The Perfect Server - Debian 9 (Stretch) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1

This tutorial shows how to prepare a Debian 9 server (with Apache2, BIND, Dovecot) for the installation of ISPConfig 3.1, and how to install ISPConfig. The web hosting control panel ISPConfig 3 allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers Apache (instead of nginx), BIND, and Dovecot.

1 Preliminary Note

In this tutorial, I will use the hostname with the IP address and the gateway These settings might differ for you, so you have to replace them where appropriate. Before proceeding further you need to have a minimal installation of Debian 9. This might be a Debian minimal image from your Hosting provider or you use the Minimal Debian Server tutorial to setup the base system.

2 Install the SSH server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian 9 server and follow the remaining steps from this tutorial.

3 Install a shell text editor (Optional)

We will use nano text editor in this tutorial. Some users prefer the classic vi editor, therefore we will install both editors here. The default vi program has some strange behavior on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install nano vim-nox

If vi is your favorite editor, then replace nano with vi in the following commands to edit files.

4 Configure the Hostname

The hostname of your server should be a subdomain like "". Do not use a domain name without subdomain part like "" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname, the file shall look like this:

nano /etc/hosts       localhost.localdomain   localhost     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:


Finally, reboot the server to apply the change:


Log in again and check if the hostname is correct now with these commands:

hostname -f

The output shall be like this:

[email protected]:/tmp# hostname
[email protected]:/tmp# hostname -f

5 Update Your Debian Installation

First, make sure that your /etc/apt/sources.list contains the stretch/updates repository (this makes sure you always get the newest security updates), and that the contrib and non-free repositories are enabled as some required packages are not in the main repository.

nano /etc/apt/sources.list
deb stretch main contrib non-free
deb-src stretch main contrib non-free

deb stretch/updates main contrib non-free
deb-src stretch/updates main contrib non-free


apt-get update

To update the apt package database

apt-get upgrade

and to install the latest updates (if there are any).

6 Change the default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <- no

If you don't do this, the ISPConfig installation will fail.

7 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp

and your system time will always be in sync.

8 Install Postfix, Dovecot, MySQL, rkhunter, and Binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and Binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo

When you prefer MySQL over MariaDB, replace the packages "mariadb-client mariadb-server" in the above command with "mysql-client mysql-server".

You will be asked the following questions:

General type of mail configuration: <-- Internet Site
System mail name: <--

To secure the MariaDB / MySQL installation and to disable the test database, run this command:


Answer the questions as follows:

Change the root password? [Y/n] <-- y
New password: <-- Enter a new MySQL root password
Re-enter new password: <-- Repeat the MySQL root password
Remove anonymous users? [Y/n] <-- y
Disallow root login remotely? [Y/n] <-- y
Remove test database and access to it? [Y/n] <-- y
Reload privilege tables now? [Y/n] <-- y

Next, open the TLS/SSL and submission ports in Postfix:

nano /etc/postfix/

Uncomment the submission and smtps sections as follows and add lines where necessary so that this section of the file looks exactly like the one below.

submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING [...]

Restart Postfix afterwards:

service postfix restart

We want MySQL to listen on all interfaces, not just localhost. Therefore, we edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address = and add the line sql-mode="NO_ENGINE_SUBSTITUTION":

nano /etc/mysql/mariadb.conf.d/50-server.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           =



Set the password authentication method in MariaDB to native so we can use PHPMyAdmin later to connect as root user:

echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root

Edit the file /etc/mysql/debian.cnf and set the MYSQL / MariaDB root password there twice in the rows that start with password.

nano /etc/mysql/debian.cnf

The MySQL root password that needs to be added is shown in read, in this example the password is "howtoforge".

# Automatically generated for Debian scripts. DO NOT TOUCH!
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
basedir = /usr

To prevent the error 'Error in accept: Too many open files' we will set higher open file limits for MariaDB now.

Open the file /etc/security/limits.conf with an editor:

nano /etc/security/limits.conf

and add these lines at the end of the file.

mysql soft nofile 65535
mysql hard nofile 65535

Next, create a new directory /etc/systemd/system/mysql.service.d/ with the mkdir command.

mkdir -p /etc/systemd/system/mysql.service.d/

and add a new file inside:

nano /etc/systemd/system/mysql.service.d/limits.conf

paste the following lines into that file:


Save the file and close the nano editor.

Then we reload systemd and restart MariaDB:

systemctl daemon-reload
service mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[email protected]:/home/administrator# netstat -tap | grep mysql
tcp6 0 0 [::]:mysql [::]:* LISTEN 17776/mysqld
[email protected]:/home/administrator#

9 Install Amavisd-new, SpamAssassin, and ClamAV

To install amavisd-new, SpamAssassin and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

service spamassassin stop
systemctl disable spamassassin

9.1 Install Metronome XMPP Server (optional)

This step installs the Metronome XMPP Server which provides a chat server that is compatible with the XMPP protocol. This step is optional, if you do not need a chat server, then you can skip this step. No other ISPConfig functions depend on this software.

Add the Prosody package repository in Debian.

echo "deb stretch main" > /etc/apt/sources.list.d/metronome.list
wget -O - | sudo apt-key add -

Update the package list:

apt-get update

and install the packages with apt.

apt-get install git lua5.1 liblua5.1-0-dev lua-filesystem libidn11-dev libssl-dev lua-zlib lua-expat lua-event lua-bitop lua-socket lua-sec luarocks luarocks
luarocks install lpc

Add a shell user for Metronome.

adduser --no-create-home --disabled-login --gecos 'Metronome' metronome

Download Metronome to the /opt directory and compile it.

cd /opt; git clone metronome
cd ./metronome; ./configure --ostype=debian --prefix=/usr
make install

Metronome has now be installed to /opt/metronome.

Share this page:

224 Comment(s)

Add comment

Please register in our forum first to comment.


By: Luther

as soon as stretch released you updated your guides, thx for keeping up the hard work

By: nedkox


By: marc

The underscore got me confused, it should be "NO_ENGINE_SUBSTITUTION"   . Hope it helps. 


By: Oscar

I have a problem with IspConfig:

With initial configuration i create a user and a site y say this:

The following changes are not yet populated to all servers:

By: till

Writing changes to disk takes about 1 Minute. If the changes have not been written after some time, then please make a post in the forum to get help with your installation issue. Instruction on how to find out what is failing in your install can be found at the end of this post:

By: HelLViS69

Hi,I just installed a fresh Debian 9, but the new server doesn't send/receive emails.

