Cluster upgrade to 3.0.5 - SSL error

Discussion in 'Installation/Configuration' started by SamTzu, Feb 26, 2013.

  1. SamTzu

    SamTzu Member HowtoForge Supporter

    After the 3.0.5 upgrade we get this error...

    Apache never required Cert password before the upgrade. Looks like I have to regenerate the keys.

    I found this instruction but it seems a little old.
    Any comments would be appreciated?

    http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This instructions are for ispconfig. 2 and not 3, so they dont apply to your issue.

    Did you create the ssl cert you used before with the ispconfig installer or id ou create it manually?
     
  3. SamTzu

    SamTzu Member HowtoForge Supporter

    I created it with ISPConfig.
    I probably should have chosen to re-create the SSL when it was asked.
    Is there a way to recreate them with ISPConfig?
    There seem to be no upgrade problems with other nodes that do not use SSL.
     
    Last edited: Feb 26, 2013
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Redo the update by using the manual update instructions from release notes, the updater will ask ou if the ssl cert shall be recreated.
     
  5. SamTzu

    SamTzu Member HowtoForge Supporter

    Mae Culpa.
    I just remembered that I did create our own Cert a year back and moved it to use port 443 so this is probably the reason why the root node SSL is down.

    I can't seem to find the command to re-create the Cert.

    This will not ask to recreate the cert nor will it allow to define the port.

    I redid the cert using this manual. Apache restarts now without asking a password.
     
    Last edited: Feb 26, 2013
  6. SamTzu

    SamTzu Member HowtoForge Supporter

    Certificate Upgrade script

    I just upgraded our cluster to 3.0.5.1 and I can now say with confidence that ispconfig_update.sh and php -q update.php scripts do NOT include the option to upgrade/modify Certificate or Control Panel TCP port :)8080) if the node in question does not have Apache enabled (like our primary node that has only ISPConfig Control panel in it and nothing else.)

    So if you get in trouble with the Certificate or TCP port number - your troubles are multiplied :)
     
  7. SamTzu

    SamTzu Member HowtoForge Supporter

    Here again. I can't get upgrade/modify Certificate question to show up in ispconfig_update.sh. After wheezy/jessie upgrade ISPconfig panel disappeared from port 8080. (ISP3 was using bought certificate and port 80 traffic was redirected to 8080.)
     
  8. SamTzu

    SamTzu Member HowtoForge Supporter

    There are no errors in any log. I can't figure this out. ispconfig.vhost seems normal but it does not seem to work. There are no port conflicts on 8080. How can debug why ISPconfig wont start?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    ISpconfig is not a daemon, so it can not be started. The ISPConfig interface is more or less a normal website which is served by either apache or nginx on your server. So you must have either apache or nginx installed on the system and then apache or ngnx has to be started to serve the ispconfig interface. If you use apache, then you should check that mod_fcgi is installed and enabled.
     
  10. SamTzu

    SamTzu Member HowtoForge Supporter

    You are right.
    Code:
    ERROR: Module mod_fcgi does not exist!
    Removal and re-installation of fcgi fixed the problem and Apache works fine but the ispconfig3_install update.php script still won't ask to reconfigure ISPconfig cert and neither port 8080 or port 8081 comes up.
     
    Last edited: Jul 27, 2016
  11. SamTzu

    SamTzu Member HowtoForge Supporter

    Figured out why ispconfig3_install script did not ask to upgrade certification. Because the ISPconfig cluster master server was not marked as a web_server (since it only has the ISPconfig panel running on it.) Even though Apache was running on it fine ISPconfig Database had a 0 marked on web_server and apparently ispconfig update script does not offer cert modification if it thinks there is no Apache server running (simple check on port 80 or 443 could tell that). Since Apache was running but ISPconfig did not come up on port 8080 I had to manually go to DB and change web_server status to 1 on panel host then re-run the update.php script to re-do ISPconfig cert. Now ISPconfig starts normally. There were several problems here. No errors on the logs. No possibility to re-do the cert without jumping trough some serious hoops.
     

Share This Page