Debian 10 Multiserver setup

Discussion in 'Installation/Configuration' started by chief, Mar 22, 2021.

  1. chief

    chief Member HowtoForge Supporter

    yes, i created a test.txt file and put text inside. then accessed by mobile phone that extension, something like http://panel.tlwebservices.co.uk/.well-known/acme-challenge/test.txt and it worked showing me text entered..
    and no, i have reformatted it like 3 or 4 times since trying different things.
    usual saying - Hurry up and wait!!!
     
  2. chief

    chief Member HowtoForge Supporter

    Till, im going to install a fresh copy and then check the cert before doing anything else
     
  3. chief

    chief Member HowtoForge Supporter

    So, have done so.. wipe, setup partitions etc..
    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system
    installer runs and says done, i try logging in. have not done anything else at all... states "invalid cert.."
    try it
    Code:
    https://panel.tlwebservices.co.uk:8080/
     
  4. Chris_UK

    Chris_UK Active Member HowtoForge Supporter


    That is still a self signed certificate.

    Where is your dns hosted? fast hosts or on your own private name servers?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    If you don't post the installer output and the installer log file, then it's not easy to say why your hostname could not be verified.
     
    Chris_UK likes this.
  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Also it seems that you have been using the same FQDN in this experiment, though you should also note that LE put some limits for requesting the FQDN again and again.

    Best way to identify your problem is by checking the installer log as mentioned above.
     
    chief likes this.
  7. chief

    chief Member HowtoForge Supporter

    fast hosts
     
  8. chief

    chief Member HowtoForge Supporter

    I have to use fast hosts DNS to start with as the dns servers arent built or tied in to ispconfig as yet
     