I checked in the logs and the problem is amavis:giu 29 22:29:18 web amavis[21846]: Starting amavisd: ERROR: MISSING REQUIRED ADDITIONAL MODULES:giu 29 22:29:18 web amavis[21846]:   DBD::mysqlgiu 29 22:29:18 web amavis[21846]: (failed).

I checked apt repo and they are ok, the only package referring to DBD and mysql is libaprutil1-dbd-mysql which isn't installed

Anyone have a clue?

By: HelLViS69

Hi, I installed libdbd-mysql-perl and amavis is up and running.. I didn't try to send/receive mails yet

By: HelLViS69

Hi, I finally managed to send/receive mails. The first problem, as in the previous mail, was libdbd-mysql-perl missing. (email receiving)

Then I have a SASL login error, fixed installing libsasl2-modules.

The last error was sending mail with this error:status=deferred (connect to[]:10026: Connection refused)

The problem here was in /etc/postfix/ content_filter = amavis:[]:10024 while in /etc/postfix/ there was /^/ FILTER amavis:[]:10026. Asap I changed the port to 10024, postfix started to send mails

By: tucuta

This tutorial does not work. He already tried 3 times, he followed the steps well and there are two applications that do not ask for password.When I create a user and when I sync does not work. The message is: The following changes are not yet populated to all servers:


By: till

The tutorial is working fine. Just had a user who reported to me yesterday that everything worked out of the box and I installed it myself by simple copy/paste of all commands 2 days ago as well without any issues. Your problem is an issue with your server and not the tutorial, when the base system is broken or not a clean fresh install, then the setup will fail. E.g. when services are already installed, then they will not ask for a password. And non-executing ISPConfig jobs can mean that you or the person that made the base install disabled the linux cron daemon. Please post in the forum here at howtoforge to get help with your server installation.

By: Linuxer

Thank you for the new perfect server guide. Works great.

By: brody

lstsencrypt does not enable under Sites -> Web domain

By: till

This means that let's encrypt was not able to verify your domain. See let's encrypt FAQ post in the forum: and post in the Forum if you need further help on configuring your Domain for Let's encrypt.

By: Fab

In order to get amavisd starting you need to install this package:


By: till

I do not have to install this separately on my servers. I'll check that.

By: treki

Configuring phpmyadmin:

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using     ?    ? password: YES) . Your options are:                                       ?    ?  * abort - Causes the operation to fail; you will need to downgrade,     ?    ?    reinstall, reconfigure this package, or otherwise manually intervene  ?    ?    to continue using it. This will usually also impact your ability to   ?    ?    install other packages until the installation failure is resolved.    ?    ?  * retry - Prompts once more with all the configuration questions        ?    ?    (including ones you may have missed due to the debconf priority       ?    ?    setting) and makes another attempt at performing the operation.       ?    ?  * retry (skip questions) - Immediately attempts the operation again,    ?    ?    skipping all questions. This is normally useful only if you have      ?    ?    solved the underlying problem since the time the error occurred.      ?    ?  * ignore - Continues the operation ignoring dbconfig-common errors.     ?    ?    This will usually leave this package without a functional database.   ?    ?                                                                          ?    ? Next step for database installation:                                     ?    ?                                                                          ?    ?                          abort                                           ?    ?                          retry                                           ?    ?                          retry (skip questions)                          ?    ?                          ignore


What i must do?

By: till

The error means that you entered a wrong MySQL root password when requested by apt.

By: treki

The same problem  in the RoudCube install!

By: treki

ISPconfig installation:

PHP Parse error:  syntax error, unexpected 'if' (T_IF), expecting function (T_FUNCTION) in /usr/local/ispconfig/server/plugins-available/ on line 1189

The mysql-password problems are solved.

By: till

Download ISPConfig again and install it.

By: Er1ck

Till, congratulations for the tutorial! It didn't work for me on the first try but I believe in it. For many years, I've set up the systems by hand by the shell and now I want a new life with Ispconfig. :) I want to install it on multiple servers in the cloud and that's why I have a huge hope that it works well. I use Sendmail and Exim4, Postfix will be the first time.

Some servers are in the Google Cloud, which is very restrictive in many things. For email, I'm using Sendgrid with them. My question is if your tutorial and Ispconfig can work fine on a Google Cloud virtual machine using Sendgrip to send emails? The other servers are in Rackspace, Amazon WS and Digital Ocean. Are there any special recommendations for using the tutorial and Ispconfig in these hosting companies?

On special servers some Ispconfig features will be disabled.


Thank you so much!

By: till

This setup works fine on cloud services as well. You can configure e.g. sendgrid as outgoing SMTP under System > Server config in ISPConfig. Btw. In case that you recieved that syntax error that the user posted abvoe when using the ISPConfig dev version from git, then just download ISPConfig dev again (or use the stable version which did not had that problem) as the problem has been resolved in the dev code.

By: Jose

Hello, gives the following error, from inside of Ispconfig:

Is a new installation of a debian 9 in a vps, I tried 3 times installing the manual from the begining alwais with the same error, and doing the manual exactly.

Thank you.

postfix/smtpd[1664]: fatal: no SASL authentication mechanismspostfix/smtpd[1753]: fatal: no SASL authentication mechanisms

By: till

There is no issue in the tutorial itself, mail on the resulting setup works flawlessly as you can see e.g. in the downloadable VM. Most likely, you made a mistake while editing the postfix config or you missed to install a package. Please post in the forum to get help with your configuration problem.

By: Zergling

How to set quota when I have virtual machine running on LXC?And my /etc/fstab looks like this:# UNCONFIGURED FSTAB FOR BASE SYSTEM

By: till

LXC does not has any real quota support. But there are some workarounds to get quota in LXC like this:

But you will probably see a performance decrease.

By: Solstice

There is a issue with the Maria DB for Debian 9 and the echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root.

If you do the set plugin portion one will end up with a ERROR 1524 (HY000): Plugin  x is not loaded.

From research it seems to have to deal with Maria DB 10x or Mysql 5.7x as it has changed the tables for user passwords.

Please update this, as it gets frustrating during other install portions.


By: till

Thank you for your report. I just tested the installation again on a fresh Debian 9 and there are no errors in the MySQL setup as shown in the tutorial. MySQL login with password works flawlessly and MySQL restarts without errors (neither on screen nor in the log file). Maybe you missed editing the debian.cnf file or you did not restart MySQL.

By: Ed

Hi, Apache 2 won't start in section 10 - do you really mean httpoxy, or do you mean httproxy?

