Some questions - to start with.

neumann · Jan 2, 2023

Hi all

1)
I took the decision to upgrade to a new server (hardware and software) again based on Ispconfig ofcause.
So I'm running Ubuntu 22.04lts with ispc 3.2.9.
I would love to support the project by buying the manual (again - which I have done everytime I installed ISPC). But it seems like the resent manual is for ISPC 3.1, and not ISPC 3.2. Is that right?

2)
I miss finding explanation on how to make the controlpanel secured with a LE certificate. I find explanation on how to secure the sites configured in ISPC, and that is working fine (I had some help in another thread, which is invaluable - thank you).

3)
Lastly I have also posted this last question in roundcubeforum.net, but if someone here have a good solution that is compliant with the way ISPC is working, I would rather use this solution.
I have a very fresh installment of ispconfig 3.2.9, and has moved the e-mail accounts from my old server and all is fine. I can send and receive e-mails from outlook, without any problems. All is fine and so I know postfix and dovecot is working as expected.

But with rouncube I have some issues:
I can use the local ip of the server 192.168.0.200/webmail - no problems I can log-in. The inbox and other folders show up with content as if I used outlook as client.
I can use the global ip of the server 185.10.222.159/webmail - no problems I can log-in. As with the local ip, my folders show and content as well. But it is not secured, so it is not safe.
I can use the servers domain: bnjpro.dk/webmail - but here I can log-in, and folders are present, but no content is shown in any folders. This looks like a DNS problem, but I can't figure out what it could be. I have opened port 53, both in ispconfig and my router.

Is there something obvious I have missed? Any ideas and pointers are appreciated.

Taleman · Jan 2, 2023

That is right.

The panel gets certificate automatically. If you used ISPConfig autoinstaller it should have and show certificate.

Does the attempt to access roundcube show up in web server or other logs? On my server, any domain hosted on that server and /webmail gets to roundcube login screen.

Is there something obvious I have missed? Any ideas and pointers are appreciated.
Click to expand...

If you have just installed this server, start with https://forum.howtoforge.com/threads/please-read-before-posting.58408/

neumann · Jan 5, 2023

Hi Taleman.
1) Ok, I'll stick with that until there is a newer one.
2) I did install from the git provided installer, and all worked flawlessly. But at the time of installation, there were not open ports to the dangerous world outside my routers firewall. But I tried to --force install again now that I have a ispc-panel and sites up and running, with open ports. Is there a question I should pay extra attention to? I guess the certificate in question at the installer, is the selfsigned one. Should I answer yes there (default is no).
3) Yes I do get to the login screen. And giving the relevant authentication I am also logged in. But when logged in, the inbox is empty. But I know it is not. So it is simply not transferred from the actual inbox, to the viewing in roundcube. It was the same problem I had on my old server.
And yes I have read the link before posting, but I didn't find any relevant answers there (a lot of other relevant stuff though).

I have this output from etc/var/log/roundcube/errors.log:

[03-Jan-2023 18:52:51 UTC] PHP Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /usr/share/roundcube/program/lib/Roundcube/bootstrap.php on line 325
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /usr/share/roundcube/program/include/rcmail.php on line 1182
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /usr/share/roundcube/program/lib/Roundcube/bootstrap.php on line 325
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /usr/share/roundcube/program/actions/mail/index.php on line 181
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
[03-Jan-2023 18:53:12 UTC] PHP Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /usr/share/roundcube/program/include/rcmail_action.php on line 1221
Click to expand...

This output leads me to think if php 8.1 is to early for roundcube.

Taleman · Jan 3, 2023

This output leads me to think if php 8.1 is to early for roundcube.
Click to expand...

That may be true.
If you would be so kind and follow the instructions in the Read Before Posting we might make some progress in solving this issue.

But I tried to --force install again
Click to expand...

Do you mean ispconfig_update.sh --force ?

neumann · Jan 3, 2023

Yes I had it prepared, but forgot to include it, I'm sorry about that.
Server:

Code:

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

Php:

Code:

PHP 8.1.13 (cli) (built: Nov 26 2022 14:07:55) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.13, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.13, Copyright (c), by Zend Technologies

ISPC:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 22.04.1 LTS

[INFO] uptime:  22:15:43 up 1 day,  5:20,  2 users,  load average: 0.00, 0.01, 0.00

[INFO] memory:
               total        used        free      shared  buff/cache   available
Mem:           7.7Gi       1.9Gi       1.3Gi        60Mi       4.5Gi       5.4Gi
Swap:          4.0Gi          0B       4.0Gi

[INFO] systemd failed services status:
  UNIT                      LOAD   ACTIVE SUB    DESCRIPTION
● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.9


##### VERSION CHECK #####

[INFO] php (cli) version is 8.1.13
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.1.13