  9. chief

    chief Member HowtoForge Supporter

    running the clean install now

    Code:
    setup-log
    13.08.2021-16:45:45 - /lib/os/class.ISPConfigDebianOS.inc.php:523: [INFO] Checking hostname.
    13.08.2021-16:45:45 - /lib/os/class.ISPConfigDebianOS.inc.php:284: [INFO] Enabling contrib and non-free repositories.
    13.08.2021-16:45:47 - /lib/os/class.ISPConfigDebianOS.inc.php:555: [INFO] Updating packages
    13.08.2021-16:45:47 - /lib/os/class.ISPConfigDebianOS.inc.php:559: [INFO] Updated packages
    13.08.2021-16:45:47 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
    13.08.2021-16:45:59 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
    13.08.2021-16:45:59 - /lib/os/class.ISPConfigDebianOS.inc.php:302: [INFO] Activating GoAccess repository.
    13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:606: [INFO] Updating packages (after enabling 3rd party repos).
    13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:610: [INFO] Updated packages
    13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:677: [INFO] Default shell is currently dash.
    13.08.2021-16:46:01 - /lib/os/class.ISPConfigDebianOS.inc.php:679: [INFO] Setting bash as default shell.
    13.08.2021-16:46:02 - /lib/os/class.ISPConfigDebianOS.inc.php:688: [INFO] Default shell is now bash.
    13.08.2021-16:46:02 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
    13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
    13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebianOS.inc.php:732: [INFO] Generating mySQL password.
    13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebian10OS.inc.php:9: [INFO] Writing MySQL config files.
    13.08.2021-16:46:42 - /lib/os/class.ISPConfigDebianOS.inc.php:802: [INFO] Restarting postfix
    13.08.2021-16:46:46 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
    13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
    13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:835: [INFO] (Re)starting Bind.
    13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:839: [INFO] Disabling spamassassin daemon.
    13.08.2021-16:47:10 - /lib/os/class.ISPConfigDebianOS.inc.php:864: [INFO] Checking local dns resolver.
    13.08.2021-16:47:11 - /lib/os/class.ISPConfigDebianOS.inc.php:870: [WARN] Unexpected resolver response: Server:       79.79.79.77
    13.08.2021-16:47:11 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    13.08.2021-16:47:16 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    13.08.2021-16:47:16 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
    13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
    13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:956: [INFO] Disabling conflicting apache modules.
    13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:964: [INFO] Enabling apache modules.
    13.08.2021-16:47:47 - /lib/os/class.ISPConfigDebianOS.inc.php:972: [INFO] Enabling default PHP-FPM config.
    13.08.2021-16:47:48 - /lib/os/class.ISPConfigDebian10OS.inc.php:52: [INFO] Setting default system php version.
    13.08.2021-16:47:48 - /lib/os/class.ISPConfigDebian10OS.inc.php:125: [INFO] Installing package phpmyadmin
    13.08.2021-16:47:50 - /lib/os/class.ISPConfigDebianOS.inc.php:1001: [INFO] HTTPoxy config.
    13.08.2021-16:47:50 - /lib/os/class.ISPConfigDebianOS.inc.php:1017: [INFO] Installing acme.sh (Let's Encrypt).
    13.08.2021-16:47:53 - /lib/os/class.ISPConfigDebianOS.inc.php:1023: [INFO] acme.sh (Let's Encrypt) installed.
    13.08.2021-16:47:53 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    13.08.2021-16:48:21 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    13.08.2021-16:48:21 - /lib/os/class.ISPConfigDebianOS.inc.php:1083: [INFO] Adding quota to fstab.
    13.08.2021-16:48:22 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
    13.08.2021-16:48:31 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
    13.08.2021-16:48:31 - /lib/os/class.ISPConfigDebianOS.inc.php:1116: [INFO] Enabling TLS for pureftpd
    13.08.2021-16:48:31 - /lib/os/class.ISPConfigDebianOS.inc.php:1141: [INFO] Disabling awstats cron.
    13.08.2021-16:48:40 - /lib/os/class.ISPConfigDebianOS.inc.php:498: [INFO] Installing packages fail2ban, ufw
    13.08.2021-16:48:47 - /lib/os/class.ISPConfigDebianOS.inc.php:501: [INFO] Installed packages fail2ban, ufw
    13.08.2021-16:48:48 - /lib/os/class.ISPConfigDebianOS.inc.php:223: [INFO] Fixing dbconfig-common if neccessary
    13.08.2021-16:48:48 - /lib/os/class.ISPConfigDebianOS.inc.php:1194: [INFO] Installing ISPConfig3.
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1301: [INFO] Adding php versions to ISPConfig.
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1329: [INFO] Checking all services are running.
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] mysql: OK</green>
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] clamav-daemon: OK</green>
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] postfix: OK</green>
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] bind9: OK</green>
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] pureftpd: OK</green>
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1363: [INFO] apache2: OK</green>
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1370: [INFO] Installation ready.
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1376: [INFO] Your ISPConfig admin password is: ................
    13.08.2021-16:49:12 - /lib/os/class.ISPConfigDebianOS.inc.php:1378: [INFO] Your MySQL root password is: ...................
    13.08.2021-16:49:12 - /lib/class.ISPConfig.inc.php:374: [INFO] Warning:</lightred> Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!
     
    Last edited: Aug 13, 2021
  10. chief

    chief Member HowtoForge Supporter

    I know and found out 3 days ago
     
  11. chief

    chief Member HowtoForge Supporter

    output of installer
    Code:
    [email protected]:/tmp# wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system
    --2021-08-13 16:44:32--  https://get.ispconfig.org/
    Resolving get.ispconfig.org (get.ispconfig.org)... 104.26.10.246, 104.26.11.246, 172.67.75.112, ...
    Connecting to get.ispconfig.org (get.ispconfig.org)|104.26.10.246|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2004 (2.0K) [application/octet-stream]
    Saving to: ‘STDOUT’
    
    -                                     100%[========================================================================>]   1.96K  --.-KB/s    in 0s     
    