By: till

Apache starts absolutely fine with that config here and yes, the name is 'httpoxy'. Don't you know what httpoxy is? Read here:

When apache does not start with that config, then you might have missed enabling the headers module in apache which is done in the a2enmod command above or you made a typo in one of the commands. In any case, you find the reason for the error that occurs on your server in the apache error.log file.

By: Ed

Please ignore my just sent error report - there was a character missing from my /etc/apache2/conf-available/httpoxy.conf file which I corrected and which is now allowing apache2 to restart - a problem with vim and the mouse!

By: Quentin



# Automatically generated for Debian scripts. DO NOT TOUCH![client]host = localhostuser = rootpassword = howtoforgesocket = /var/run/mysqld/mysqld.sock[mysql_upgrade]host = localhostuser = rootpassword = howtoforgesocket = /var/run/mysqld/mysqld.sockbasedir = /usr


am i supposed to replace howto forge by my root password ? is it safe to let in clear a password?

By: till

Yes, you have to replace it and yes, it's safe as the file can be read by the root user only and the password has to be set in cleartext there.

By: Quentin

Thanks for the answer !

By: Nico

I`ve received an 404-Error, when I`ve tried to acces phpMyAdmin.


Include /etc/phpmyadmin/apache.conf

at the bottom of /etc/apache2/apache2.conf solved my problem.

Rest works great! Thank you very much for this howto.

By: till

When you select the apache installation option during PHPMyAdmin installation as shown in the tutorial, then adding this include manually is not needed.

By: Stefano

For me too. ISPConfig or the tutorial doesn't add the PHPMyAdmin conf file [/etc/roundcube/apache.conf] in /etc/apache2/conf-available/

In the old debian7 with ISPConfig the installer put in /etc/apache2/conf.d/ the phpmyadmin.conf -> ../../phpmyadmin/apache.conf

Solve it with:

ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.confcd /etc/apache2/conf-enabledln -s ../conf-available/phpmyadmin.conf phpmyadmin.confservice apache2 reload


By: till

There is neither an issue in ISPConfig nor in the tutorial. The problem you describe happens when you do not select to configure apache when the phpMyAdmin apt installer asks for it. Selecting means to navigate to the option and then select it with the space bar of your keyboard. If you fail to activate an option in apt with the spacebar and just highlight it, then apt will not enable the option. To verify that your step is not required, I just installed a test server again by foilowing the above tutorial to the letter, the result is that phpmyadmin is enabled and working:


[email protected]:~# ls -la /etc/apache2/conf-enabled/php*

lrwxrwxrwx 1 root root 33 May 11 21:08 /etc/apache2/conf-enabled/phpmyadmin.conf -> ../conf-available/phpmyadmin.conf


But, in case someone did not follow the tutorial and missed enabling phpmyadmin, then your commands are the correct ones to do this manually afterwards.

By: ed

Hi,  In step 12.1 shoud we also a2enconf php7.0-fpm like the terminal return tells us to, or is that a mistake?

By: till

You should not run a2enconf php7.0-fpm.

By: ed

I have the same question - in step 10 I am installing mariadb, yet I was not asked for a mysql root password! and I  am reinstalling because I followed this tutorial perfectly 2 days ago, and have not been able to send or receive mail with this production install, even though I did get it workign on a test vps - the only difference being that the test vps has exim4 installed, and this one does not. and the error is a failure to communicate with smpt - given in roundcube when I try to send mail.

By: Luke

Everything worked great, until it wouldn't let me upload website content via SFTP (user: admin), and I ran chmod 777 on the whole /var/www directory

# chmod -R 777 /var/www


Webserver still runs, but the ISPConfig GUI is broken (500 / Internal Server Error)


Tried to patch up with this, but no dice.....

    # sudo find /var -type d -exec chmod 775 '{}' \;

    # sudo find /var -type f -exec chmod 664 '{}' \;


Any ideas how to fix? I already tried to reinstall ISPConfig with php -q update.php

By: till

A chmod 777 must destroy the whole installation as all files and folders have special permissions, so never do that. You can upload files by SFTP with an SSH user that you created for this website in ISPConfig (or by FTPS when you created an FTP user). The user "admin" which does not belong to the ISPConfig install is probably just a normal Linux user without special permissions, so he can not upload files to websites. Only users of the site and the root user can do that.


What you can try is that you enable the "update permissions on update" option under system > server config > web in ISPConfig and then run Tools > Resync in ISPConfig to resync the websites. If this won't work, then you probably have to delete all sites in ISPConfig and recreate them or reinstall the system.

By: Adam

I am a little confused by this...what am i actually supposed to input into hostname?

Are your ip addresses here internal/local ones or external/public ones? (this is really confusing)

In this tutorial, I will use the hostname with the IP address and the gateway These settings might differ for you, so you have to replace them where appropriate. Before proceeding further you need to have a minimal installation of Debian 9.


For a google cloud compute instance the following is automatically added by google when the instance is deployed (the disk image already has an O/S too).

Do i delete what google has automatically added and replace it with your etc? (on google cloud locahost is 127... is it not? What is 192.168 for? That is not an external/public ip address?)       localhost

::1             localhost ip6-localhost ip6-loopback

ff02::1         ip6-allnodes

ff02::2         ip6-allrouters server1.c.goannawebsites-1.internal server1  # Added by Google  # Added by Google

By: Adam

is this jailkit directory the right one? Doesnt this install it into the tmp directory?


cd /tmpwget xvfz jailkit-2.19.tar.gzcd jailkit-2.19echo 5 > debian/compat./debian/rules binary

By: till

Yes, that's the correct directory and no, this will not install jailkit in /tmp.

By: Markus

It is not the perfect Server... HowTo...You write about installing letsencrypt, but it is not used in your howto. Only installing is not enough, that does not work

By: till

I guess you are a first-time ISPConfig user so you can't know that the tutorial is complete and the LE certs are created by ISPConfig when you add a site. So there is nothing missing, the tutorial is complete, there are no further steps needed beside installing the LE package as shown in the tutorial. LE is used by ISPConfig and the SSL certs are created by ISPConfig. I'll add a note in the tutorial so that no other first-time users think that something is missing.

By: Eric

Hi, and thank you for this tutorial.

I had an error in the RKHunter log : Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

I googled it and found a solution, which was to edit the /etc/rkhunter.conf file and change some values :



WEB_CMD="/bin/false" --> WEB_CMD=""

Does these seems fine to you ? Or should I revert these and correct that error another way ?

Thanks for your help

By: esezako


For when a howto Multiserver Setup With Dedicated Web, Email, DNS & MySQL Database Servers On Debian 9?