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 285761)
[INFO] I found the following mail server(s):
    Postfix (PID 263751)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 263771)
[INFO] I found the following imap server(s):
    Dovecot (PID 263771)
[INFO] I found the following ftp server(s):
    PureFTP (PID 263875)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
***.***.***.***:53        (718/systemd-resolve)
[anywhere]:3306        (263113/mariadbd)
[localhost]:10023        (1057/postgrey)
[localhost]:53        (263988/named)
[localhost]:53        (263988/named)
[localhost]:53        (263988/named)
[localhost]:53        (263988/named)
[localhost]:953        (263988/named)
[localhost]:953        (263988/named)
[localhost]:953        (263988/named)
[localhost]:953        (263988/named)
[localhost]:11334        (263759/rspamd:)
[localhost]:11333        (263759/rspamd:)
[localhost]:11332        (263759/rspamd:)
***.***.***.***:53        (263988/named)
***.***.***.***:53        (263988/named)
***.***.***.***:53        (263988/named)
***.***.***.***:53        (263988/named)
[localhost]:6379        (800/redis-server)
[anywhere]:465        (263751/master)
[anywhere]:4190        (263771/dovecot)
[anywhere]:110        (263771/dovecot)
[anywhere]:25        (263751/master)
[anywhere]:21        (263875/pure-ftpd)
[anywhere]:22        (858/sshd:)
[anywhere]:143        (263771/dovecot)
[anywhere]:993        (263771/dovecot)
[anywhere]:995        (263771/dovecot)
[anywhere]:587        (263751/master)
[anywhere]:631        (779/cupsd)
[localhost]:11211        (783/memcached)
*:*:*:*::*:3306        (263113/mariadbd)
*:*:*:*::*:8081        (285761/apache2)
*:*:*:*::*:8080        (285761/apache2)
*:*:*:*::*:6379        (800/redis-server)
*:*:*:*::*f64d:30ff:fe6b:53        (263988/named)
*:*:*:*::*f64d:30ff:fe6b:53        (263988/named)
*:*:*:*::*f64d:30ff:fe6b:53        (263988/named)
*:*:*:*::*f64d:30ff:fe6b:53        (263988/named)
*:*:*:*::*:465        (263751/master)
*:*:*:*::*:443        (285761/apache2)
*:*:*:*::*:4190        (263771/dovecot)
*:*:*:*::*:80        (285761/apache2)
[localhost]10        (263771/dovecot)
*:*:*:*::*:25        (263751/master)
*:*:*:*::*:21        (263875/pure-ftpd)
*:*:*:*::*:22        (858/sshd:)
*:*:*:*::*:53        (263988/named)
*:*:*:*::*:53        (263988/named)
*:*:*:*::*:53        (263988/named)
*:*:*:*::*:53        (263988/named)
[localhost]43        (263771/dovecot)
*:*:*:*::*:953        (263988/named)
*:*:*:*::*:953        (263988/named)
*:*:*:*::*:953        (263988/named)
*:*:*:*::*:953        (263988/named)
*:*:*:*::*:993        (263771/dovecot)
*:*:*:*::*:995        (263771/dovecot)
*:*:*:*::*:587        (263751/master)
*:*:*:*::*:631        (779/cupsd)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination       
ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0         
ufw-before-input  all  --  [anywhere]/0            [anywhere]/0         
ufw-after-input  all  --  [anywhere]/0            [anywhere]/0         
ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0         
ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0         
ufw-track-input  all  --  [anywhere]/0            [anywhere]/0         

Chain FORWARD (policy DROP)
target     prot opt source               destination       
ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0         
ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0         
ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0         
ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0         
ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0         
ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       
ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0         
ufw-before-output  all  --  [anywhere]/0            [anywhere]/0         
ufw-after-output  all  --  [anywhere]/0            [anywhere]/0         
ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0         
ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0         
ufw-track-output  all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-after-forward (1 references)
target     prot opt source               destination       

Chain ufw-after-input (1 references)
target     prot opt source               destination       
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination       
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination       
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination       

Chain ufw-after-output (1 references)
target     prot opt source               destination       

Chain ufw-before-forward (1 references)
target     prot opt source               destination       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-before-input (1 references)
target     prot opt source               destination       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  all  --  [anywhere]/0            [anywhere]/0         
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination       

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination       

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination       

Chain ufw-before-output (1 references)
target     prot opt source               destination       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-logging-allow (0 references)
target     prot opt source               destination       
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination       
RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination       
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-reject-forward (1 references)
target     prot opt source               destination       

Chain ufw-reject-input (1 references)
target     prot opt source               destination       

Chain ufw-reject-output (1 references)
target     prot opt source               destination       

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination       
DROP       all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination       
DROP       all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-track-forward (1 references)
target     prot opt source               destination       

Chain ufw-track-input (1 references)
target     prot opt source               destination       

Chain ufw-track-output (1 references)
target     prot opt source               destination       
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination       

Chain ufw-user-input (1 references)
target     prot opt source               destination       
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:20
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:631

Chain ufw-user-limit (0 references)
target     prot opt source               destination       
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0         

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination       

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination       

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination       

Chain ufw-user-output (1 references)
target     prot opt source               destination       




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh

Yes I do, sorry.

till · Jan 4, 2023

You have to choose to recreate the ssl cert when using:

ispconfig_update.sh --force

to get a new let's encrypt based cert. The reason that you did not get one during the initial install as that your system could not be reached by the let#s encrypt servers from the internet because you did not open the ports before installing the system.

neumann · Jan 5, 2023

Hi Till
That is absolutely correct. But I have tried running ispconfig_update.sh --force twice. I get a message that I have mail in /var/mail/root. I open that mail with nano (via midnight commander. Havent tried if I could get it in a regular outlook setup for root mail).
But the message is:

Code:

  GNU nano 6.2                                                                                                    /var/mail/root
Message-Id: <[email protected]>
Date: Wed,  4 Jan 2023 06:25:02 +0000 (UTC)

/etc/cron.daily/auto_update_phpmyadmin:
Local phpMyAdmin install is up-to-date, installed version: 5.2.0, latest version: 5.2.0

From [email protected]  Wed Jan  4 15:52:00 2023
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: by freja.bnjpro.dk (Postfix)
        id 1AB4F520F56; Wed,  4 Jan 2023 15:52:00 +0000 (UTC)
Date: Wed,  4 Jan 2023 15:52:00 +0000 (UTC)
From: [email protected] (Mail Delivery System)
To: [email protected] (Postmaster)
Subject: Postfix SMTP server: errors from unknown[45.14.165.137]
Message-Id: <[email protected]>

Transcript of session follows.

 Out: 220 freja.bnjpro.dk ESMTP Postfix (Ubuntu)

 In:  EHLO [45.14.165.137]
 Out: 250-freja.bnjpro.dk
 Out: 250-PIPELINING
 Out: 250-SIZE
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250-DSN
 Out: 250-SMTPUTF8
 Out: 250 CHUNKING
 In:  STARTTLS
 Out: 454 4.7.0 TLS not available due to local problem

Session aborted, reason: lost connection

For other details, see the local mail logfile

So it is obvious that I don't get a certificate. I don't see any clues in /var/log/mail.log or /var/log/mail.err.

till · Jan 5, 2023

neumann said: ↑

So it is obvious that I don't get a certificate.
Click to expand...

