Very begining steps after installation

Hi all,
I have a domain, example.com, with registered nameserver (ns1.example.com and ns2.example.com) pointing with glue records to the IP 111.222.333.444.
I have a VPS with this IP as network address. I have installed ISPConfig 3.1dev as mentioned in: The Perfect Server CentOS 7.3 with Apache, Postfix, Dovecot, Pure-FTPD, BIND and ISPConfig 3.1
This server is named server1.example.com and has to be the SOA of the domain.
I have imported a previously working zone for this domain:
--------------------------------------------------------------------------------------------------------------------
$ttl 1800
@ IN SOA example.com. hostmaster.example.com$
2017071502 ;Serial, todays date + todays serial #
1H ;Refresh
1H ;Retry
1W ;Expire
1H ;Minimum
)
;Nameservers
IN NS ns1.example.com.
IN NS ns2.example.com.

;Resolve Nameserver IPs
ns1 IN A 111.222.333.44
ns2 IN A 111.222.333.44

;Define hosts resolutions
@ IN A 111.222.333.44 ;ns1
@ IN A 111.222.333.44 ;ns2
mail IN A 111.222.333.44
ftp IN A 111.222.333.44

;MX records
example.com. IN MX 10 mail.example.com.

;CNAMEs
www IN CNAME @

;TXT Records
example.com. IN TXT "v=spf1 ip4:111.222.333.444 include:_spf.google$
-----------------------------------------------------------------------------------------------------------------------------------
This VPS it will have only this domain.

I have bought the ISPConfig Manual with the hope that I should find the first steps all ISPConfig installations needs but I couldn't find it.

If I try to test this example.com dns in places like leafdns.com I get:

ns1.example.com. 111.222.333.444 Glue:Yes TTL:172800
FAIL: Nameserver is not authoritative for example.com.
ns2.example.com. 111.222.333.444 Glue:Yes TTL:172800
FAIL: Nameserver is not authoritative for example.com.
What I have to do?.
Thanks.

 

Nobody knows?

 

Thanks Till. I was lost and I solved it with your suggestions.

For the future readers:
- When you create a DNS with the wizard the A record for the ns1 and ns2 nameservers are not setted automatically. You have to point the ns host to your ip adding a new A record per each ns you have. I have not been able to find this on the manual.
- I haven't been able to find the system.log file, that's because in CentOs has a different name, /var/log/messages.
- The named-checkzone only has worked when the zone was well configured.

I have it running so thanks again.

 

hi,
I am using debian 9 stretch. I have hostname -f command return the following

server1.mydomain.tld

Earlier, I have pointed out to my vps nameserver ns1.vultr.com ns2.vultr.com correctly. However under my vps control panel i have added following domain records.

A xx.xx.xx.xx 300
CNAME mydomain.tld 300
....

Is this correct ? I am asking this because I am getting "Your connection is not secure" when I visit the full hostname.
Advanced Button
server1.mydoman.tld:8080 uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER

Can you please help resolve this issue.

 

hi till,

I realised only now that I have posted in the linux forum instead of ispconfig forum. can you please move this there. sorry for the trouble.

since its ispconfig now i read some where that i should not mess with the certbot commands directly from command line.

the irony is that the domains i create for the customers (from the insecure ispconfig panel ) get ssl without problems. its only i have problem with the root top level ispconfig server1.mydomain.tld for which i dont have any control. So i guess I have begun with the wrong FQDN in the first name. (ie. mydomain.tld instead of server1.mydomain.tld).

Kindly advise.

 

hi till,
report taken before making changes suggested by you with php -q htf-common-issues.php:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] ISPConfig is installed.
[WARN] /usr/local/ispconfig/server/lib/config.inc.php is missing.

##### VERSION CHECK #####
[INFO] php (cli) version is 7.0.19-1

##### PORT CHECK #####
[WARN] Port 465 (SMTP server SSL) seems NOT to be listening

##### MAIL SERVER CHECK #####
[WARN] I found no "submission" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this.
[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####

[WARN] I could not determine which web server is running.
[WARN] I could not determine which mail server is running.
[WARN] I could not determine which pop3 server is running.
[WARN] I could not determine which imap server is running.
[WARN] I could not determine which ftp server is running.