Thanks in advance!

By: quaz22


I had to install yet dialog and libwww-perl

I have Debian 8.9

The ispconfig shows me: Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

Nothing helps


By: till

This tutorial is for Debian 9.x only, it will not work when you have Debian 8.x. The tutorial for Debian 8 is here:


You should always use the tutorial that matches the major version of your installed OS.

By: Michael

Seem to have forgotten to link phpmyadmin apache conf to sites-enabled

By: till

This link is created automatically when you install PHPMyAdmin by selecting apache in the apt installer. If the link is missing on your system, then you have not chosen the right option during install (or you did not activate it in the dialog with the space bar).

By: Michael

Oh! I see what happened. It LOOKED like I had apache selected when configuring, but I didn't have anything selected. I had to hit *space*!

By: Michael

may need to add this too (i needed it for getting certbot to work on command line)


apt-get install python-certbot-apache

By: till

This package is not required and more important it will hurt the setup. It tries to modify the vhosts created by ispconfig in a way that the system will fail later (it duplicates some apache directives which have t be unique server-wide so apache will fail when you restart it). LE certs for websites get generated from within ISPConfig.

By: Michael

Okay... So then how do we get the cert for the main server?

By: till

By: Michael

Thank you! I will look into that. :)

By: Alan Johnston

i must of done this tutorial 8 times in one night getting to the end and not being able to log in, everytime i tried to log in it would not load, it done my head in i went from (obvs not the example part but i have used it as an example) it would not let me log in but now i have managed to log in after trying (diff ip again for security) so if you cant login thorugh the FQDN then try the ip

By: Manel Neto

How do I install another version of php

By: Kévin

Hi and thanks for the tutorial !

When I put this : echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root

I got this message : ERROR 1698 (28000): Access denied for user 'root'@'localhost'

Do you have any ideas ?



By: till

Seems as if your MySQL server has a root password already. use this command in that case:


echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root -p

By: Kévin

Thanks for your quick answer ! 

Sadly, I have this message : ERROR 1698 (28000): Access denied for user 'root'@'localhost'


By: till

Then you either did not add the -p switch at the end of the command as I suggested or you enter a wrong password.

By: Kévin

I added the -p, I tried with sudo, I still got the same error...How to solve this problem ?

By: SamTzu

If you can't login to your mysql database as root you need to reset it's root password. Instructions are here...

By: brody

I get an error in RKHunter Log "Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

By: till

That's not an issue in the tutorial, it is in the Debian RKHuntre package, see here:

By: John Rand

I'm trying to add ISPConfig on a Debian 9  on Google Compute Engine.  When I added a host and hostname as described, and rebooted, and then check through hostname and hostname -f, it shows the Google hostname, not what I added.  Could this be why I'm getting the Access denied for user 'root'@'localhost' when I run echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root -p

Obviously a newbie here.  Any suggestions would be appreciated.

By: till

That's not related. When google does not let you set the hostnname, then you can leave the hostname as it is. Maybe you have not set a MySQL root password yet, in that case remove the -p at the end of the command.

By: André

I can't get Pro-FTP to work properly. I just want to allow FTPS. SFTP I have totally deleted because it would have to run over PAM. But with FTPS it cannot load the directory list.

By: cocovina

It looks like firewall problem. Check the high ports - should be opened (or some range corresponding with client setup)

By: Fabrice

Thank you very much

By: Jesse Norell

I upgraded a system from jessie to stretch and edited /etc/mysql/mariadb.conf.d/50-server.cnf (which did exist) to set sql-mode="NO_ENGINE_SUBSTITUTION" however I found that config file was not being read at all; I ended up making the addition to /etc/mysql/conf.d/mariadb.cnf and it worked fine.

By: George

Every time.... in roundcube...



 An error occurred while installing the database:                                                                                                      ?  ?                                                                                                                                                       ?  ? ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2 "No such file or directory") . Your options   ?  ? are:                                                                                                                                                  ?  ?  * abort - Causes the operation to fail; you will need to downgrade,                                                                                  ?  ?    reinstall, reconfigure this package, or otherwise manually intervene                                                                               ?  ?    to continue using it. This will usually also impact your ability to                                                                                ?  ?    install other packages until the installation failure is resolved.                                                                                 ?  ?  * retry - Prompts once more with all the configuration questions                                                                                     ?  ?    (including ones you may have missed due to the debconf priority                                                                                    ?  ?    setting) and makes another attempt at performing the operation.                                                                                    ?  ?  * retry (skip questions) - Immediately attempts the operation again,                                                                                 ?  ?    skipping all questions. This is normally useful only if you have                                                                                   ?  ?    solved the underlying problem since the time the error occurred.                                                                                   ?  ?  * ignore - Continues the operation ignoring dbconfig-common errors.                                                                                  ?  ?    This will usually leave this package without a functional database.                                                                                ?  ?                                                                                                                                                       ?  ? Next step for database installation:                                                                                                                  ?  ?                                                                                                                                                       ?  ?                                                                abort                                                                                  ?  ?                                                                retry                                                                                  ?  ?                                                                retry (skip questions)                                                                 ?  ?                                                                ignore                                                                                 ?  ?                                                                                                                                                       ?  ?                                                                                                                                                       ?  ?                                                                        <Ok>          

By: Fahad Ahammed

Thank You.

By: James Steerforth

A small suggestion - you should rename this as  "The Perfect Guide to a Perfect Server". I proceeded through all the steps without a hitch, a rare occurence when following these type of instructions. Thanks for such a detailed and useful guide.

By: Fabrice


Thank you very much for this tuto.

I followed step by step, I've created a new client with ISPConfig 3.1, a new site and a new ftp account, but I can't connect with FileZilla, with SSH port 21.

Do you have an idea ?



By: till

Most likely you use a wrong FTP mode. ensure that you use FTPS (which is FTP) and not SFTP (which is SSH). If you need further help, please post in the Forum here at howtoforge.

By: David Evans

After finishing this I was unable to log into ISPConfig. I had the site took too long to respond error so I rebooted the server and then was unable to login as root anymore?  

By: till

Then you probably made a mistale during setup. This tutorial does not alter or configure root login nor sshd.

By: Armand

Very nice tutorial, thank you.

I have just a small important problem: I cannot access to phpmyadmin. On myserveraddress:8080/phpmyadmin I'm getting the warning

The requested URL /phpmyadmin was not found on this server.

