some issues with centos 8 perfect server et alia....

yep change 'might cause issues' to 'DOES cause issues" - didnt realize the - was REQUIRED. anyone using ssh to do a perfect server might want to be apprised that if they are not infact root they need to "su -" to make required path variable paths correct! I NEVER like sshing as root directly, but it would have saved problems here!

I've done that, redone certbot, ripped ispconfig out by the root reinstalled, and now get another error - I can bring up the apache test page fine (and I put an explicit ServerName in httpd.conf to get rid of that warning). but I cant get port 8080 to respond even though apache is listening on 8080 - the error log /var/log/httpd/error_log has:
[Thu Oct 01 09:27:25.730281 2020] [autoindex:error] [pid 505216:tid 139701520426752] [client ::1:47996] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
[root@ns10 httpd]# [Thu Oct 01 09:27:25.730281 2020] [autoindex:error] [pid 505216:tid 139701520426752] [client ::1:47996] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

I'm almost ready to just wipe and start over! it IS a new server after all
one other point httpd gives a warning on our mailman.conf file about the second scriptalias directive.

 

More issues and enlightenment!
seems the uninstall.php does not clean up with right. did failed install, then uninstall would not clean up after a failed install. more rm -f -R entertainment and redid certbot-auto, and finally saw some light - /etc/letsencrypt/live/ns10.cdbsystems.com was there not just ns10
did ISPconfig install, and everything SEEMED to work. but didnt really.
here was output:
[root@ns10 install]# php uninstall.php


--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------


>> Uninstall

Are you sure you want to uninstall ISPConfig? [no]yes


>> Uninstalling ISPConfig 3...

Backups in /var/backup/ and log files in /var/log/ispconfig are not deleted.Finished uninstalling.
[root@ns10 install]#
[root@ns10 install]#
[root@ns10 install]# php -q install.php


--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: CentOS 8.2

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:

Installation mode (standard,expert) [standard]:

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [ns10]: ns10.cdbsystems.com

MySQL server hostname [localhost]:

MySQL server port [3306]:

MySQL root username [root]:

MySQL root password []: NOTREALLYMYPASSWORD

MySQL database to create [dbispconfig]:

MySQL charset [utf8]:

Configuring Postgrey
Configuring Postfix
Generating a RSA private key
...................................................................................................................................................................++++
..........................................................................++++
writing new private key to 'smtpd.key'
req: Can't open "smtpd.key" for writing, No such file or directory
Configuring Mailman
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
[INFO] service Rspamd not detected
Configuring Getmail
Configuring Jailkit
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
[INFO] service OpenVZ not detected
Configuring Bastille Firewall
[INFO] service Metronome XMPP Server not detected
[INFO] service Fail2ban not detected
Installing ISPConfig
ISPConfig Port [8080]:

Admin password [5bee9bf0]: NOTREALLYMYPASSWORD

Re-enter admin password []: NOTREALLYMYPASSWORD

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: y

Checking / creating certificate for ns10.cdbsystems.com
Using certificate path /etc/letsencrypt/live/ns10.cdbsystems.com
which: no letsencrypt in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no certbot in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no letsencrypt in (/root/.local/share/letsencrypt/bin)
which: no acme.sh in (/usr/local/ispconfig/server/scripts)
which: no acme.sh in (/root/.acme.sh)
Using apache for certificate validation
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
cat: /usr/local/ispconfig/interface/ssl/ispserver.key: No such file or directory
cat: /usr/local/ispconfig/interface/ssl/ispserver.crt: No such file or directory
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y

Do you want to create SSL certs for your server? (y,n) [y]: y

Checking / creating certificate for ns10.cdbsystems.com
Using certificate path /etc/letsencrypt/live/ns10.cdbsystems.com
which: no letsencrypt in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no certbot in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no letsencrypt in (/root/.local/share/letsencrypt/bin)
which: no acme.sh in (/usr/local/ispconfig/server/scripts)
which: no acme.sh in (/root/.acme.sh)
Using apache for certificate validation
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
cat: /usr/local/ispconfig/interface/ssl/ispserver.key: No such file or directory
cat: /usr/local/ispconfig/interface/ssl/ispserver.crt: No such file or directory
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y

Configuring Apps vhost
Configuring DBServer
Installing ISPConfig crontab
Installing ISPConfig crontab
Detect IP addresses
Restarting services ...
Installation completed.

--snip--
well, note the cat failures:
cat: /usr/local/ispconfig/interface/ssl/ispserver.key: No such file or directory
cat: /usr/local/ispconfig/interface/ssl/ispserver.crt: No such file or directory

turns out the symlinks in these folders - were symlinked to themselves!
'too many symlinks' was the cry from the script.
so -- deleted symlinks from the folder, reran the little script from perfect3.1centos:
--snip--
cd /usr/local/ispconfig/interface/ssl/
mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
ln -s /etc/letsencrypt/live/ns10.cdbsystems.com/fullchain.pem ispserver.crt
ln -s /etc/letsencrypt/live/ns10.cdbsystems.com/privkey.pem ispserver.key
cat ispserver.{key,crt} > ispserver.pem
chmod 600 ispserver.pem
--snip--
and I had my symlinks.

BUT - https://ns10.cdbsystems.com:8080 still would not load (yes I reran systemctl restart httpd)
looking at error_log led me to look at
/etc/httpd/sites-available/000-ispconfig.vhost
and I found the SSH section was comented out!!
--snip--
# SSL Configuration
# SSLEngine On
# SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
# SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
#@ SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
#SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

# SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384
# SSLHonorCipherOrder On
--snip--
well this explains much! I DID say I wanted an SSL for ispconfig bit it did not update this file...
I vi-ed it removing the # from all but the bundle line, systemctl restart httpd and
VOILA!!!
ns10 is up and running ispconfig on SSL. and WITHOUT throwing it all out!

maybe some things to look at for the scripts? symlinking the certs to themselves was obviously done somewhere and ought not have been done!
and the SSL parts of ispconfig.vhost clearly needed to be activated and were not...

one comment to it said at various points the cert did not need renewal we should probably FORCE a new cert in case it is messed up?
anyway tired, but victorious.
curious the install script said Rspamd not detected. do I want it?
and XMPP server not detected and service OpenVZ not detected. are they desired?
I left fail2ban because (of course) I'm getting ISPPROTECT to protect this sucker

happy centos 8 /ispconfig3 user

 

just for a note here was the ssl folder before I deleted the links:

drwxr-x--- 9 ispconfig ispconfig 121 Oct 1 11:22 ..
-rwxr-x--- 1 root root 45 Oct 1 11:22 empty.dir

lrwxrwxrwx 1 root root 48 Oct 1 11:22 ispserver.crt -> /usr/local/ispconfig/interface/ssl/ispserver.crt
lrwxrwxrwx 1 root root 48 Oct 1 11:22 ispserver.crt-20201001112212.bak -> /usr/local/ispconfig/interface/ssl/ispserver.crt
lrwxrwxrwx 1 root root 48 Oct 1 11:22 ispserver.key -> /usr/local/ispconfig/interface/ssl/ispserver.key
lrwxrwxrwx 1 root root 48 Oct 1 11:22 ispserver.key-20201001112212.bak -> /usr/local/ispconfig/interface/ssl/ispserver.key
-rwxr-x--- 1 root root 0 Oct 1 11:22 ispserver.pem
-rwxr-x--- 1 root root 0 Oct 1 11:21 ispserver.pem-20201001112212.bak

as you see the symlinks were to themselves!