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:3306        (-)
[localhost]:10027        (-)
[localhost]:11211        (-)
[anywhere]:110        (-)
[anywhere]:143        (-)
[anywhere]:21        (-)
***.***.***.***:53        (-)
[localhost]:53        (-)
[anywhere]:22        (-)
[anywhere]:25        (-)
[localhost]:953        (-)
[anywhere]:993        (-)
[anywhere]:995        (-)
[localhost]:10023        (-)
[localhost]:10025        (-)
[localhost]10        (-)
[localhost]43        (-)
*:*:*:*::*:80        (-)
*:*:*:*::*:8080        (-)
*:*:*:*::*:8081        (-)
*:*:*:*::*:21        (-)
*:*:*:*::*:53        (-)
*:*:*:*::*:22        (-)
*:*:*:*::*:25        (-)
*:*:*:*::*:953        (-)
*:*:*:*::*:443        (-)
*:*:*:*::*:993        (-)
*:*:*:*::*:995        (-)
*:*:*:*::*:10023        (-)
##### IPTABLES #####

since i followed the steps mentioned in perfect server debian ispconfig exactly, now i needed to change only one file /etc/hostname to:

Code:

server1.mydomain.tld

instead of:

Code:

server1

so hostname -f still outputs to:

Code:

server1.mydomain.tld

after making the changes you suggested, still i have https "connections not secure error". do you have any ideas for me to try?

 

hi till,

just realised the report i generated with php -q htf-common-issues.php is super useless because there was no preceding sudo before it. so i regenerated it now with preceding sudo. Please take a look.

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1.7p1

##### VERSION CHECK #####
[INFO] php (cli) version is 7.0.19-1

##### PORT CHECK #####
[WARN] Port 465 (SMTP server SSL) seems NOT to be listening

##### MAIL SERVER CHECK #####
[WARN] I found no "submission" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this.
[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####
[INFO] I found the following web server(s):
   Apache 2 (PID 17249)
[INFO] I found the following mail server(s):
   Postfix (PID 976)
[INFO] I found the following pop3 server(s):
   Dovecot (PID 518)
[INFO] I found the following imap server(s):
   Dovecot (PID 518)
[INFO] I found the following ftp server(s):
   PureFTP (PID 886)

##### LISTENING PORTS #####
(only     ()
Local     (Address)
[localhost]:3306     (716/mysqld)
[localhost]:10027     (976/master)
[localhost]:11211     (466/memcached)
[anywhere]:110     (518/dovecot)
[anywhere]:143     (518/dovecot)
[anywhere]:21     (886/pure-ftpd)
***.***.***.***:53     (461/named)
[localhost]:53     (461/named)
[anywhere]:22     (480/sshd)
[anywhere]:25     (976/master)
[localhost]:953     (461/named)
[anywhere]:993     (518/dovecot)
[anywhere]:995     (518/dovecot)
[localhost]:10023     (755/postgrey)
[localhost]:10025     (976/master)
[localhost]10     (518/dovecot)
[localhost]43     (518/dovecot)
*:*:*:*::*:80     (17249/apache2)
*:*:*:*::*:8080     (17249/apache2)
*:*:*:*::*:8081     (17249/apache2)
*:*:*:*::*:21     (886/pure-ftpd)
*:*:*:*::*:53     (461/named)
*:*:*:*::*:22     (480/sshd)
*:*:*:*::*:25     (976/master)
*:*:*:*::*:953     (461/named)
*:*:*:*::*:443     (17249/apache2)
*:*:*:*::*:993     (518/dovecot)
*:*:*:*::*:995     (518/dovecot)
*:*:*:*::*:10023     (755/postgrey)

Left iptables because i am exceeding the forum number of lines limit.
Sorry for the trouble.