I'm lost

By: Thomad
By: Sijmen

[email protected]:~# apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo

Reading package lists... Done

Building dependency tree

Reading state information... Done

E: Unable to locate package dovecot-sieve dovecot-lmtpd sudo

what am i missing i have edited the soucelist

By: Sijmen

The above error was i did not run apt-get update

but got a other error 

[email protected]:~# systemctl daemon-reload

[email protected]:~# service mysql restart

Warning: mysql.service changed on disk. Run 'systemctl daemon-reload' to reload units.

[email protected]:~#


By: Anthony B

Morning, i have the système error 

[email protected]:~# systemctl daemon-reload

[email protected]:~# service mysql restart

Warning: mysql.service changed on disk. Run 'systemctl daemon-reload' to reload units.

[email protected]:~#

By: Anthony B

Hi, i don't know why but now this cmld works fine :) 

By: Anthony B

I have re-install my server and i have the same server. 

For me, i have need to change my cmdl. I remplace systemctl daemon-reload to systemctl --system daemon-reload


Best regards

By: Martin

Any ideas on this?


host:~# systemctl --system daemon-reload

host:~# systemctl daemon-reload

host:~# service mysql restart

Warning: mysql.service changed on disk. Run 'systemctl daemon-reload' to reload units.



By: Sudrien

I also recieved the

Warning: mariadb.service changed on disk. Run 'systemctl daemon-reload' to reload units.

...and running the command had no effect.


Instead of /etc/systemd/system/mysql.service.d/limits.conf

I added & editied /etc/systemd/system/mariadb.service.d/limits.conf

and systemctl daemon-reload took effect

By: jean francois

hello and thank you,

Is it possible to install phpmyadmin with your tutorial ?

By: till

PHPMyadmin is installed as part of this tutorial.

By: Mat

Dear Till,

thanks for this great tutorial!

I will test it soon on a virtual machine at my server - please two questions


does everything also work with latest php 7.2 stable too?

if not, what would be the max. php 7.x release working with your tutorial?


at the debian update, does this update to latest 9.3 stable or is there anything additional to do? (I have only a 9.0 hoster image available) 

or is there any conflict maybe with your tutorial? (With 9.3)


Thanks in advance & kind regards,


By: stratege1401

First of all, i must say this is a very nice tutoriel.

Very clear, with almost no error, but with a few strange things:

----- For letsencrypt to work do as follow ------

nano /etc/apt/sources.list #add

deb stretch-backports main


apt-get update

ALWAYS go to and use drop down menu to match your server type. You will get the LATEST certbot with the LATEST vulnerability fix !!!

apt-get install python-certbot-apache -t stretch-backports  #wich is the latest certbot for Apache Debian 9.x script

use command line: ( this will fix the actual letsencrypt TLS-SNI vulnerability report, new certbot with fix is due soon, test release work so far ))

certbot --authenticator webroot --installer apache --rsa-key-size 4096 ( in order to have a A+ rate on SSLabscheck )

----- pureFTPD with LETSENCRYPT and not a dummy certificate -----

cat /etc/letsencrypt/live/servername/privkey.pem /etc/letsencrypt/live/servername/fullchain.pem > /etc/ssl/private/pure-ftpd.pem

In order to avoid an DH_params errors with pureFTPD restart 

openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 4096

chmod 600 /etc/ssl/private/pure-ftpd.pem

chmod 600 /etc/ssl/private/pure-ftpd-dhparams.pem



nano /etc/apache2/sites-available


# SSL Configuration

  SSLEngine On

  SSLProtocol All -SSLv3

  SSLCertificateFile /etc/letsencrypt/live/servername/fullchain.pem  <-- letsencrypt of course

  SSLCertificateKeyFile  /etc/letsencrypt/live/servername/privkey.pem <-- letsencrypt of course


#SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt  <-- bad mojo :!

#SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key  <-- bad mojo :!

#SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle  <-- bad mojo :!


Have fun and keep up the good work !!!

By: Dominic

Afterwards you can access ISPConfig 3 under http(s):// or http(s):// ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):Admin and Admin don't work :(

By: till

Username and password are case sensitive, so 'admin' and 'Admin' are different users and passwords. Beside that, the ISPConfig installer requested you to enter a password or to accept the default one, which was shown by the installer. and that's the password that you have to enter, this can be different from 'admin'. If you don't remember the password that you have set, then reset it as described here:

By: Thomas

Jailkit can no longer be reached via http, only https, so the new link is:

By: till

Jailkit download works fine without issues here.

By: Dominic

If you have problem with first login to 3.1 verision you need to restart your password:

By: Mike

This tutorial needs to be updated because HHVM is now supporting Debian 9 Stretch.

By: gamal


could you please help me

[email protected]:~# luarocks install lpcInstalling make: command not foundError: Build error: Failed building

By: Julien Julien

I think you should do this apt-get install make

before the step where you install Metronome

By: Golibshoh

ISPConfig was installed with an error:

not all services started, a timeout error, then manually I wanted to restart Apache but it did not work. The server now hangs and the ISPConfig page does not open.

By: Golibshoh

PS: The error was in Amavis.

By: Golibshoh

amavis.service: Start operation timed out. Terminating.

Failed to start LSB: Starts amavisd-new mailfilter.

amavis.service: Unit entered failed state.

amavis.service: Failed with result 'timeout'.

By: till

Amavis fails when the hostname of your server is not configured correcty. That' the most common issue with amavis. Ensure that you configured the hostname on your server correctly before you install the server.

By: MikeC

Nice! Thanks for the great tutorial! I did have to add 8080 to /etc/apache2/ports.conf to get ispconfig to answer.

By: Raham

I  have installed the server based on this tutorial on newly created server. But when I run the ISPConfig install.php I got an error says: "This software cannot be installed on a server wich runs ISPConfig 2.x."

I doubled checked, there is nothing installed from ISPConfig2 or any other version on the server.


I wonder if you have any suggestions?

By: Till

Probably you have a folder /root/ispconfig. Rename that folder.

By: cocovina

"To prevent the error 'Error in accept: Too many open files' we will set higher open file limits for MariaDB now."Is there any correlation with OS ulimit value for "Open files" which is 1024 by default. Should be this ulimit -n increased also?

Thx for explanation.

By: Kai

Is there a chance to update this guide? HHVM offers up-to-date repos since ever™, so integrating might be considered an idea

By: Saul

The perfect server would use PowerDNS instead of BIND.

Just saying.

By: Brian DuBridge

Awesome tutorial! It's making it possible for me to set up an email server, accelerate knowledge, and save a bunch of money, all at the same time!