    2021-08-13 16:44:32 (56.4 MB/s) - written to stdout [2004/2004]
    
    PHP cli missing, trying to install.
    Selecting previously unselected package libsodium23:amd64.
    (Reading database ... 35815 files and directories currently installed.)
    Preparing to unpack .../0-libsodium23_1.0.17-1_amd64.deb ...
    Unpacking libsodium23:amd64 (1.0.17-1) ...
    Selecting previously unselected package psmisc.
    Preparing to unpack .../1-psmisc_23.2-1_amd64.deb ...
    Unpacking psmisc (23.2-1) ...
    Selecting previously unselected package php-common.
    Preparing to unpack .../2-php-common_2%3a69_all.deb ...
    Unpacking php-common (2:69) ...
    Selecting previously unselected package php7.3-common.
    Preparing to unpack .../3-php7.3-common_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-common (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-json.
    Preparing to unpack .../4-php7.3-json_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-json (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-opcache.
    Preparing to unpack .../5-php7.3-opcache_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-opcache (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-readline.
    Preparing to unpack .../6-php7.3-readline_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-readline (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-cli.
    Preparing to unpack .../7-php7.3-cli_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-cli (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php-cli.
    Preparing to unpack .../8-php-cli_2%3a7.3+69_all.deb ...
    Unpacking php-cli (2:7.3+69) ...
    Setting up libsodium23:amd64 (1.0.17-1) ...
    Setting up psmisc (23.2-1) ...
    Setting up php-common (2:69) ...
    Created symlink /etc/systemd/system/timers.target.wants/phpsessionclean.timer → /lib/systemd/system/phpsessionclean.timer.
    Setting up php7.3-common (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/calendar.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/ctype.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/exif.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/fileinfo.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/ftp.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/gettext.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/iconv.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/pdo.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/phar.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/posix.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/shmop.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sockets.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sysvmsg.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sysvsem.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sysvshm.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/tokenizer.ini with new version
    Setting up php7.3-opcache (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/opcache.ini with new version
    Setting up php7.3-json (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/json.ini with new version
    Setting up php7.3-readline (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/readline.ini with new version
    Setting up php7.3-cli (7.3.29-1~deb10u1) ...
    update-alternatives: using /usr/bin/php7.3 to provide /usr/bin/php (php) in auto mode
    update-alternatives: using /usr/bin/phar7.3 to provide /usr/bin/phar (phar) in auto mode
    update-alternatives: using /usr/bin/phar.phar7.3 to provide /usr/bin/phar.phar (phar.phar) in auto mode
    