 

hi till,
many thanks for your reply. i made the changes proposed by you. i have attached
the full htf_report.txt

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1.7p1

##### VERSION CHECK #####
[INFO] php (cli) version is 7.0.19-1

##### PORT CHECK #####

##### MAIL SERVER CHECK #####

##### RUNNING SERVER PROCESSES #####
[INFO] I found the following web server(s):
   Apache 2 (PID 819)
[INFO] I found the following mail server(s):
   Postfix (PID 1082)
[INFO] I found the following pop3 server(s):
   Dovecot (PID 586)
[INFO] I found the following imap server(s):
   Dovecot (PID 586)
[INFO] I found the following ftp server(s):
........

hostname -f

Code:

mydomain.tld

hostname -s

Code:

mydomain

/etc/hosts (previous reference of server1 is commented out)

Code:

127.0.0.1   localhost
#xx.xx.xx.xx  server1.mydomain.tld  server1
xx.xx.xx.xxx  mydomain.tld  server1

# The following lines are desirable for IPv6 capable hosts
::1  localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

#127.0.0.1 server1
#::1  server1

ifconfig (please note there is no eth0. i hope that is ok)

Code:

ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
  inet xx.xx.xx.xx netmask xxx.xxx.xxx.x  broadcast xx.xx.xx.xxx
  inet6 fe80::5400:1ff:fe38:b731  prefixlen 64  scopeid 0x20<link>
  ether 56:00:01:38:b7:31  txqueuelen 1000  (Ethernet)
  RX packets 968  bytes 143264 (139.9 KiB)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 899  bytes 106494 (103.9 KiB)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
  inet 127.0.0.1  netmask 255.0.0.0
  inet6 ::1  prefixlen 128  scopeid 0x10<host>
  loop  txqueuelen 1  (Local Loopback)
  RX packets 10  bytes 478 (478.0 B)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 10  bytes 478 (478.0 B)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Please advise what is wrong with resolving the server name.

Note: You are correct on the master.cf me forgetting to uncomment. I was more fixated with the -o lines

 

hi till,
do you want to me to a fresh install after doing the hostname fix, you proposed ?

 

Hi Till,

got frustrated a bit and reinstalled the Debian Stretch Custom 64-bit net install CD.
1) Did a minimal server setup and then ran the Servisys script. Everything went well, except the last message after successful installation !?

Code:

You had to edit user/pass /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php of roudcube user, as the one you inserted in ISPconfig

2) no errors on the htf_report as well.

3) Again no padlock for me at https://server1.mydomain.tld:8080

4) also i am not able to the outside world but sending mail to myself works correctly.

Please advise.

BTW: I am on DNS (no static IP), is it OK?

 

hi till,

ned your suggestions and help on this please.

thanks.

 

I do not know what the servisys script does to HTTPS, but HTTPS should work for the ISPConfig control panel if the usual ispconfig install is told to create a self signed certificate. Although the browser must be told to trust the certificate. Since Let's Encrypt is installed by the servisys script, it is possible to use that to get a certificate that browsers trust. See for example this thread: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/
About sending mails: Does the mail server have an IP address that resolves back to the host name? Check like this:

Mail servers receiving mail from your server quite likely are checking the IP resolves back to the hostname the sending server claims to be.

 

Hi Taleman,

Thanks,

AA)

Code:

[email protected]:~$ host mail.myvhost.tld
mail.myvhost.tld is an alias for myvhost.tld
myvhost.tld has address xx.xx.xxx.xxx
myvhost.tld mail is handled by 10 myvhost.tld
[email protected]:~$ host xx.xx.xxx.xxx
132.177.76.45.in-addr.arpa domain name pointer xx.xx.xx.xxx.vultr.com.

Note: xx.xx.xxx.xxx is the dynamic ip assigned to my vultr.com account. I did not like the vultr.com suffix at the end of my ip. is it Ok ?

BB)
seems servisys script does not install certbot. so i did it only now.

Code:

sudo apt-get install certbot

Now how to rectify the no pad lock ssl problem.

 

hello all,
bumping this again :-(