By: Brian DuBridge

Awesome tutorial! It's making it possible for me to set up an email server, accelerate knowledge, and save a bunch of money, all at the same time!

 mysql seems to be listening on port (I assume) 1964 on my DigitalOcean debian 9 server. Will this be an issue?   [email protected]ver180319:~# netstat -tap | grep mysqltcp6       0      0 [::]:mysql              [::]:*                  LISTEN      1964/[email protected]:~#  

By: Marko

I followed the same guide, let me know if this line has caused trouble for you later in instalation?

[email protected]:~# netstat -tap | grep mysqltcp6       0      0 [::]:mysql              [::]:*                  LISTEN      853/mysqld

in my case, digital ocean droplet

By: Federico Jaramillo

La creacion de certificados Letsencrypt no funciona automaticamente.

Me funciono con esta guia.


By: till

LE certificates can be created automatically by simply enabling the lets encrypt checkbox of the website in ISPConfig. The article link you posted is outdated and was made for ISPConfig version before LE was integrated into ISPConfig. The article mentions that btw.

By: SamTzu

There is more power on this one page than in thousand other pages combined.Congrats...-Sam

By: Stefano

Hello! Thanks for this very complete guide.


In past time I've installed ISPConfig on a Debian 7 and now on a new server with Debian 9. Thanks.


The only difference in the new Debian 9 is the disponibility of the four PHP versions: 5.6, 7.0, 7.1 and 7.2


Inconcepible, the new Debian 9 refuse to activate sites. I have try to create a new reseller too.


The one thing I have understand is that the folder /var/www/clients doesn't exist, I have also try to create "clients/client2" manually, then do the "chown root:client2 /var/www/clients/client2" but the system tell me doesn't knowledge client2 as a group...


Something strange. Reinstall all?

By: ZenMiser

Hi, I followed the tutorial word for word on a linode. I am stuck at step 10:phpMyAdmin, and mcrypt. I get this error;

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

I checked my password as Till suggested;

From: till at: 2017-11-17 08:59:07Reply  The MySQL root password that you have set in the file /etc/mysql/debian.cnf seems to be wrong. It did not work. Any other suggestions?

By: Andreas Borowczak

What`s wrong ? I have do it step by Step

Jul 9 14:54:50 bodi-minimal postfix/smtpd[27088]: warning: unknown[]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

By: till

There is nothing wrong with the guide. The message just means that you use a wrong username or password. The email username is the full email address. If you need further help, please post in the forum.

By: brody

correct way to install python

apt-get build-dep libapache2-mod-python libapache2-mod-wsgi

By: Thorsten

I get every time the dpkg error pure-ftp-mysql... Somebody got a tip for me?

By: till

Not easy to help you without knowing which exact error you get. But you might want to compare the /etc/apt/sources.list file on your server with the one shown in this tutorial.

By: brody

XMPP server does not work.. which tutitrial do we follow?


By: Vladimir Antonini

The installation of ISPConfig on Raspbian 0S, of the Raspberry Pi 3, an ARM operating system, follows the same steps as the Debian 9 (Stretch) tutorial with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1 (this tutorial) just by skipping the Quotas configuration step in fstab that it should not be done, because it will not work.

By: tux


Following your tutorial, after ispconfig installation, I've got this error when trying to reach :

In apache error log,

[Sun Sep 09 19:05:49.221188 2018] [fcgid:warn] [pid 31184] (104)Connection reset by peer: [client] mod_fcgid: error reading data from FastCGI server[Sun Sep 09 19:05:49.221427 2018] [core:error] [pid 31184] [client] End of script output before headers: index.phpIn firefox I've got an internal server error 500

Thank you for your help


By: Panagiotis

Just following your guide now.  In Step 17, there's a typo.  It should be:

rm -rf jailkit_2.19*

and not 

rm -rf jailkit-2.19*

Thanks for the great effort, and amazing guides!



By: pat76

good tutorial, but i have an issue with postfix. i just start getting emaisl that seem to come from my server itself. when i tried from (server = my hostname, Recipient email and Sender email = a valid email address hostes on this ispconfig installtion) i'm able to send this email without the need of any authentication. that weird, right ? shouldn't the line in force every email sender to be authenticated ? smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/ , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/, check_sender_access regexp:/etc/postfix/ doen anyone have the same issue or a, that blocks the emails sent without authentification ( shoudl't work in a well configured server, right ?)

By: till

The setup of your server is fine, you just made a mistake in your test. To test if s server is an open relay, you have to specify a recipient address that is not on the server (e.g. a gamil address). What you tested is not if someone can send through your server, you just tested if your server is configured correctly to receive emails for the local email address that you used as recipient. If you need additional help, please post in the forum

By: r_s

The questions in step 8 are slightly different:


Enter current password for root (enter for none):

Set root password? [Y/n]


It does not ask 'Change the root password?'.


By: pinguinito



is not working for my first login in ISPconfig

By: till

The ISPConfig installer shows you the random password that was generated during install.

By: Nick

 Hi till

I have a problem with Amavis. It ALWAYS crashes and leaves a bunch of emails in the mailq. When I say always I do mean it. This is the 4th server I have set up based on your excellent posts and every few hours I need to restart Amavis to unlock my mail queue.

By: till

I've never had that issue on any server yet, maybe not enough RAM or something similar. Please make a post in the ispconfig forum here at howtoforge so we can help you to find out where the issue in your system is.

By: Warrior

Hello, thank you. amazing tutoriali need help in step finish. I install ispconfig in my server, my file apache log write my hostname: address.localdomain: 8080, where can I rewrite the hostname?.my address: 8080

By: Bioshi

Hello, I have a problem with roundcube, a priori I did not answer the question on the database, suddenly the access to the webmail is translated by a blank page, I can not find the solution to either revive the instalation or manually change the configuration. Can you help me ?

By: José Miguel

Hello!! i installed all in one server and ispconfig have problem with the sesion, sometime i click in the menu and nothing happens. i need press f5 and acept the certificate excepcion for login another time. why is this happening?

By: Santiago

How add my domain, not localdomain in ispconfig?

By: till

Login to ispconfig, go to the mail, sites or DNS module, depending on which service you want to provide for your domain, then click on new site, new mail domain or new zone, enter the domain name and press save.

By: Joey

Thank you for detailed tutorial, followed closely and just launched my ISPConfig panel! :)

By: Kenneth

Amazing! Works perfect! Thanks so much!! I obvied the postfix, dovecat, spamassasin and other packages related with mail server to safe resources (I don't need a mail server) and works perfect the rest of process. 


thanks again!

