Monit and ispconfig3.2

Discussion in 'Installation/Configuration' started by francoisPE, Oct 30, 2020.

  1. francoisPE

    francoisPE Member HowtoForge Supporter

    Hello,
    my conf ispc3.2, ubuntu 18.04, 2 servers
    I talk about Monit issue in another post but was not appropriate forum.
    I figure out the concern.
    Monit stop due to :
    "
    [email protected]:/etc/monit# service monit status
    ‚óŹ monit.service - LSB: service and resource monitoring daemon
    Loaded: loaded (/etc/init.d/monit; generated)
    Active: failed (Result: exit-code) since Wed 2020-10-28 23:21:58 CET; 1 day 16h ago
    Docs: man:systemd-sysv-generator(8)
    Process: 28570 ExecStop=/etc/init.d/monit stop (code=exited, status=0/SUCCESS)
    Process: 28577 ExecStart=/etc/init.d/monit start (code=exited, status=1/FAILURE)

    Oct 28 23:21:58 fpe1.dgtz.fr systemd[1]: Starting LSB: service and resource monitoring daemon...
    Oct 28 23:21:58 fpe1.dgtz.fr monit[28577]: * Starting daemon monitor monit
    Oct 28 23:21:58 fpe1.dgtz.fr monit[28577]: The SSL server PEM file '/etc/ssl/private/pure-ftpd.pem' permission 0750 is wrong, ma
    Oct 28 23:21:58 fpe1.dgtz.fr monit[28577]: /etc/monit/monitrc:11: SSL server PEM file permissions check failed 'check process '
    Oct 28 23:21:58 fpe1.dgtz.fr monit[28600]: The SSL server PEM file '/etc/ssl/private/pure-ftpd.pem' permission 0750 is wrong, ma
    Oct 28 23:21:58 fpe1.dgtz.fr monit[28600]: /etc/monit/monitrc:11: SSL server PEM file permissions check failed 'check process '
    Oct 28 23:21:58 fpe1.dgtz.fr monit[28577]: ...fail!
    Oct 28 23:21:58 fpe1.dgtz.fr systemd[1]: monit.service: Control process exited, code=exited status=1
    Oct 28 23:21:58 fpe1.dgtz.fr systemd[1]: monit.service: Failed with result 'exit-code'.
    Oct 28 23:21:58 fpe1.dgtz.fr systemd[1]: Failed to start LSB: service and resource monitoring daemon.

    [email protected]:/etc/monit# ld /etc/ssl/private/pure-ftpd.pem
    lrwxrwxrwx 1 root root 48 Oct 28 17:07 /etc/ssl/private/pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem
    "
    Then, I assume a daemon is modifying (creating ?) /usr/local/ispconfig/interface/ssl/ispserver.pem file as cat of .key and .crt, assigning too high permissions ! 750 instead of 700...

    if I do chmod 700 on /usr/local/ispconfig/interface/ssl/ispserver.pem and restart.
    It works but for few time ! up to daemon coming... ;-)

    Do you share ?
    Is there a simple workaround ?

    Thanks
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Either change the permissions of the file to what monit is expecting, or change monit's config so it expects the new (correct?) permissions.
     
  3. francoisPE

    francoisPE Member HowtoForge Supporter

    I did that and it works.
    But, permissions are modified when ispconfig .pem file is created : /usr/local/ispconfig/interface/ssl/ispserver.pem
    May be a cron job that creats this file (in a tuto I find : cat < {.key,.crt} > .pem)
    Do you know where is that creating with wrong permission job ?

    Definitely, I have no idea on how to do that !
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It might be the letsencrypt-post hook script (I can't check on this phone).

    Monit's config should be under /etc/monit/
     
  5. ahrasis

    ahrasis Well-Known Member

    I don't think so since there is nothing in there or in any of other LE hook scripts that touch any permissions since they were written or even after your fixes.

    My best guess is that he didn't remove the previous LE4ISPC setup prior to update to 3.2 which may disturb the process since it has different process if compared to 3.2 LE default setup.

    Edited: To note, the installer_base.lib.php is already designed to chmod the ispserver.pem file permission to 600.
     
    Last edited: Nov 1, 2020
  6. francoisPE

    francoisPE Member HowtoForge Supporter

    ok
    I restart my servers (again) because trying to move to ubuntu 20. I faced a crash !
    I will set up ubuntu 20 and see... this issue and database remote access issue
    Learning again and again...
    Thank you
     

Share This Page