Hello, To try to understand the issue I posted to ISPConfig GitLab which comes from my installation (which worked before) I made a resync of websites. The problem is now, SSL is just ignored, no directives in nginx vhosts files. Yesterday I had no problem and I don't see what I could have do to make this issue beginning; I tried to create a new test website where I checked SSL (without letsencrypt certificate) and no SSL directives were added. I updated to the latest git-stable version (even if I don't see what it could change) without success, SSL is still ignored. I have no errors in the log, nginx-t returns OK. What could cause this kind of issue? What more should I do to investigate this issue? I use Debian Buster
That's to be expected as SSL gets activated in the vhost when there is an SSL certificate as Nginx will not start otherwise if you would add SSL config to the vhost without having a certificate. See SSL tab of the website, there you can create a self-signed cert or add an existing one. That's all described in the ISPConfig manual in detail. And if you want to investigate things, then use debug mode: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
Hello, Thanks for your answer. I disabled SSL for a domain, and reenabled it and have that: Code: # /usr/local/ispconfig/server/server.sh 31.07.2019-14:45 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 31.07.2019-14:45 - DEBUG - Found 1 changes, starting update process. 31.07.2019-14:45 - DEBUG - Calling function 'ssl' from plugin 'nginx_plugin' raised by event 'web_domain_update'. 31.07.2019-14:45 - DEBUG - Calling function 'update' from plugin 'nginx_plugin' raised by event 'web_domain_update'. chattr: Aucun fichier ou dossier de ce type while trying to stat chattr -i ? chattr: Aucun fichier ou dossier de ce type while trying to stat chattr +i ? df: 'df -T ?|awk '\''END{print $2,$NF}'\''': Aucun fichier ou dossier de ce type chattr: Aucun fichier ou dossier de ce type while trying to stat chattr -i ? 31.07.2019-14:45 - DEBUG - chmod failed: /var/www/clients/client3/web26 : 493 31.07.2019-14:45 - DEBUG - chown failed: /var/www/clients/client3/web26 : root 31.07.2019-14:45 - DEBUG - chgrp failed: /var/www/clients/client3/web26 : root chattr: Aucun fichier ou dossier de ce type while trying to stat chattr +i ? 31.07.2019-14:45 - DEBUG - Create Let's Encrypt SSL Cert for: progaccess.net 31.07.2019-14:45 - DEBUG - Let's Encrypt SSL Cert domains: --domains progaccess.net --domains www.progaccess.net --domains progaccess33.net --domains www.progaccess33.net 31.07.2019-14:45 - DEBUG - LE version is 0.31.0, so using certificates command 31.07.2019-14:45 - DEBUG - exec: /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --webroot-map '{"progaccess.net":"\/usr\/local\/ispconfig\/interface\/acme","www.progaccess.net":"\/usr\/local\/ispconfig\/interface\/acme","progaccess33.net":"\/usr\/local\/ispconfig\/interface\/acme","www.progaccess33.net":"\/usr\/local\/ispconfig\/interface\/acme"}' Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal Keeping the existing certificate 31.07.2019-14:45 - DEBUG - LE CERT OUTPUT: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 31.07.2019-14:45 - DEBUG - LE CERT OUTPUT: Found the following matching certs: 31.07.2019-14:45 - DEBUG - LE CERT OUTPUT: Certificate Name: progaccess.net 31.07.2019-14:45 - DEBUG - LE CERT OUTPUT: Domains: progaccess.net progaccess33.net www.progaccess.net www.progaccess33.net 31.07.2019-14:45 - DEBUG - LE CERT OUTPUT: Expiry Date: 2019-10-29 11:38:15+00:00 (VALID: 89 days) 31.07.2019-14:45 - DEBUG - LE CERT OUTPUT: Certificate Path: /etc/letsencrypt/live/progaccess.net/fullchain.pem 31.07.2019-14:45 - DEBUG - Found LE path: /etc/letsencrypt/live/progaccess.net/fullchain.pem 31.07.2019-14:45 - DEBUG - Let's Encrypt Cert file: /etc/letsencrypt/live/progaccess.net/fullchain.pem exists. ln: impossible de créer le lien symbolique '/etc/letsencrypt/live/progaccess.net/privkey.pem': Le fichier existe ln: impossible de créer le lien symbolique '/etc/letsencrypt/live/progaccess.net/fullchain.pem': Le fichier existe ln: impossible de créer le lien symbolique '/etc/letsencrypt/live/progaccess.net/chain.pem': Le fichier existe 31.07.2019-14:45 - DEBUG - SSL Disabled. progaccess.net 31.07.2019-14:45 - DEBUG - Add server alias: progaccess33.net 31.07.2019-14:45 - DEBUG - Add server alias: pa33netki3kw4kjk.onion 31.07.2019-14:45 - DEBUG - Writing the vhost file: /etc/nginx/sites-available/progaccess.net.vhost 31.07.2019-14:45 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.3/fpm/pool.d/web26.conf 31.07.2019-14:45 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'. 31.07.2019-14:45 - DEBUG - Restarting php-fpm: systemctl reload php7.3-fpm.service 31.07.2019-14:45 - DEBUG - Processed datalog_id 9524 31.07.2019-14:45 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 31.07.2019-14:45 - DEBUG - Checking nginx configuration... 31.07.2019-14:45 - DEBUG - nginx configuration ok! 31.07.2019-14:45 - DEBUG - Restarting httpd: systemctl reload nginx.service 31.07.2019-14:45 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished. There are some file operations which are in error, when these directories exist. When I disabled, I also had these errors about chown, chmod and chattr. But SSL was disabled. And i checked, /var/www/clients/client3/web26 exists. It looks like very strange and I really don't see why these errors occur. What did I wrong?