SSL for email would even work if you don't get a cert as a self-signed cert is used then. This email is not a good indication for a problem anyway, instead, use a normal mail client like Thunderbird and connect it to your server to see if you get an error plus post the complete output of the ISPConfig update you did and also check the acme.sh log file.

neumann · Jan 5, 2023

SSL for email would even work if you don't get a cert as a self-signed cert is used then.
Click to expand...

Oh but I don't seem to have problems with email. I know that email is working, because everytime I do a ispconfig_update.sh --force and asks for a new certificate, my mail client wants to upgrade the certificate.

What I fail to get working is the ssl for the ISPC panel. The sites I make in the panel are getting LE certificates allright (for instance bnjpro.dk). And encrypting this entry, is probably the most important security issue on the whole server.

So the problem right now is that when running ispconfig_update.sh --force and asking for a new certificate, still doesn't give the ISPC a LE certificate (bnjpro.dk:8080)

till · Jan 5, 2023

neumann said: ↑

What I fail to get working is the ssl for the ISPC panel.
Click to expand...

It's the exact same cert that is used by the mail system. Maybe you access the panel by using the wrong URL? You must access it through the system's hostname. Run the command:

hostname -f

on the shell of your server, this will return the hostname of your system. Then use this exact full hostname to access ISPConfig on port 8080, e.g.:

https://server1.example.com:8080/

neumann · Jan 5, 2023

hostname -f gives freja.bnjpro.dk, which is what I expected, and also what came up during installation following the guide.
but https://freja.bnjpro.dk:8080 does still not show a LE certificate (page insecure).

till · Jan 5, 2023

That's because you did not get a Let's encrypt cert yet, this is a self-signed SSL cert. Please see post #8 on what to check. We can not help you if you neither post the full output that you got during ISPConfig update nor the acme.sh log.

neumann · Jan 5, 2023

Sorry.

acme.log:

Code:

[Thu Jan  5 12:25:02 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jan  5 12:25:02 AM UTC 2023] DOMAIN_PATH='/root/.acme.sh/freja.bnjpro.dk'
[Thu Jan  5 12:25:02 AM UTC 2023] Renew: 'freja.bnjpro.dk'
[Thu Jan  5 12:25:02 AM UTC 2023] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jan  5 12:25:02 AM UTC 2023] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Thu Jan  5 12:25:02 AM UTC 2023] Using config home:/root/.acme.sh
[Thu Jan  5 12:25:02 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jan  5 12:25:02 AM UTC 2023] Skip invalid cert for: freja.bnjpro.dk
[Thu Jan  5 12:25:02 AM UTC 2023] Return code: 2
[Thu Jan  5 12:25:02 AM UTC 2023] Skipped freja.bnjpro.dk

htf_report.txt:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 22.04.1 LTS
 
[INFO] uptime:  10:20:24 up 2 days, 17:24,  2 users,  load average: 0.01, 0.01, 0.00
 
[INFO] memory:
               total        used        free      shared  buff/cache   available
Mem:           7.7Gi       1.9Gi       1.3Gi        60Mi       4.5Gi       5.4Gi
Swap:          4.0Gi       0.0Ki       4.0Gi
 
[INFO] systemd failed services status:
  UNIT                      LOAD   ACTIVE SUB    DESCRIPTION
● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.9


##### VERSION CHECK #####

[INFO] php (cli) version is 8.1.13
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.1.13

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 497888)
[INFO] I found the following mail server(s):
    Postfix (PID 497823)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 497842)
[INFO] I found the following imap server(s):
    Dovecot (PID 497842)
[INFO] I found the following ftp server(s):
    PureFTP (PID 498048)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
***.***.***.***:53        (718/systemd-resolve)
[anywhere]:3306        (497178/mariadbd)
[localhost]:10023        (1057/postgrey)
[localhost]:53        (498055/named)
[localhost]:53        (498055/named)
[localhost]:53        (498055/named)
[localhost]:53        (498055/named)
[localhost]:953        (498055/named)
[localhost]:953        (498055/named)
[localhost]:953        (498055/named)
[localhost]:953        (498055/named)
[localhost]:11334        (497830/rspamd:)
[localhost]:11333        (497830/rspamd:)
[localhost]:11332        (497830/rspamd:)
***.***.***.***:53        (498055/named)
***.***.***.***:53        (498055/named)
***.***.***.***:53        (498055/named)
***.***.***.***:53        (498055/named)
[localhost]:6379        (800/redis-server)
[anywhere]:465        (497823/master)
[anywhere]:4190        (497842/dovecot)
[anywhere]:110        (497842/dovecot)
[anywhere]:25        (497823/master)
[anywhere]:21        (498048/pure-ftpd)
[anywhere]:22        (858/sshd:)
[anywhere]:143        (497842/dovecot)
[anywhere]:993        (497842/dovecot)
[anywhere]:995        (497842/dovecot)
[anywhere]:587        (497823/master)
[anywhere]:631        (531679/cupsd)
[localhost]:11211        (783/memcached)
*:*:*:*::*:3306        (497178/mariadbd)
*:*:*:*::*:8081        (497888/apache2)
*:*:*:*::*:8080        (497888/apache2)
*:*:*:*::*:6379        (800/redis-server)
*:*:*:*::*f64d:30ff:fe6b:53        (498055/named)
*:*:*:*::*f64d:30ff:fe6b:53        (498055/named)
*:*:*:*::*f64d:30ff:fe6b:53        (498055/named)
*:*:*:*::*f64d:30ff:fe6b:53        (498055/named)
*:*:*:*::*:465        (497823/master)
*:*:*:*::*:443        (497888/apache2)
*:*:*:*::*:4190        (497842/dovecot)
*:*:*:*::*:80        (497888/apache2)
[localhost]10        (497842/dovecot)
*:*:*:*::*:25        (497823/master)
*:*:*:*::*:21        (498048/pure-ftpd)
*:*:*:*::*:22        (858/sshd:)
*:*:*:*::*:53        (498055/named)
*:*:*:*::*:53        (498055/named)
*:*:*:*::*:53        (498055/named)
*:*:*:*::*:53        (498055/named)
[localhost]43        (497842/dovecot)
*:*:*:*::*:953        (498055/named)
*:*:*:*::*:953        (498055/named)
*:*:*:*::*:953        (498055/named)
*:*:*:*::*:953        (498055/named)
*:*:*:*::*:993        (497842/dovecot)
*:*:*:*::*:995        (497842/dovecot)
*:*:*:*::*:587        (497823/master)
*:*:*:*::*:631        (531679/cupsd)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:20
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:631

