Hi folks last days I run a migration from an ispconfig multiserver setup back to an single server by using the migration tool. The new server got installed on Debian 12 with the https://www.howtoforge.com/perfect-server-debian-12-buster-apache-bind-dovecot-ispconfig-3-2/ HOWTO. After setup, I started the migration tool three times to migrate the "webadmin" (just the ispconfig customer panel on a standalone machine), the mail and the webserver - migration went well but gave a warning whereas the ssl-certs couldn´t be used any longer, since the new ispconfig uses different LE-clients, which isn´t compatible with certbot. However: Now I have old certs and the mailserver can´t be accessed by other clients, where the webmailer is working like a charm. The logfile here tells me: Code: web01 dovecot: imap-login: Disconnected: Conection closed: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0sec): user:<> rip:<******> lip:<******> TLS handshaking: SSL_accept() failed: error0A000416 routines::sslv3 I already tried to renew the certs with "acme.sh --renew" which ended up with requiring more details, I don´t have regarding mail. Using the FQDN of the server ends up with a detail request for validation method - where I got stuck, finally. How to solve this?
You could try an Code: ispconfig_update.sh --force and say "yes" to Code: Create new ISPConfig SSL certificate (yes,no) [yes]
It would be best if you had used the auto-installer, which would have allowed you to install a compatible LE client that matches your old setup. The guide you used recommended using the auto-installer in the first chapter. You should have installed the correct LE client using the auto-installer, as LE certs cannot be migrated when you do not have the same LE client on the new server that you used on the old server. See the prerequisites for using the migration tool in the migration tool tutorial: https://www.howtoforge.com/tutorial...-confixx-plesk-to-ispconfig-31-single-server/ Installing the correct Let's Encrypt client using auto-installer could have easily avoided your current issue. The migration tool even warned you about that upfront of the migration. This can not work as Acme.sh is not configured for your system's SSL certs, so nothing can be renewed. You will have to request new certs for all websites. You can try to do this by using Tools > resync for the websites. If this does not work, then you have to switch Let#s encrypt off for each site, save, and switch it on again. The central SSL cert for the system can be re-issued using: ispconfig_update.sh --force like @Strontium mentioned.
Danke Ihr beiden @till: Noch deutlicher kannste mir nicht sagen, dass ich nach einem 30h-Tag keine Migrationen mehr machen sollte?
well, there´s still somewhere an issue with SSL: all websites are linked to the initially first website, I ever build at the ispconfig. is there anything I missed out after running the forced ispconfig_update.sh? in more detail: I call https://web40.tld and get the https://web1.tld/ispconfig-welcome.html with an SSL error The first nightly renew of all certs obviously hasn´t run successfully.
This is just for the ISPConfig SSL cert, not for websites. The sites likely have no SSL cert. See my post above on how to get new certs for the sites.
thanks a lot, @till this is now working like a charm. (I had to delete all old certs and request new ones for each site) However, I now face another issue: Earlier today I installed PHP7.0 up to 8.3 following the instructions of https://shape.host/resources/how-to-install-multiple-versions-of-php-on-debian-with-ispconfig. Setup on the Debian 12 went fine and as of logging, all PHP versions are working. Once I added all the versions to ISPConfig, ispconfig got stuck with syncing the DB (the red balloon on the admin-page appeared and is still there, telling that running for 10 hours, now. The only point I found in the /var/log/ispconfig/cron.log: Code: Sun Dec 15 03:31:01 PM UTC 2024 PHP Fatal error: Uncaught Error: Call to undefined function mysqli_init() in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php:83 Sun Dec 15 03:31:01 PM UTC 2024 Stack trace: Sun Dec 15 03:31:01 PM UTC 2024 #0 /usr/local/ispconfig/server/lib/app.inc.php(76): db->__construct() Sun Dec 15 03:31:01 PM UTC 2024 #1 /usr/local/ispconfig/server/lib/app.inc.php(387): app->__construct() Sun Dec 15 03:31:01 PM UTC 2024 #2 /usr/local/ispconfig/server/cron.php(71): require('...') Sun Dec 15 03:31:01 PM UTC 2024 #3 {main} Sun Dec 15 03:31:01 PM UTC 2024 15.12.2024-15:31 - WARNING - There is already a lockfile set, but no process running with this pid (2077971). Continuing. Sun Dec 15 03:31:01 PM UTC 2024 thrown in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 83
So shape.host stole our tutorial https://www.howtoforge.com/ispconfig-php-debian/. Thank you for reporting their copyright violation. To fix your issue, follow Chapter 4 of the original Tutorial: https://www.howtoforge.com/ispconfig-php-debian/ If this does not fix it, go trough our tutorial step-by-step to confirm you installed all packages.
