Comments on The Perfect Server - Ubuntu 16.10 (Yakkety Yak) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.1

Great guide as always. What about a guide for Ubuntu 16.04 with nginx, PHP7-FPM, Roundcube, MariaDB?

Thank you.

apt-get -y install certbot looks like an instruction for debian 8 jessie, not working for me in ubuntu 16

The instruction is for Ubuntu 16.10. Maybe you use the wrong version of this tutorial? The above tutorial is for Ubuntu 16.10 and not 16.04, the certbot package exists in the Ubuntu repo for 16.10 but not 16.04. If you use Ubuntu 16.04, then please use this tutorial https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/ which contains different installation instructions for certbot and other packages.

I used this guide and migrated all my domains to it and could not be more PLEASED! 

Hi. Firstly, this is a VERY nice tutorial. Got my system up in no time :) There are a couple questions, and I am not sure if I missed something. Wehn I log into my ISPconfig panel (and any clients for that fact) there is a certificate error. Also when people try to connect to mail, via POP3 with a m,ail program a certificate error occurs too. What can I do? How do I fix this ? I tried turning on Let's Encrypt to no effect. I tried creating certificate in SSL settings in sites, to no effect. What am I doing wrong ?

Thanks in advance. Ando

root@vps265926:~# apt-get -y install certbotReading package lists... DoneBuilding dependency treeReading state information... DoneE: Unable to locate package certbot

You use the wrong Ubuntu version. That's explained already above, see comment from Radu Costin and my answer.

Hi, please give the root password please! howtoforge dosen't work

The password is howtoforge, see last chapter of the tutorial. But on Ubuntu, you login as administrator first, then use sudo to beome root.

Great guide, but why use ntp/ntpdate when I have already a timeserver installed?

"In recent Ubuntu releases timedatectl replaces ntpdate. By default timedatectl syncs the time once on boot and later on uses socket activation to recheck once network connections become active.

If ntpdate / ntp is installed timedatectl steps back to let you keep your old setup. That shall ensure that no two time syncing services are fighting and also to retain any kind of old behaviour/config that you had through an upgrade. But it also implies that on an upgrade from a former release ntp/ntpdate might still be installed and therefore renders the new systemd based services disabled."

Regards Mike

I don't see amavis on port 10024. All the conf is set up for 10024; however, `netstat -lp` has no `localhost:10024` entry. I'm seeing this issue when cron sends email to `root`, which is expanded to `[email protected]`. I get `Undelivered Mail Returned to Sender` with `<[email protected]> (expanded from <root>): connect to 127.0.0.1[127.0.0.1]:10024: Connection refused`.

`systemctl status amavis.service` will help debug this.

Till,

I think the spamassassin section needs additional steps to enable rule updating.

`vim /etc/default/spamassassin` - change value of cron to 1 `CRON=1`

For some reason, spamassassin installation sets the owner:group to root:root, so the rule update fails. A fix is `sudo chown -R debian-spamd:debian-spamd /var/lib/spamassassin/3.004001`

If you want to get notified of rule updates as a result of the cron job, `vim /etc/init/cron.conf` and change the exec line to `exec cron -L 7`.

There is a bug in `/etc/spamassassin/sa-update-hooks.d/amavisd-new`, which can be fixed by passing $1 to the function (`check_status $1 || exit`).

`/etc/cron.daily/spamassassin` is designed for systems that runs the spamassassin deamon; however, ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so the reload function needs to be changed.

```reload() {

    # Reload

    if which invoke-rc.d >/dev/null 2>&1; then

        invoke-rc.d spamassassin reload > /dev/null

    else

        /etc/init.d/spamassassin reload > /dev/null

    fi

    if [ -d /etc/spamassassin/sa-update-hooks.d ]; then

        run-parts --lsbsysinit --verbose --arg '-v' /etc/spamassassin/sa-update-hooks.d

    fi

}```

Also, you will want to add a `-v` to the update e.g. `--exec /usr/bin/sa-update -- -v \`

I have followed this guide word by word, including the installation of a minimal ubuntu 16.10 server and it ended in a disaster.

I was able to set up most everything without an issue but the ISPConfig does not work at all. It is impossible to have browsers work with the generated SSL certificate but beyond that, I get an INTERNAL SERVER ERROR at ISPConfig port when configured without SSL.

Apache Log says mod_fcgid: error reading data from FastCGI server

Considering that this is a virgin setup, everything being installed as instructed on a minimal server, I can not help but conclude that the ISPConfig package configures everything else correctly but itself!

You must have missed something from the guide, I did this setup yesterday and ISPConfig works without issues.

The generated SSL cert is a so called self-signed SSL cert and it works in all browser, you just have to accept the warning that you get in the browser. When a port is configured with SSL, then you can not use it without SSL, so trying to access it with http makes not much sense. Please post your issue in the ISPConfig forum so we can help you to find out why your setup fails.

If you get "not supported in kernel" upon runnig "quotaon -avug", do:

check kernel version with:

uname -r

Then do, replacing version number of the package:

apt-get install linux-image-extra-4.4.0-63-generic modprobe quota_v2 modprobe quota_v1

I think 

apt-get -y install certbot

is changed to

apt-get install letsencrypt

I have followed these instructions to the letter and I keep getting stuck at:

"echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root"

where I get:

"ERROR 1698 (28000): Access denied for user 'root'@'localhost'"

I am using sudo where needed!

Does it make a difference that I am using SSL to access?

Any help would be appreciated!

Thank you

Yenco

ERROR: Module suexec does not exist!

Either you use a different Ubuntu version and not 16.10 or the /etc/apt/sources.list file does not contain the lines as described in the tutorial.

Hit below after answering all questions for ispconfig instll it fails just after the RSA step.

PHP Parse error:  syntax error, unexpected 'if' (T_IF), expecting function (T_FUNCTION) in /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php on line 1189

Seem to hit this on both the 16.04 and 16.10 walkthroughs.  Im sure I must be missing something here.  Please assist.

Just download ISPConfig again and install it.