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  [anywhere]/0            [anywhere]/0           

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination         




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh

Taleman · Jan 5, 2023

Use https://www.sslshopper.com/ssl-checker.html to see what is wrong with the certificate.
I do not know what caused this error, but I am confident following the LE Error FAQ would show the reason. https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/
Did you perhaps create website with url freja.bnjpro.dk?
When running ispconfig_update.sh --force, are you choosing to create LE certificate?

neumann · Jan 6, 2023

Hi Taleman
I think you are on to something. Because I have a LE-certificate for the first site, which is my own site called bnjpro.dk and that is probably blocking for me to make a freja.bnjpro.dk certificate for the control panel login page.
So maybe if I release that certificate and run a ispconfig_update.sh --force and ask for a new self signed certificate, the LE cert will be generated for the sub domain freja.bnjpro.dk, and will probably also cover bnjpro.dk.

This is the output from the link you gave (only the error codes):
Code:
The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
 
None of the common names in the certificate match the name that was entered (bnjpro.dk). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
Which I think indicates that you are right.

Did following unchecked the LE certificate in ispconfig for the site bnjpro.dk
Ran ispconfig_update.sh --force

And now the output of SSL checker is:
Code:
The hostname (freja.bnjpro.dk) is correctly listed in the certificate.
   
The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
So it did do something better, but it seems like I'm not there yet. :-(

neumann · Jan 6, 2023

If I untick the LE certificate for the site bnjpro in ispc, it does not remove the certificate. So I have been looking for a way to revoke the certificate. But the explanations I can find involves the path /etc/letsencrypt/xxxx. But it seems like when using ACME as the way to do it, letsencrypt is not located at /etc/letsencrypt anymore.
So how do I revoke the certificate for bnjpro.dk, in order to run the ispconfig_update.sh --force so I can make the certificate work for the ispc panel?
Can I after that use that certificate as well for the site bnjpro.dk? Or can I generate one for the site then?

till · Jan 6, 2023

neumann said: ↑

I think you are on to something. Because I have a LE-certificate for the first site, which is my own site called bnjpro.dk and that is probably blocking for me to make a freja.bnjpro.dk certificate for the control panel login page.
Click to expand...

No, this is not related. @Taleman did not ask if you have a site for bnjpro.dk, he asked if you have a site for the exact hostname freja.bnjpro.dk. A site for bnjpro.dk doe snot matter. Check the acme.sh log to see why Let's encrypt refuses to issue a cert. You posted just a very short excerpt that does not contain the part about why you do not get a cert. And I asked you to post the full output that you received during ISPConfig update, which will show what happens in detail, which you did not do yet.

neumann said: ↑

So how do I revoke the certificate for bnjpro.dk, in order to run the ispconfig_update.sh --force so I can make the certificate work for the ispc panel?
Click to expand...

That's not related at all, so do no anything of what you suggested, instead, tick the Let's encrypt checkbox of the site again.

neumann · Jan 6, 2023

I am really sorry that I'm such a noob, but I'm trying as hard as I can, and I'm learning so much from you guys, and I really appreciate your effort and patience.

I only posted what I thought was what it was all abou because ion this forum there is a limit of 20000 characters in a post, and and the acme.log is exceeding this limit. So I have had to delete something from the top of the log:

Code:

