Problem after grading to 3.0.4

Discussion in 'Installation/Configuration' started by zenny, Nov 8, 2011.

  1. zenny

    zenny Member

    As instructed by Till ( I am creating this new thread (similar to and

    Since ISPConfig 3.0.4 supports SNI, I upgraded but the upstream CentOS5 repository does not provide Apache above 2.2.12 and Openssl-0.9.8f upwards. So I manually compiled the binaries from source and upgraded to Apache 2.2.21 and 1 with backward compatibility to 0.9.8f.

    But when I tried to create a ssl certificate from the ISPCOnfig3 panel, it goes well but nothing seems to have been created as the SSL Certificate field not only remained blank, but the webserver died. Or I just missed something.

    The error log follows:

    Please note that in Centos5, I patched the libraries from Version 6 openssl.

    I saw this thread ( and to solve above problem, I tried with:

    1) replacing the httpd.conf from the previous installation, didn't work! :-(
    2) removing the NameVirutalhost:*.80 NameVirtualhost: *.443 and Include lines and changed the Directory to /var/www from default /var/www/html, the webserver starts, but gave me the default apache index pages to my domains.
    3) So I did 'php -q update' with new ssl certificate, but when it reconfigures services, the running webserver segfaults.
    4) Also tried to disable default certificates in /etc/httpd/conf.d/ssl.conf, but it prevents the server from starting.

    Any hints or help appreciated! Thanks!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess the problem is related to your new openssl / apache etc. packages and not to the uspconfig update. Have you tried to to create a new ssl cert manually to see if openssl works at all?
  3. zenny

    zenny Member

    Yes, I did create the ssl manaully by creating /etc/httpd/ssl directory and openssl works fine. Also made ssl related changes in the /etc/httpd/conf/sites-available/ispconfig.vhost, yet the server dies with the following log:

    Continue to dig the problem, anyway because this is in production server :-(
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The file /etc/httpd/conf/sites-available/ispconfig.vhost is managed by the ispconfig installer and should not be edited manually. So which exact changes did you do there that caused apache to fail?

    The messages in the log you posted are not related to ssl and they are no errors that may cause apache to fail.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    If a server fails due to a ssl certificate problem, then follow these steps to resolve that:

    1) Delete the symlink of the website where you enabled the ssl certificate in the sites-enabled directory.
    2) Start apache
    3) Login to ispconfig and idsable the ssl checkbox for the site and click save.

    Then you can create new ssl certificates in ispconfig. Almost all errors related to ssl certificate creation are caused by using any special chars in the ssl fields as openssl is picky about that and will not create a ssl cert then. Better use only characters a-z and 0-9.
  6. zenny

    zenny Member

    I followed to make the changes.

    Actually I tried to create a certificate for a virtual domain and it created problem.

    Your second reply above helped me to restart the httpd server. However, SNI/SSL does not seem to be working with the newly created certificate.

    /var/log/httpd/error.log states:

    and /var/log/httpd/ssl_error.log states almost nothing (last few lines among several):

    Just wondering how to make SNI work with a single IP to cater several ssl connections to virtual domains?
    Last edited: Nov 8, 2011
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats for ISPConfoig < 3.0.3 only (see first sentence of the guide), as ISPConfig 3.0.3 and later use different ssl paths and have the ssl cert creation included into the installer. Please undo the changes that you did in the ispconfig.vhost file.

    I posted you instructions to solve that above.
  8. zenny

    zenny Member

    While trying to fix the SNI stuffs, now the mailserver broke down with:

    :-( fyi
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    The dovecot auth socket is missing which normally means that dovecot is not running, try to restart dovecot and check the maillog for errors. The openssl library is used by many services on a system, so if you updated it this might break other applications that use openssl.
  10. zenny

    zenny Member

    nope, I am using courier-imap. and it is running:

    I also tried to remove the imap and pop certificates and recreated new in /usr/lib/courier-imap/share/ folder, but the problem persists. :-(
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Your server seems to be configured for dovecot though. Please post the output of:

    which dovecot

    Make a backup of the postfix file, search for the lines:

    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    and comment them out. Then searc for the line:

    virtual_transport = dovecot

    and change it to:

    virtual_transport = maildrop

    and then restart postfix.
  12. zenny

    zenny Member

    Thanks Till.

  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the errors from the maillog.
  14. zenny

    zenny Member

    # tail -n 20 /var/log/maillog
    #netstat -tap
    *Please note that the sendmail is running in a container, not host.
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    The log lines are ok, no errors. Pleases end a email to your server and then check which error gest logged in the maillog.
  16. zenny

    zenny Member

    I tried to send an email to the server from outside and this is what I am repeatedly getting:

    # tail -f /var/log/maillog
    But the mail from outside is never delivered! :-(
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    The mail from outsude never reached your server. According to the logfile, no external system tried to contact your server. You should check your dns records and firewall.
  18. zenny

    zenny Member

    I will check the DNS records. But it was a working system before I upgraded to 3.0.4 perfectly.

    I encountered a similar problem when upgraded from to It was fixed. I just upgraded to 3.0.4 for SNI support. In recent times, upgrading ISPConfig in a production server seems not out of chaos!
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    I dont think so. There are several thousand successfull upgrades already to 3.0.4, also all my servers upgraded without a single problem by just running Its sad to see that your upgrade failed and I will try to help you to find the problem, but you should be aware that you not only installed a ispconfig update, you also installed and compiled a lot of system software at the same time and the software versions and compile settings that you used to install the software had not been tested on centos with ispconfig. The tested setup is what you find in the perfect setup guide, if you use different software or software versions, you will have to check if they and the compile settings ypu used are compatible with ispconfig.

    If you had this problem already with ISPConfig, then you should post which solution you used that time so I might be able to tell you what the reason for the problem is.

Share This Page