    Creating config file /etc/php/7.3/cli/php.ini with new version
    Setting up php-cli (2:7.3+69) ...
    Processing triggers for man-db (2.8.5-2) ...
    Processing triggers for libc-bin (2.28-10) ...
    Selecting previously unselected package php7.3-mbstring.
    (Reading database ... 35998 files and directories currently installed.)
    Preparing to unpack .../php7.3-mbstring_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-mbstring (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php-mbstring.
    Preparing to unpack .../php-mbstring_2%3a7.3+69_all.deb ...
    Unpacking php-mbstring (2:7.3+69) ...
    Setting up php7.3-mbstring (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/mbstring.ini with new version
    Setting up php-mbstring (2:7.3+69) ...
    WARNING! This script will reconfigure your complete server!
    It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
    Type 'yes' if you really want to continue: yes
    [INFO] Starting perfect server setup for Debian GNU/Linux 10 (buster)
    [INFO] Checking hostname.
    [INFO] Enabling contrib and non-free repositories.
    [INFO] Updating packages
    [INFO] Updated packages
    [INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
    [INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
    [INFO] Activating GoAccess repository.
    [INFO] Updating packages (after enabling 3rd party repos).
    [INFO] Updated packages
    [INFO] Default shell is currently dash.
    [INFO] Setting bash as default shell.
    [INFO] Default shell is now bash.
    [INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
    [INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
    [INFO] Generating mySQL password.
    [INFO] Writing MySQL config files.
    [INFO] Restarting postfix
    [INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
    [INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
    [INFO] (Re)starting Bind.
    [INFO] Disabling spamassassin daemon.
    [INFO] Checking local dns resolver.
    [WARN] Unexpected resolver response: Server:       79.79.79.77 (/lib/os/class.ISPConfigDebianOS.inc.php:870)
    [INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    [INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    [INFO] Installing packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
    [INFO] Installed packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
    [INFO] Disabling conflicting apache modules.
    [INFO] Enabling apache modules.
    [INFO] Enabling default PHP-FPM config.
    [INFO] Setting default system php version.
    [INFO] Installing package phpmyadmin
    [INFO] HTTPoxy config.
    [INFO] Installing acme.sh (Let's Encrypt).
    [INFO] acme.sh (Let's Encrypt) installed.
    [INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    [INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    [INFO] Adding quota to fstab.
    [INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
    [INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
    [INFO] Enabling TLS for pureftpd
    [INFO] Disabling awstats cron.
    [INFO] Installing packages fail2ban, ufw
    [INFO] Installed packages fail2ban, ufw
    [INFO] Installing ISPConfig3.
    [INFO] Adding php versions to ISPConfig.
    [INFO] Checking all services are running.
    [INFO] mysql: OK
    [INFO] clamav-daemon: OK
    [INFO] postfix: OK
    [INFO] bind9: OK
    [INFO] pureftpd: OK
    [INFO] apache2: OK
    [INFO] Installation ready.
    
     
  12. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You probably need to add -debug to get the needed output.
     
    ahrasis likes this.
  13. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Okay, so if my understanding of how acme.sh works

    Request Cert
    >> DNS Challenge
    >>>> Pass: issue cert
    >>>> Fail: Move to Acme Challenge
    >> Acme Challenge
    >>>> Pass: Issue cert
    >>>> Fail: Revert to self signed

    So you are getting fails and reverting to self signed (Note you do not have to accept a self signed) pressing ctrl + c will exit our of the installer).

    So lets break it down:
    DNS challenge requires an LE record in your DNS zone file. When you are running ISPConfig multi server configuration, you likely will have two or more servers running DNS, bind probably. When this is the case ISPConfig handles the addition of the appropriate record. When you are using an external DNS host such as fast host, you have to handle the record creation manually.

    I forget now if there is an option in ispconfig/acme.sh to run manually in this way, but I do recall recently seeing some version of LE cert creation that allows for this exact scenario.

    Basically the request uses DNS challenge in interactive mode, what happens is you are prompted with the correct record to add to your DNS zone file. At this point it just waits for you to tell it to continue. So, you add the record to your zone, allow time for propagation and then instruct it to continue. Result should be dns challenge passes and you get a cert. I am not sure however where this falls for auto renewals whether the current record is sufficient for it to pass for renewal or a new record must be created each time. I am sorry to say I didn't dig that far into it as it wasn't suitable for my situation.

    Acme Challenge (http 01) requires an A record for the host in DNS that is pointing to the server that is requesting the certificate AND a website for the hostname to be accessible [on that same server] for example it is not going to work is server1 requests a cert but its hostname resolves to server2 [unless you use my work around but that should be considered the final resort when all other avenues are exhausted].

    Also, as ahrasis pointed out, LE rate limits certificate requests per host name. a fail, renew create all add to your request rate and you could already have hit the rate limit for the host name. If thats the case, you have two options. Well three but one is just to perform a dry run.

    Option 1: Wait for around a week (last i checked) and attempt your LE cert request again.
    Option 2: Use an alternate hostname. Lets say, control-panel.example.com

    Either of these will solve the rate limit issue. The dry run option just tests whether your current configuration will yield a successful request. If it does, you should probably just wait.
     