[Fri Jan  6 06:40:02 AM UTC 2023] Running cmd: issue
[Fri Jan  6 06:40:02 AM UTC 2023] _main_domain='bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] _alt_domains='webmail.bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 06:40:02 AM UTC 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 06:40:02 AM UTC 2023] DOMAIN_PATH='/root/.acme.sh/bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] Le_NextRenewTime='1677865392'
[Fri Jan  6 06:40:02 AM UTC 2023] _saved_domain='bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] _saved_alt='ispc.bnjpro.dk,webmail.bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] _normized_saved_domains='bnjpro.dk,ispc.bnjpro.dk,webmail.bnjpro.dk,'
[Fri Jan  6 06:40:02 AM UTC 2023] _normized_domains='bnjpro.dk,webmail.bnjpro.dk,'
[Fri Jan  6 06:40:02 AM UTC 2023] Domains have changed.
[Fri Jan  6 06:40:02 AM UTC 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Jan  6 06:40:02 AM UTC 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Jan  6 06:40:02 AM UTC 2023] GET
[Fri Jan  6 06:40:02 AM UTC 2023] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 06:40:02 AM UTC 2023] timeout=
[Fri Jan  6 06:40:02 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 06:40:02 AM UTC 2023] ret='0'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_NEW_AUTHZ
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Fri Jan  6 06:40:02 AM UTC 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Jan  6 06:40:02 AM UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Jan  6 06:40:02 AM UTC 2023] _on_before_issue
[Fri Jan  6 06:40:02 AM UTC 2023] _chk_main_domain='bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] _chk_alt_domains='webmail.bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] Le_LocalAddress
[Fri Jan  6 06:40:02 AM UTC 2023] d='bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] Check for domain='bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:02 AM UTC 2023] d='webmail.bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] Check for domain='webmail.bnjpro.dk'
[Fri Jan  6 06:40:02 AM UTC 2023] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:02 AM UTC 2023] d
[Fri Jan  6 06:40:03 AM UTC 2023] _saved_account_key_hash is not changed, skip register account.
[Fri Jan  6 06:40:03 AM UTC 2023] Read key length:4096
[Fri Jan  6 06:40:03 AM UTC 2023] Using pre generated key: /root/.acme.sh/bnjpro.dk/bnjpro.dk.key.next
[Fri Jan  6 06:40:03 AM UTC 2023] Generate next pre-generate key.
[Fri Jan  6 06:40:03 AM UTC 2023] Use length 4096
[Fri Jan  6 06:40:03 AM UTC 2023] Using RSA: 4096
[Fri Jan  6 06:40:03 AM UTC 2023] _createcsr
[Fri Jan  6 06:40:03 AM UTC 2023] Multi domain='DNS:bnjpro.dk,DNS:webmail.bnjpro.dk'
[Fri Jan  6 06:40:03 AM UTC 2023] Getting domain auth token for each domain
[Fri Jan  6 06:40:03 AM UTC 2023] d='webmail.bnjpro.dk'
[Fri Jan  6 06:40:03 AM UTC 2023] d
[Fri Jan  6 06:40:03 AM UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Jan  6 06:40:03 AM UTC 2023] payload='{"identifiers": [{"type":"dns","value":"bnjpro.dk"},{"type":"dns","value":"webmail.bnjpro.dk"}]}'
[Fri Jan  6 06:40:03 AM UTC 2023] RSA key
[Fri Jan  6 06:40:03 AM UTC 2023] HEAD
[Fri Jan  6 06:40:03 AM UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Jan  6 06:40:03 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -I  '
[Fri Jan  6 06:40:04 AM UTC 2023] _ret='0'
[Fri Jan  6 06:40:04 AM UTC 2023] POST
[Fri Jan  6 06:40:04 AM UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Jan  6 06:40:04 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 06:40:04 AM UTC 2023] _ret='0'
[Fri Jan  6 06:40:04 AM UTC 2023] code='201'
[Fri Jan  6 06:40:04 AM UTC 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/892604307/157174731117'
[Fri Jan  6 06:40:04 AM UTC 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/892604307/157174731117'
[Fri Jan  6 06:40:04 AM UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/190892597487'
[Fri Jan  6 06:40:04 AM UTC 2023] payload
[Fri Jan  6 06:40:05 AM UTC 2023] POST
[Fri Jan  6 06:40:05 AM UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/190892597487'
[Fri Jan  6 06:40:05 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 06:40:05 AM UTC 2023] _ret='0'
[Fri Jan  6 06:40:05 AM UTC 2023] code='200'
[Fri Jan  6 06:40:05 AM UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/191962136207'
[Fri Jan  6 06:40:05 AM UTC 2023] payload
[Fri Jan  6 06:40:05 AM UTC 2023] POST
[Fri Jan  6 06:40:05 AM UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/191962136207'
[Fri Jan  6 06:40:05 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 06:40:06 AM UTC 2023] _ret='0'
[Fri Jan  6 06:40:06 AM UTC 2023] code='200'
[Fri Jan  6 06:40:06 AM UTC 2023] d='bnjpro.dk'
[Fri Jan  6 06:40:06 AM UTC 2023] Getting webroot for domain='bnjpro.dk'
[Fri Jan  6 06:40:06 AM UTC 2023] _w='/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:06 AM UTC 2023] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:06 AM UTC 2023] entry='"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/190892597487/363QYQ","token":"e5TYZnHaDIcR_BKYZ1MYt6ZcDUhwwMUDLQkn0n5E7SU","validationRecord":[{"url":"http://bnjpro.dk/.well-known/acme-challenge/e5TYZnHaDIcR_BKYZ1MYt6ZcDUhwwMUDLQkn0n5E7SU","hostname":"bnjpro.dk","port":"80","addressesResolved":["185.10.222.159"],"addressUsed":"185.10.222.159"'
