taleman @pyte @till

    I misread line 1 on the SSL tut... "Check that you have a Let’s Encrypt client installed. On servers installed before the release of ISPConfig 3.2, this is most likely certbot." And thought I needed to install certbot :(

    But... it gets worse, I followed a tut on how to completely remove certbot from Ubuntu 20.04 and subsequently it uninstalled Apache... so I reinstalled this and obviously no sites are working - not even the ISPConfig UI... so I am going to get a coffee and then see if I need to delete the VPS and start from scratch again :(
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Install Apache back, then run
    Code:
    ispconfig_update.sh --force
    and let it reconfigure services when it asks about that.
    If that does not work, check /var/log/dpkg.log what packages were removed, and install then back except certbot.
     
    pyte likes this.
  10. pyte

    pyte Well-Known Member HowtoForge Supporter

    For the future, always doublecheck when removing packages/do a depclean/autoremove, as it sometimes can be a bit tricky and will remove packages that you don't want it to delete at all. And if you're unsure about what some commands do or if you need package X, may consider looking it up online beforehand or ask.
     
    Slimat likes this.
  11. Slimat

    Slimat Member

    I ran the ISPConfig update - but Apache errors...
    There are only 3 lines in /var/log/apache2/error.log...

    [Tue Jan 17 14:33:01.806316 2023] [mpm_event:notice] [pid 8400:tid 140321117801536] AH00489: Apache/2.4.41 (Ubuntu) configured -- resuming normal operations
    [Tue Jan 17 14:33:01.806417 2023] [core:notice] [pid 8400:tid 140321117801536] AH00094: Command line: '/usr/sbin/apache2'
    [Tue Jan 17 14:33:34.636953 2023] [mpm_event:notice] [pid 8400:tid 140321117801536] AH00491: caught SIGTERM, shutting down



     
  12. Slimat

    Slimat Member

    When I check apache status, it says that there is an error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost;

    Jan 17 14:36:31 server.xxx.co.uk systemd[1]: apache2.service: Failed with result 'exit-code'.
    Jan 17 14:36:31 server.xxx.co.uk systemd[1]: Failed to start The Apache HTTP Server.
    Jan 17 14:42:46 server.xxx.co.uk systemd[1]: Starting The Apache HTTP Server...
    Jan 17 14:42:46 server.xxx.co.uk apachectl[300]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost:
    Jan 17 14:42:46 server.xxx.co.uk apachectl[300]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
    Jan 17 14:42:46 server.xxx.co.uk apachectl[287]: Action 'start' failed.
    Jan 17 14:42:46 server.xxx.co.uk apachectl[287]: The Apache error log may have more information.
    Jan 17 14:42:46 server.xxxx1on1hosting.co.uk systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
    Jan 17 14:42:46 server.1on1hosting.co.uk systemd[1]: apache2.service: Failed with result 'exit-code'.
    Jan 17 14:42:46 server.1on1hosting.co.uk systemd[1]: Failed to start The Apache HTTP Server.​

    The entry on this line (20) says:
    SSLEngine On

    I have read that -
    sudo a2enmod ssl

    Then restart Apache should fix this?
     
  13. Slimat

    Slimat Member

    OK, tried this now get a different error...

    AH00526: Syntax error on line 95 of /etc/apache2/sites-enabled/000-apps.vhost:
    Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
    Action 'start' failed.​

    Line 95 reads;
    RewriteEngine On​
     
  14. Slimat

    Slimat Member

    OK, I ran -
    a2enmod rewrite
    And now Apache is running, but still no ISPConfig UI, so am running update again
     
  15. Slimat

    Slimat Member

    Ran another update --force and still nothing
     
  16. Slimat

    Slimat Member

    Update - have deleted my VPS and am starting the whole migration again :(
     
  17. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I did write: If that does not work, check /var/log/dpkg.log what packages were removed, and install then back except certbot.
     
  18. Slimat

    Slimat Member

    Thanks @Taleman - I did do this too... the items uninstalled were Apache, Mailman and Python-certbot... so I reinstalled Apache and used the --force update. When this just gave me the Ubuntu landing page on website:80, I reinstalled Mailman and this still didnt work. So, as this is now hosting a production company website I had to make a call on the fastest way to get back up and running - so decided to migrate again.

    Many thanks for all the advice - once I have rebuilt the system I will re-visit the SSL problem which was the start of my self-inflicted mistake.
     
  19. pyte

    pyte Well-Known Member HowtoForge Supporter

    Does activating SSL still not work? Did you check /var/Log/ispconfig/acme.log?
     
  20. Slimat

    Slimat Member

    I have just completed building a new VPS and re-migrating my sites, so havent played with SSL again yet as am just finishing off some custom PHP scripts on one site. However I have noticed that one of the Wordpress sites which has migrated is now not supporting HTTPS... I will go through the SSL FAQ link which @till sent me earlier and report back if I still have no joy... but won't install Certbot this time :(
     

Share This Page