    Last edited: Aug 13, 2021
  14. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    As far as I know, acme.sh (and certbot) only uses one challenge type (eg. dns or http) at a time, and you must specify what it should use. The ISPConfig installer and runtime only support http method; you could use dns challenge for a certificate if you set it up manually (eg. install with a self-signed certificate, setup and request a certificate with dns challenge, then remove the self-signed certificate and replace with symlinks to or copies of the cert files you obtained via dns auth).
     
  15. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Firstly, I said you could ctrl + c out of the installer as I did here. Don't unless you want to begin a fresh installation including the server, I re-ran the installer and it failed likely due to attempting to reinstall mysql and not having ISPConfig completely configured at that point.

    In any case, you are correct
    It is an either or situation, its not failover as I thought it was. It makes sense though, performing a dns attempt would add an attempt needlessly.
    Code:
    Do you want to create SSL certs for your server? (y,n) [y]:
    
    Checking / creating certificate for dev.example.com
    Using certificate path /etc/letsencrypt/live/dev.example.com
    Server's public ip(s) (x.x.x.x) not found in A/AAAA records for dev.example.com: 127.0.1.1, 10.0.2.8
    Ignore DNS check and continue to request certificate? (y,n) [n]: y
    
    Using apache for certificate validation
    acme.sh is installed, overriding certificate path to use /root/.acme.sh/dev.example.com
    [Fri 13 Aug 18:00:50 UTC 2021] Please add '--debug' or '--log' to check more details.
    [Fri 13 Aug 18:00:50 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
    Could not issue letsencrypt certificate, falling back to self-signed.
    Generating a RSA private key
    ................................++++
    ...............................................................................................++++
    writing new private key to '/usr/local/ispconfig/interface/ssl/ispserver.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:^C
    [email protected]:/home/chris#
    
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    So there is very likely an issue in your A or AAAA record then. The ISPConfig installer determines your external IP and if there is no matching DNS record for it, then you get that warning that LE cert will probably not be issue by LE. You choose to ignore the warning, which is fine if you know that everything is correct, but as you can see a few lines later, this warning was correct as LE was not able to issue the cert due to the DNS record issue. So, check again your IPV4 and IPV6 records, might be that one of the points to a wrong system or e.g. you added a IPv6 record but IPv6 is not working.
     
    ahrasis likes this.
  17. chief

    chief Member HowtoForge Supporter

    thanks.
    so the dns..
    output of dig
    Code:
    bash-4.2$ dig panel.tlwebservices.co.uk
    
    ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> panel.tlwebservices.co.uk
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6022
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;panel.tlwebservices.co.uk.   IN   A
    
    ;; ANSWER SECTION:
    panel.tlwebservices.co.uk. 300   IN   A   212.159.153.2
    
    ;; Query time: 9 msec
    ;; SERVER: 79.79.79.77#53(79.79.79.77)
    ;; WHEN: Sat Aug 14 10:37:10 BST 2021
    ;; MSG SIZE  rcvd: 70
    
    set panel.tlswebservices to 212.159.153.2 and others, but panel for this. see image. verified with external check https://dnschecker.org/#A/panel.tlwebservices.co.uk and https://mxtoolbox.com/SuperTool.aspx?action=mx:tlwebservices.co.uk&run=toolpage
    So, dns is correct. im not using IPV6, i will investigate this next week and create AAAA records then.
    [​IMG]
    i can access the server with panel.tlwebservices.co.uk so it resolves on external devices, you have also connected. so dns must be right, other wise you wouldnt be able to connect.. i have only 7 entries in my dns, all are the hostnames of new servers untill all up and running them will impliment dns.tlwebservices.co.uk and point fast hosts to use them as name servers. -
    isnt this the correct way?
    so, now wiping again adding --debug to script. next post wil be output.