By: Vip

ran into same error on 10... 

triple checked mariadb pass still no go...

changed root pass for mariadb - changed pass in file restarted mariadb 

still no go - errors out... 

going to start from scratch and see what I messed up on before that point... probably hit something odd in secure of mariadb...

By: Tom Sampson

Very good tutorial! Thank you!  I'll add this

Once you create your primary domain and a letsencrypt cert, you can update other services so they use the same cert

# create sym links to your letsencrypt 

cd /usr/local/ispconfig/interface/ssl/

mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak

mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak

ln -sf /etc/letsencrypt/live/ ispserver.crt

ln -sf /etc/letsencrypt/live/ ispserver.key


# now you need to create for pureFTP

mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak

cat ispserver.{key,crt} > ispserver.pem

chmod 600 ispserver.pem


# create link for pureFTP

cd /etc/ssl/private/

ln -sf /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem

chmod 600 pure-ftpd.pem


# edit postfix main config

nano /etc/postfix/


# comment out the old and replace with these

smtpd_tls_cert_file = /etc/letsencrypt/live/

smtpd_tls_key_file = /etc/letsencrypt/live/

smtpd_tls_CAfile = /etc/letsencrypt/live/


nano /etc/dovecot/dovecot.conf


# comment out the old and replace with these

ssl_cert = </etc/letsencrypt/live/

ssl_key = </etc/letsencrypt/live/


# now restart the services

service postfix reload

service dovecot reload

service apache2 restart

service pure-ftpd-mysql restart


# ! don't forget to add a cron job to keep pureftp updated each time cert renews 

# something like this...



cd /usr/local/ispconfig/interface/ssl/

mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak

cat ispserver.{key,crt} > ispserver.pem

chmod 600 ispserver.pem 

By: lord_icon

In Punkt 9 gibt es Installationsprobleme.


postgrey (1.36-3) wird eingerichtet ...Warnung: Auf das von Ihnen angegebene Home-Verzeichnis /var/lib/postgrey kann nicht zugegriffen werden: No such file or directory


amavisd-new (1:2.10.1-4) wird eingerichtet ...Creating/updating amavis user account...Job for amavis.service failed because the control process exited with error code.See "systemctl status amavis.service" and "journalctl -xe" for details.invoke-rc.d: initscript amavis, action "start" failed.â— amavis.service - LSB: Starts amavisd-new mailfilter   Loaded: loaded (/etc/init.d/amavis; generated; vendor preset: enabled)   Active: failed (Result: exit-code) since Wed 2018-12-26 10:12:06 CET; 13ms ago     Docs: man:systemd-sysv-generator(8)  Process: 2072 ExecStart=/etc/init.d/amavis start (code=exited, status=1/FAILURE)Dez 26 10:12:06 debian amavis[2072]:   The value of variable $myhostname is "debian", but should have beenDez 26 10:12:06 debian amavis[2072]:   a fully qualified domain name; perhaps uname(3) did not provide such.Dez 26 10:12:06 debian amavis[2072]:   You must explicitly assign a FQDN of this host to variable $myhostnameDez 26 10:12:06 debian amavis[2072]:   in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host'sDez 26 10:12:06 debian amavis[2072]:   network name!Dez 26 10:12:06 debian amavis[2072]: (failed).Dez 26 10:12:06 debian systemd[1]: amavis.service: Control process exited, code=exited status=1Dez 26 10:12:06 debian systemd[1]: Failed to start LSB: Starts amavisd-new mailfilter.Dez 26 10:12:06 debian systemd[1]: amavis.service: Unit entered failed state.Dez 26 10:12:06 debian systemd[1]: amavis.service: Failed with result 'exit-code'.dpkg: Fehler beim Bearbeiten des Paketes amavisd-new (--configure): Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurückliblwp-protocol-https-perl (6.06-2) wird eingerichtet ...libwww-perl (6.15-1) wird eingerichtet ...spamassassin (3.4.2-1~deb9u1) wird eingerichtet ...Lege Systembenutzer »debian-spamd« (UID 115) an ...Lege neue Gruppe »debian-spamd« (GID 121) an ...Lege neuen Benutzer »debian-spamd« (UID 115) mit Gruppe »debian-spamd« an ...Erstelle Home-Verzeichnis »/var/lib/spamassassin« (3.4.2-1~deb9u1) wird eingerichtet ...Running sa-compile (may take a long time)Trigger für libc-bin (2.24-11+deb9u3) werden verarbeitet ...Trigger für systemd (232-25+deb9u6) werden verarbeitet ...Fehler traten auf beim Bearbeiten von: amavisd-newE: Sub-process /usr/bin/dpkg returned an error code (1)


By: till

The installation failed because your server hostname is wrong 'debian' is not a valid FQDN hostname. See minimal server setup guide, chapter 6, on how to setup your server hostname correctly:

the command 'hostname -f' must result in a valid fqdn hostname like and if that's the case, amavisd installation will succeed.

By: lord_icon

Update für: 4 Configure the Hostname

nano /etc/hostname

Es muß der FQDN rein. sonst klappt es nicht.

hostname -fhostname: Name or service not known

Ausserdem: In Punkt 9 fällt die Installation dann fehl


By: till

That's wrong. If you had to put the FQDN there, then you missed editing the /etc/hosts file. The /etc/hostname file contains the short hostname, e.g. 'server1' and the /etc/hosts file contains a line like this ' server1' ( IP address space FQDN hostname space short hostname. If you set it up like that, then the command hostname will result in the short hostname and the command hostname -f results in the FQDN hostname.

By: Tesla

As my PHP 7.0 is no longer supported, are there any changes to the tutorial regarding the initial installation of PHP? Is the new default version 7.1 or a higher version? 

By: till

The default PHP version is always the one that ships with the OS, ISPConfig has no influence on that. As far as I know, Debian has not changed the default version of Debian 9 to 7.1 yet, so there are no changes in the tutorial needed for Debian 9. You can install additional PHP versions like PHP 7.1, 7.2 and 7.3 though and use them in ISPConfig. If you are seeking for an operating system that has a newer default PHP version, then use e.g. Ubuntu 18.04 LTS which ships with PHP 7.2 as default.