[Fri Jan  6 06:40:06 AM UTC 2023] token='e5TYZnHaDIcR_BKYZ1MYt6ZcDUhwwMUDLQkn0n5E7SU'
[Fri Jan  6 06:40:06 AM UTC 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190892597487/363QYQ'
[Fri Jan  6 06:40:06 AM UTC 2023] keyauthorization='e5TYZnHaDIcR_BKYZ1MYt6ZcDUhwwMUDLQkn0n5E7SU.UleTj6h4K0Xoo3mL_-1T2Y7EfE8lx-1jV_lHj8zKhLE'
[Fri Jan  6 06:40:06 AM UTC 2023] bnjpro.dk is already verified.
[Fri Jan  6 06:40:06 AM UTC 2023] keyauthorization='verified_ok'
[Fri Jan  6 06:40:06 AM UTC 2023] dvlist='bnjpro.dk#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/190892597487/363QYQ#http-01#/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:06 AM UTC 2023] d='webmail.bnjpro.dk'
[Fri Jan  6 06:40:06 AM UTC 2023] Getting webroot for domain='webmail.bnjpro.dk'
[Fri Jan  6 06:40:06 AM UTC 2023] _w='/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:06 AM UTC 2023] _currentRoot='/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:06 AM UTC 2023] entry='"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/191962136207/V9o-Hw","token":"IVBeylgeD20sZUH99jn2cMrIGZIXCwwZjMW_LCI_FOA","validationRecord":[{"url":"http://webmail.bnjpro.dk/.well-known/acme-challenge/IVBeylgeD20sZUH99jn2cMrIGZIXCwwZjMW_LCI_FOA","hostname":"webmail.bnjpro.dk","port":"80","addressesResolved":["185.10.222.159"],"addressUsed":"185.10.222.159"'
[Fri Jan  6 06:40:06 AM UTC 2023] token='IVBeylgeD20sZUH99jn2cMrIGZIXCwwZjMW_LCI_FOA'
[Fri Jan  6 06:40:06 AM UTC 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/191962136207/V9o-Hw'
[Fri Jan  6 06:40:06 AM UTC 2023] keyauthorization='IVBeylgeD20sZUH99jn2cMrIGZIXCwwZjMW_LCI_FOA.UleTj6h4K0Xoo3mL_-1T2Y7EfE8lx-1jV_lHj8zKhLE'
[Fri Jan  6 06:40:06 AM UTC 2023] webmail.bnjpro.dk is already verified.
[Fri Jan  6 06:40:06 AM UTC 2023] keyauthorization='verified_ok'
[Fri Jan  6 06:40:06 AM UTC 2023] dvlist='webmail.bnjpro.dk#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/191962136207/V9o-Hw#http-01#/usr/local/ispconfig/interface/acme'
[Fri Jan  6 06:40:06 AM UTC 2023] d
[Fri Jan  6 06:40:06 AM UTC 2023] vlist='bnjpro.dk#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/190892597487/363QYQ#http-01#/usr/local/ispconfig/interface/acme,webmail.bnjpro.dk#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/191962136207/V9o-Hw#http-01#/usr/local/ispconfig/interface/acme,'
[Fri Jan  6 06:40:06 AM UTC 2023] d='bnjpro.dk'
[Fri Jan  6 06:40:06 AM UTC 2023] bnjpro.dk is already verified, skip http-01.
[Fri Jan  6 06:40:06 AM UTC 2023] d='webmail.bnjpro.dk'
[Fri Jan  6 06:40:06 AM UTC 2023] webmail.bnjpro.dk is already verified, skip http-01.
[Fri Jan  6 06:40:06 AM UTC 2023] ok, let's start to verify
[Fri Jan  6 06:40:06 AM UTC 2023] bnjpro.dk is already verified, skip http-01.
[Fri Jan  6 06:40:06 AM UTC 2023] webmail.bnjpro.dk is already verified, skip http-01.
[Fri Jan  6 06:40:06 AM UTC 2023] pid
[Fri Jan  6 06:40:06 AM UTC 2023] No need to restore nginx, skip.
[Fri Jan  6 06:40:06 AM UTC 2023] _clearupdns
[Fri Jan  6 06:40:06 AM UTC 2023] dns_entries
[Fri Jan  6 06:40:06 AM UTC 2023] skip dns.
[Fri Jan  6 06:40:06 AM UTC 2023] Verify finished, start to sign.
[Fri Jan  6 06:40:06 AM UTC 2023] i='2'
[Fri Jan  6 06:40:06 AM UTC 2023] j='27'
[Fri Jan  6 06:40:06 AM UTC 2023] Lets finalize the order.
[Fri Jan  6 06:40:06 AM UTC 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/892604307/157174731117'
[Fri Jan  6 06:40:06 AM UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/finalize/892604307/157174731117'
[Fri Jan  6 06:40:06 AM UTC 2023] payload='{"csr": "MIIEsjCCApoCAQAwFDESMBAGA1UEAwwJYm5qcHJvLmRrMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4iJ2SrJx7cD9Qccklttm97PQIK57jrbV4WcJftAPA94CyqLMz6jYIytZBkJa8KOetolJSVfhttwtWe6bdIGf9VRsDsoVkF98RDCgc-yPnw9L0PFK4-YUarAqeWW_yYG9KfCBCqbPAk6Ymh8tCFxA2iM06iL1iz5lZCB26D_y0WaWnoKoGFNAMyIiCyAWuHE74r-zyU0Yc8XYEiE1CrmitwcJTPd9-Tkx_jVtfuOa-4c44LgUKl8YfQFCmOuy7LOOw4wnBmNiGmsZNxvoqXOdHuMPoI_qNUg_2Q9rxRt93NyS2DKwthCYYYt-7TG_ehmmyFV30asOOPr-YeORvB3YUVjjEaEQsh9bw_0gfWTm6NfvPkdY0WX3WwkoTmiOdgGAvll0uF2Gl_z7hrbMixKhq_IvFKu7Rhke0PlhBGHR5NUExns_3NxnwY9tGRKb6QGOJg7i4R0N7Ltp5Rkc40YL_1SUcSEbm5c7tjvwUYGwgB0bKTcsMZjSQTfAgidrFpfbhTQgTmZrsyScHGeTcTIPlkB8j-PDfb_296icgLNtz0O8QuwAZZtO0IslkCQxWmceN5gqVEAjX5J5gYTvuXY3aPiPyVxrmmCYZDj0EaKkQvjFqOKj8QKT3AbyvQD2Z0JP9NRVXaHnZwyHrN1z2s0Ry2b0-798ZqxtEy4H9gRKyZECAwEAAaBZMFcGCSqGSIb3DQEJDjFKMEgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcGA1UdEQQgMB6CCWJuanByby5ka4IRd2VibWFpbC5ibmpwcm8uZGswDQYJKoZIhvcNAQELBQADggIBAA7rBT_c2SAYnzjaeXuR3oea3sNs-DpBoNFl1GXyaNbKXPOChyt8scxShmvyREtIid9KutbzlNrSoWNF0NZgJvJ1jx8s_YWkPdz87_fKMmEz73ILVyMX0C3vmFcuCmdyFWC_eoa7ubVm_3oqFl4EADq6ykxg9-ZacWiX6riGYd8jkee7SaRYja_RyX82bVWHavsvu5Y0_5J8vHjtXii-cWD7lfccogT-AjnSQx64g5-0SX8jiskNkd1mxwmjKR5COTrqSR0i2S6smaqls7-59YfLhkr3atAaAwXR-U1dl0SENVaCDFOvrA8JED8_aF4t5vREbjMQqgmiLQSEnLk5EDso36TKT0ib2XIMGYcnG0HZy_VX0zsPtIzjoRNtxKlETYgD8mORu7RieNpsfJPB5xySgsfD1Klhu0A_VEDPklmHGxGyf-B7WzKd3ZpMQWD5ipFhyiZdiZceCmjgSoZa1nkBVMfhejPAE82jnPVhOLvCuI7NSDkCfRT9Y1iShOKOfW4wcRdpfY3WqIoo3n5UOnZu3ATPWg_Qeo-PS--SJqeRZ2XWDgVBraOZ9u2PtvRNUG7dOekoz0G2IwzB9Ud7tbD0paYTS_JYsTQZNq1CrJcWll2d4IQ5GOG5SqWRP2W38eeqhpQM4m9KBTcOaSXgm2wxXpy7KNGRkOOuQXDHDmlD"}'