    thanks
     
    Last edited: Aug 14, 2021
  18. chief

    chief Member HowtoForge Supporter

    running script
    Code:
    [email protected]:~# wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system --debug
    --2021-08-14 10:03:25--  https://get.ispconfig.org/
    Resolving get.ispconfig.org (get.ispconfig.org)... 172.67.75.112, 104.26.11.246, 104.26.10.246, ...
    Connecting to get.ispconfig.org (get.ispconfig.org)|172.67.75.112|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2004 (2.0K) [application/octet-stream]
    Saving to: ‘STDOUT’
    
    -                                                    100%[=====================================================================================================================>]   1.96K  --.-KB/s    in 0s     
    
    
    2021-08-14 10:03:25 (65.1 MB/s) - written to stdout [2004/2004]
    
    PHP cli missing, trying to install.
    Selecting previously unselected package libsodium23:amd64.
    (Reading database ... 37684 files and directories currently installed.)
    Preparing to unpack .../0-libsodium23_1.0.17-1_amd64.deb ...
    Unpacking libsodium23:amd64 (1.0.17-1) ...
    Selecting previously unselected package psmisc.
    Preparing to unpack .../1-psmisc_23.2-1_amd64.deb ...
    Unpacking psmisc (23.2-1) ...
    Selecting previously unselected package php-common.
    Preparing to unpack .../2-php-common_2%3a69_all.deb ...
    Unpacking php-common (2:69) ...
    Selecting previously unselected package php7.3-common.
    Preparing to unpack .../3-php7.3-common_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-common (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-json.
    Preparing to unpack .../4-php7.3-json_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-json (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-opcache.
    Preparing to unpack .../5-php7.3-opcache_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-opcache (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-readline.
    Preparing to unpack .../6-php7.3-readline_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-readline (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php7.3-cli.
    Preparing to unpack .../7-php7.3-cli_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-cli (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php-cli.
    Preparing to unpack .../8-php-cli_2%3a7.3+69_all.deb ...
    Unpacking php-cli (2:7.3+69) ...
    Setting up libsodium23:amd64 (1.0.17-1) ...
    Setting up psmisc (23.2-1) ...
    Setting up php-common (2:69) ...
    Created symlink /etc/systemd/system/timers.target.wants/phpsessionclean.timer → /lib/systemd/system/phpsessionclean.timer.
    Setting up php7.3-common (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/calendar.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/ctype.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/exif.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/fileinfo.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/ftp.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/gettext.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/iconv.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/pdo.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/phar.ini with new version
    
    
    Creating config file /etc/php/7.3/mods-available/posix.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/shmop.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sockets.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sysvmsg.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sysvsem.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/sysvshm.ini with new version
    
    Creating config file /etc/php/7.3/mods-available/tokenizer.ini with new version
    Setting up php7.3-opcache (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/opcache.ini with new version
    Setting up php7.3-json (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/json.ini with new version
    Setting up php7.3-readline (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/readline.ini with new version
    Setting up php7.3-cli (7.3.29-1~deb10u1) ...
    update-alternatives: using /usr/bin/php7.3 to provide /usr/bin/php (php) in auto mode
    update-alternatives: using /usr/bin/phar7.3 to provide /usr/bin/phar (phar) in auto mode
    update-alternatives: using /usr/bin/phar.phar7.3 to provide /usr/bin/phar.phar (phar.phar) in auto mode
    
    Creating config file /etc/php/7.3/cli/php.ini with new version
    Setting up php-cli (2:7.3+69) ...
    Processing triggers for man-db (2.8.5-2) ...
    Processing triggers for libc-bin (2.28-10) ...
    Selecting previously unselected package php7.3-mbstring.
    (Reading database ... 37867 files and directories currently installed.)
    Preparing to unpack .../php7.3-mbstring_7.3.29-1~deb10u1_amd64.deb ...
    Unpacking php7.3-mbstring (7.3.29-1~deb10u1) ...
    Selecting previously unselected package php-mbstring.
    Preparing to unpack .../php-mbstring_2%3a7.3+69_all.deb ...
    Unpacking php-mbstring (2:7.3+69) ...
    Setting up php7.3-mbstring (7.3.29-1~deb10u1) ...
    