That's a current issue in the git code. Do a manual update of ISPConfig on your system by using the last released version 3.1.14p2 to get back to stable version. Then delete this website as it's broken and create it again.
Tese are the errors I have when disabling SSL: Code: # /usr/local/ispconfig/server/server.sh 31.07.2019-15:09 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 31.07.2019-15:09 - DEBUG - Found 1 changes, starting update process. 31.07.2019-15:09 - DEBUG - Calling function 'ssl' from plugin 'nginx_plugin' raised by event 'web_domain_update'. 31.07.2019-15:09 - DEBUG - Calling function 'update' from plugin 'nginx_plugin' raised by event 'web_domain_update'. chattr: Aucun fichier ou dossier de ce type while trying to stat chattr -i ? chattr: Aucun fichier ou dossier de ce type while trying to stat chattr +i ? df: 'df -T ?|awk '\''END{print $2,$NF}'\''': Aucun fichier ou dossier de ce type chattr: Aucun fichier ou dossier de ce type while trying to stat chattr -i ? 31.07.2019-15:09 - DEBUG - chmod failed: /var/www/clients/client3/web26 : 493 31.07.2019-15:09 - DEBUG - chown failed: /var/www/clients/client3/web26 : root 31.07.2019-15:09 - DEBUG - chgrp failed: /var/www/clients/client3/web26 : root chattr: Aucun fichier ou dossier de ce type while trying to stat chattr +i ? 31.07.2019-15:09 - DEBUG - SSL Disabled. progaccess.net 31.07.2019-15:09 - DEBUG - Add server alias: progaccess33.net 31.07.2019-15:09 - DEBUG - Add server alias: pa33netki3kw4kjk.onion 31.07.2019-15:09 - DEBUG - Writing the vhost file: /etc/nginx/sites-available/progaccess.net.vhost 31.07.2019-15:09 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.3/fpm/pool.d/web26.conf 31.07.2019-15:09 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'. 31.07.2019-15:09 - DEBUG - Restarting php-fpm: systemctl reload php7.3-fpm.service 31.07.2019-15:09 - DEBUG - Processed datalog_id 9525 31.07.2019-15:09 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 31.07.2019-15:09 - DEBUG - Checking nginx configuration... 31.07.2019-15:09 - DEBUG - nginx configuration ok! 31.07.2019-15:09 - DEBUG - Restarting httpd: systemctl reload nginx.service 31.07.2019-15:09 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished.
When you talk about stable, so "stable" in the installer? I read on this forum it has its importence. EDIT: OK, re-installed "stable" after reading your message with more attention A resync made the job right, I like this function, maybe abusing a little of it :$ Thanks a lot for your help.
With stable I mean the release that is listed as stable at ispconfig.org, I mentioned the version number in my answer. But you can also update to git-stable now again (which is the dev version from ISPconfig) as the problem has been fixed in the meantime. Dev versions, the one you upgraded to, are under constant development so they may contain bugs or may not work from time to time when large chunks of code get merged as we did yesterday evening.
Resync is a function to be used on server migrations and Linux Distribution upgrades. It is not required when you use your server regularly and it should not be used regularly. It has the potential to break all sites of your server at once and it causes outages of your sites when using it.