[Fri Jan  6 06:40:06 AM UTC 2023] POST
[Fri Jan  6 06:40:06 AM UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/892604307/157174731117'
[Fri Jan  6 06:40:06 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 06:40:07 AM UTC 2023] _ret='0'
[Fri Jan  6 06:40:07 AM UTC 2023] code='200'
[Fri Jan  6 06:40:07 AM UTC 2023] Order status is valid.
[Fri Jan  6 06:40:07 AM UTC 2023] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03aa6d6b2b740e3c7c590dbcdbbddedcb42f'
[Fri Jan  6 06:40:07 AM UTC 2023] Downloading cert.
[Fri Jan  6 06:40:07 AM UTC 2023] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03aa6d6b2b740e3c7c590dbcdbbddedcb42f'
[Fri Jan  6 06:40:07 AM UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/cert/03aa6d6b2b740e3c7c590dbcdbbddedcb42f'
[Fri Jan  6 06:40:07 AM UTC 2023] payload
[Fri Jan  6 06:40:08 AM UTC 2023] POST
[Fri Jan  6 06:40:08 AM UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/cert/03aa6d6b2b740e3c7c590dbcdbbddedcb42f'
[Fri Jan  6 06:40:08 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 06:40:08 AM UTC 2023] _ret='0'
[Fri Jan  6 06:40:08 AM UTC 2023] code='200'
[Fri Jan  6 06:40:08 AM UTC 2023] Found cert chain
[Fri Jan  6 06:40:08 AM UTC 2023] _end_n='35'
[Fri Jan  6 06:40:08 AM UTC 2023] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03aa6d6b2b740e3c7c590dbcdbbddedcb42f'
[Fri Jan  6 06:40:08 AM UTC 2023] Cert success.
[Fri Jan  6 06:40:08 AM UTC 2023] Your cert is in: /root/.acme.sh/bnjpro.dk/bnjpro.dk.cer
[Fri Jan  6 06:40:08 AM UTC 2023] Your cert key is in: /root/.acme.sh/bnjpro.dk/bnjpro.dk.key
[Fri Jan  6 06:40:08 AM UTC 2023] The intermediate CA cert is in: /root/.acme.sh/bnjpro.dk/ca.cer
[Fri Jan  6 06:40:08 AM UTC 2023] And the full chain certs is there: /root/.acme.sh/bnjpro.dk/fullchain.cer
[Fri Jan  6 06:40:08 AM UTC 2023] Your pre-generated next key for future cert key change is in: /root/.acme.sh/bnjpro.dk/bnjpro.dk.key.next
[Fri Jan  6 06:40:08 AM UTC 2023] _on_issue_success
[Fri Jan  6 06:40:08 AM UTC 2023] Lets find script dir.
[Fri Jan  6 06:40:08 AM UTC 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Jan  6 06:40:08 AM UTC 2023] _script='/root/.acme.sh/acme.sh'
[Fri Jan  6 06:40:08 AM UTC 2023] _script_home='/root/.acme.sh'
[Fri Jan  6 06:40:08 AM UTC 2023] Using default home:/root/.acme.sh
[Fri Jan  6 06:40:08 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 06:40:08 AM UTC 2023] Running cmd: installcert
[Fri Jan  6 06:40:08 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 06:40:08 AM UTC 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 06:40:08 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 06:40:08 AM UTC 2023] DOMAIN_PATH='/root/.acme.sh/bnjpro.dk'
[Fri Jan  6 06:40:08 AM UTC 2023] Installing key to: /var/www/clients/client1/web1/ssl/bnjpro.dk-le.key
[Fri Jan  6 06:40:08 AM UTC 2023] Installing full chain to: /var/www/clients/client1/web1/ssl/bnjpro.dk-le.crt
[Fri Jan  6 06:40:08 AM UTC 2023] Run reload cmd: systemctl force-reload apache2.service
[Fri Jan  6 06:40:09 AM UTC 2023] Reload success
[Fri Jan  6 07:39:01 AM UTC 2023] Running cmd: issue
[Fri Jan  6 07:39:01 AM UTC 2023] _main_domain='bnjpro.dk'
[Fri Jan  6 07:39:01 AM UTC 2023] _alt_domains='webmail.bnjpro.dk'
[Fri Jan  6 07:39:01 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 07:39:02 AM UTC 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 07:39:02 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 07:39:02 AM UTC 2023] DOMAIN_PATH='/root/.acme.sh/bnjpro.dk'
[Fri Jan  6 07:39:02 AM UTC 2023] Le_NextRenewTime='1678084808'
[Fri Jan  6 07:39:02 AM UTC 2023] _saved_domain='bnjpro.dk'
[Fri Jan  6 07:39:02 AM UTC 2023] _saved_alt='webmail.bnjpro.dk'
[Fri Jan  6 07:39:02 AM UTC 2023] _normized_saved_domains='bnjpro.dk,webmail.bnjpro.dk,'
[Fri Jan  6 07:39:02 AM UTC 2023] _normized_domains='bnjpro.dk,webmail.bnjpro.dk,'
[Fri Jan  6 07:39:02 AM UTC 2023] Domains not changed.
[Fri Jan  6 07:39:02 AM UTC 2023] Skip, Next renewal time is: 2023-03-06T06:40:08Z
[Fri Jan  6 07:39:02 AM UTC 2023] Add '--force' to force to renew.
[Fri Jan  6 07:39:02 AM UTC 2023] Lets find script dir.
[Fri Jan  6 07:39:02 AM UTC 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Jan  6 07:39:02 AM UTC 2023] _script='/root/.acme.sh/acme.sh'
[Fri Jan  6 07:39:02 AM UTC 2023] _script_home='/root/.acme.sh'
[Fri Jan  6 07:39:02 AM UTC 2023] Using default home:/root/.acme.sh
[Fri Jan  6 07:39:02 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 07:39:02 AM UTC 2023] Running cmd: installcert
[Fri Jan  6 07:39:02 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 07:39:02 AM UTC 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 07:39:02 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 07:39:02 AM UTC 2023] DOMAIN_PATH='/root/.acme.sh/bnjpro.dk'
[Fri Jan  6 07:39:02 AM UTC 2023] Installing key to: /var/www/clients/client1/web1/ssl/bnjpro.dk-le.key
[Fri Jan  6 07:39:02 AM UTC 2023] Installing full chain to: /var/www/clients/client1/web1/ssl/bnjpro.dk-le.crt
[Fri Jan  6 07:39:02 AM UTC 2023] Run reload cmd: systemctl force-reload apache2.service
[Fri Jan  6 07:39:02 AM UTC 2023] Reload success