    Creating config file /etc/php/7.3/mods-available/mbstring.ini with new version
    Setting up php-mbstring (2:7.3+69) ...
    WARNING! This script will reconfigure your complete server!
    It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
    Type 'yes' if you really want to continue: yes
    [INFO] Starting perfect server setup for Debian GNU/Linux 10 (buster)
    [INFO] Checking hostname.
    [INFO] Enabling contrib and non-free repositories.
    [INFO] Updating packages
    [INFO] Updated packages
    [INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
    [INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, ntp
    [INFO] Activating GoAccess repository.
    [INFO] Updating packages (after enabling 3rd party repos).
    [INFO] Updated packages
    [INFO] Default shell is currently dash.
    [INFO] Setting bash as default shell.
    [INFO] Default shell is now bash.
    [INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
    [INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc, mariadb-client, mariadb-server, openssl, getmail4, rkhunter, binutils, sudo
    [INFO] Generating mySQL password.
    [INFO] Writing MySQL config files.
    [INFO] Restarting postfix
    [INFO] Installing packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
    [INFO] Installed packages software-properties-common, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, p7zip, p7zip-full, unrar-free, lrzip
    [INFO] (Re)starting Bind.
    [INFO] Disabling spamassassin daemon.
    [INFO] Checking local dns resolver.
    [WARN] Unexpected resolver response: Server:       79.79.79.77 (/lib/os/class.ISPConfigDebianOS.inc.php:870)
    [INFO] Installing packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    [INFO] Installed packages apache2, apache2-doc, apache2-utils, libapache2-mod-fcgid, apache2-suexec-pristine, libapache2-mod-python, libapache2-mod-passenger
    [INFO] Installing packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
    [INFO] Installed packages php-pear, php-memcache, php-imagick, php-gettext, mcrypt, imagemagick, libruby, memcached, php-apcu, php7.3, php7.3-common, php7.3-gd, php7.3-mysql, php7.3-imap, php7.3-cli, php7.3-curl, php7.3-intl, php7.3-pspell, php7.3-recode, php7.3-sqlite3, php7.3-tidy, php7.3-xmlrpc, php7.3-xsl, php7.3-zip, php7.3-mbstring, php7.3-soap, php7.3-opcache, php7.3-cgi, php7.3-fpm
    [INFO] Disabling conflicting apache modules.
    [INFO] Enabling apache modules.
    [INFO] Enabling default PHP-FPM config.
    [INFO] Setting default system php version.
    [INFO] Installing package phpmyadmin
    [INFO] HTTPoxy config.
    [INFO] Installing acme.sh (Let's Encrypt).
    [INFO] acme.sh (Let's Encrypt) installed.
    [INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    [INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
    [INFO] Adding quota to fstab.
    [INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
    [INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
    [INFO] Enabling TLS for pureftpd
    [INFO] Disabling awstats cron.
    [INFO] Installing packages fail2ban, ufw
    [INFO] Installed packages fail2ban, ufw
    [INFO] Installing ISPConfig3.
    [INFO] Adding php versions to ISPConfig.
    [INFO] Checking all services are running.
    [INFO] mysql: OK
    [INFO] clamav-daemon: OK
    [INFO] postfix: OK
    [INFO] bind9: OK
    [INFO] pureftpd: OK
    [INFO] apache2: OK
    [INFO] Installation ready.
    
     
  19. chief

    chief Member HowtoForge Supporter

    setup.log - too big for window.
    setup.log
     
  20. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Correct, there was no A/AAAA record because I was just testing how the cert part worked to post the results here.
     
    Last edited: Aug 16, 2021

Share This Page