till · Jan 6, 2023

All the requests in the log are for bnjpro.dk and webmail.bnjpro.dk, so probably from activating that website again, but not from ispconfig update (for freja.bnjpro.dk).

Please do this now:

1) Run an ISPConfig update with --force option and post everything what you get on the screen from that update.
2) Then look into the acme.sh log and post what got added there.

You can also attach .txt files to a forum post if you hit post size limitations, or do multiple posts.

neumann · Jan 6, 2023

This what comes from the update while in the process:

Code:

>> Update

Operating System: Ubuntu 22.04.1 LTS (Jammy Jellyfish)

This application will update ISPConfig 3 on your server.

Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]:

Creating backup of "/usr/local/ispconfig" directory...
Creating backup of "/etc" directory...
Creating backup of "/root/.acme.sh" directory...
Checking ISPConfig database .. WARNING: Forcing protocol to TCP due to option specification. Please explicitly state intended protocol.
OK
WARNING: Forcing protocol to TCP due to option specification. Please explicitly state intended protocol.
Starting incremental database update.
Loading SQL patch file: /tmp/update_runner.sh.ScchtMscnD/install/sql/incremental/upd_dev_collection.sql
Reconfigure Permissions in master database? (yes,no) [no]:

Reconfigure Services? (yes,no,selected) [yes]:

Configuring Postfix
Configuring Dovecot
Configuring Spamassassin
Configuring Rspamd
Configuring Getmail
Configuring BIND
Configuring Pureftpd
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Jailkit
Configuring Ubuntu Firewall
Configuring Database
Updating ISPConfig
ISPConfig Port [8080]:

Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for freja.bnjpro.dk
Using certificate path /root/.acme.sh/freja.bnjpro.dk
Using apache for certificate validation
acme.sh is installed, overriding certificate path to use /root/.acme.sh/freja.bnjpro.dk
[Fri Jan 6 08:02:41 AM UTC 2023] Domain key exists, do you want to overwrite the key?
[Fri Jan 6 08:02:41 AM UTC 2023] Add '--force', and try again.
[Fri Jan 6 08:02:41 AM UTC 2023] Create domain key error.
[Fri Jan 6 08:02:41 AM UTC 2023] Please check log file for more details: /var/log/ispconfig/acme.log
Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
Could not issue letsencrypt certificate, falling back to self-signed.
.+...+..+......+.+.....+......+...+....+......+..............+...+....+.........+............+..+.+.....+.+.....+....+..+...+....+..+.............+.......................+....+.........+..+.......+...+...+..+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+................+..+.+..+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+.....+..........+..............+....+............+..+...............+.......+...+...........+.+.........+............+...+..+....+...+........+.......+........+.......+..+.+............+......+..+...+............+...+....+.....................+...........+................+........+....+........+...............+...............+...+....+............+.....+...+.+..+....+...+........+...+.+......+.....+.......+.....+..........+......+.....+............+.......+..+...+.......+.........+.....+.........+..........+...........+................+..................+...+...+......+...+...+...+.....+......+.+..+.+.....+....+..+.+........+............+.............+......+.....+...+..........+...+.....+....+......+..+.............+........+......+...+.......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+...+...........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+.....+.+.....+.........+....+..+.+..+..........+..+....+............+.........+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+......+...+....+..+.....................+...+.......+..+.+.........+.....................+......+...............+.....+.............+.................+..........+........+.............+..+............+.+.....+.........+...+............+.+........+.......+..+......................+......+..+...+...+......+....+.....+......+.+..+.+...........+.+........+.......+...+.........+........+...............+......................+....................+.+..+...+.+.....+.+............+.....................+.........+.....+.+.....+................+........+.......+......+............+..+.............+......+.........+..+..................+...+...+............+.......+...+...+...............+......+...+.....+..........+................................+...+......+.+...+...+...+..+.........+.+...+.....+.......+...+.....+.+...........+...+............+.........+.+..+..........+..+...+.............+..............+.+...............+..+......+......+.........+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DK
State or Province Name (full name) [Some-State]:Denmark
Locality Name (eg, city) []:Copenhagen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:bnjpro
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:freja.bnjpro.dk
Email Address []:[email protected]
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]:

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]:

Reconfigure Crontab? (yes,no) [yes]:

Updating Crontab
Restarting services ...
Update finished.
root@freja:/home/neumann#

New entry in /var/log/ispconfig/acme.log:

Code:

[Fri Jan  6 08:03:52 AM UTC 2023] Running cmd: upgrade
[Fri Jan  6 08:03:52 AM UTC 2023] Using config home:/root/.acme.sh
[Fri Jan  6 08:03:52 AM UTC 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 08:03:52 AM UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Jan  6 08:03:52 AM UTC 2023] GET
[Fri Jan  6 08:03:52 AM UTC 2023] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Fri Jan  6 08:03:52 AM UTC 2023] timeout=
[Fri Jan  6 08:03:52 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Fri Jan  6 08:03:52 AM UTC 2023] ret='0'
[Fri Jan  6 08:03:52 AM UTC 2023] Already uptodate!
[Fri Jan  6 08:03:52 AM UTC 2023] Upgrade success!
[Fri Jan  6 08:03:52 AM UTC 2023] Running cmd: setdefaultca
[Fri Jan  6 08:03:52 AM UTC 2023] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory

If I'm reading this right, the output of ispc_update --force tells me there is an issue, but refers to the acme.log for more details, where I read it as the update and issue went on ok. Or am I not reading this correct?

Log in or Sign up

Some questions - to start with.

neumann Member

Taleman Well-Known Member HowtoForge Supporter

neumann Member

Taleman Well-Known Member HowtoForge Supporter

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

Taleman Well-Known Member HowtoForge Supporter

neumann Member

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

Share This Page

Log in or Sign up

Some questions - to start with.

neumann Member

Taleman Well-Known Member HowtoForge Supporter

neumann Member

Taleman Well-Known Member HowtoForge Supporter

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

Taleman Well-Known Member HowtoForge Supporter

neumann Member

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

till Super Moderator Staff Member ISPConfig Developer

neumann Member

Share This Page

Useful Searches