By: Koki

Hi, I'm pretty new on Linux, but i'm reading and i'm liitle confused, and I have problem. I can't login do MySQL server anyway ... I have apache standard (working) page on and on https with ssl working, but when I go to (or roundcube) and i get  I now Error message DATA BASE ERROR .... (but like I've logged in),... also I can't connect to mysql ... As regular or root user (sudo -s) I can't connect to mysql>There are same errors here, and how to change mysql pass on roundcube? ... I have done one by one, and I have execute: cd /tmp; wget --no-check-certificate -O installer.tgz ""; tar zxvf installer.tgz; cd *ispconfig*; bash this command and it installs everyhing that have and don't have (dns server and i think file2ban i think) - it installs all, and it told me to add user like ispconfig ones (username admin pass admin) to the roundcube at /var/lib/roundcube/plugins/ispconfig3_account/config/ (there is no such file and I think I need to make new one, but with what syntax? ... i know this seems funny and newbie question, but sorry, I've tried on howtoforge... link but didn't found any. I have installed roundcube before (tried to, from here ... and only I got login page - nothing more) then in apache2 conf file there i was added "Alias roundcube and Webmail like in tutorial somewhere) but when ISPConfig installs done (apache2, mysql, pur-ftpd, Roundcube, dns server etc....) roundcube is in /var/lib and in /opt/roundcube (when I change Alias webmail - opt/rouncube into /var/lib etc (where is installed) i have forbiden page.... I know i have to learn many of it, but I pretty sure this is some my stupid configuration line ... if this i don't solve, i'll re-install all fresh linux ...

By: millenium

Step 21 php -q install.php fails with 'The patch command is missing. Install patch command and start installation again'

apt-get install patch

will fix the problem


By: Joseph

Just a small thing. on this page ( right on top, PHP5 should be PHP7

By: Gabriel

Buenas tardes.

He seguido el tutorial completo.

Una vez creada una cuenta de correo, puedo recibir mensajes sin inconvenientes.

Pero tengo inconvenientes con el envío de correo a otras cuentas, por ejemplo a Gmail.

Cuando reviso los errores de correo en el ISPConfig, desde "Archivos de correo" -> "Mostrar errores de correo", visualizo:


Jan 25 17:23:53 server1 amavis[7634]: (07634-09) (!!)AV: ALL VIRUS SCANNERS FAILED

He seguido todos los pasos del tutorial, si alguien se ha encontrado con un problema similar y lo ha podido solucionar le estaría muy agradecido.


By: Evgen

Why is it so non-working ... :(

At step 8, I tried both MYSQL / MariaDB, in both cases at step 10 everything falls into ERROR 1524 error (HY000): Plugin x is not loaded.

And it's time to rewrite the manual in php 7.2.

Can fix the manual on the actual parameters?

By: Rares

Hi till. I'm into some trouble


Setting up spamassassin (3.4.2-1~deb9u1) ...

Adding system user `debian-spamd' (UID 115) ...

Adding new group `debian-spamd' (GID 121) ...

Adding new user `debian-spamd' (UID 115) with group `debian-spamd' ...

Not creating home directory `/var/lib/spamassassin'.

Setting up sa-compile (3.4.2-1~deb9u1) ...

Running sa-compile (may take a long time)

command 'cp /tmp/.spamassassin11816IkiWEmtmp/ /var/lib/spamassassin/compiled/5.024/3.004002/' failed:     exit 0

dpkg: error processing package sa-compile (--configure):

 subprocess installed post-installation script returned error exit status 12

Processing triggers for libc-bin (2.24-11+deb9u3) ...

Processing triggers for systemd (232-25+deb9u8) ...

Errors were encountered while processing:


E: Sub-process /usr/bin/dpkg returned an error code (1)


Result from hostname -f is (not the real fqdn hostname ofcourse)

By: Davide


I've a question about ISPconfig server. I make it running on a VM behind a firewall and public the necessary server port's only.

When I create a new Client under ISP panel and try to view it on browser I can't; the only site that is visible as the hostname of server "" i've missing something or I've to setup more parameters on ISPconfig?


thank's for replay


By: till

A client is the data record of the person that has a login to the ISPConfig panel to administrate websites and mail users, not more and not less, you can not view a client in a browser except of being able to see and edit its details in ISPConfig. I guess you mix up clients with websites here, if you want to have a website and want to be able to access that website with a browser, then you have to create a website. See ISPConfig sites module.

By: Conrad

I love the guide but I have this thing in the back of my head saying, "I don't understand even a quarter of this".  I guess my biggest concern is that I am having issues, which was bound to happen considering that I have tried other posts to install debian bind9 and apache for local host without sucess.  Is this something that I should not be messing around with?

By: till

It is important that you start with a clean system. If you tried to configure your server by using other guides already, then you should format it and start from scratch with a clean Debian 9 system. The guide gets 'copy/paste' tested regularly, so simply copying and executing all commands plus editing the few mentioned files results in a fully working hosting system.

By: Freebox

For website shell user and any mysql command: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2 "No such file or directory")."/var/run/mysqld" is empty dir (in system root "/var/run" it's link to "/run"), "/run" not exists.

By: till

I guess you created a jailed shell user and not a normal shell user. When using MySQL on the command line with a jailed shell user, you have to use an IP based connection so that mysql connects over tcp ip trough the network stack as the mysql socket is not available in the jail that you created. So the command you should use is:


mysql -h -u myuser -p

By: moben58

my friends

i need your help

i installed my webserver debian apache as your instructions and it works perfectly!god bless you Till Brehm!

i just want to install my ssl certificate and everything fall! i bought my ssl certificate from namecheap and it seems very hard to install it for my website ,my certificate ssl is activated and everything seems fine ,i had a headeck to setup this ssl certificate

if someone know how to setup my website and ispconfig and ssl certificate from namecheap ,he is welcome!

By: till

Installation of SSL certs is really easy, go to the SSL tab of that website that you created in ispconfig and copy your SSL cert into the ssl cert field, your ssl key into the ssl key field, the ssl chain / bundle certificate in the ssl bundle field. Select 'save certificate as action and press the save button. That's all. The whole procedure is also explained with screenshots in the ISPConfig manual.

By: Gabriel

Good day.I followed the full tutorial.Once a mail account is created, I can receive messages without problems.But I have problems sending mail to other accounts, for example to Gmail.When I check mail errors in the ISPConfig, from "Mail files" -> "Show mail errors", I visualize: Jan 25 17:23:53 server1 amavis [7634]: (07634-09) (!!) AV: ALL VIRUS SCANNERS FAILEDI have followed all the steps of the tutorial, if someone has encountered a similar problem and has been able to solve it, I would be very grateful.

By: blokerd

I stubled upon a BUG, when installing on latest debian stretch 9.8, the installer of ispconfig detects wrongly the OS as Debian 8....

to fix this edit /etc/debian_version and chnage 9.8 to 9, then the installer detects OS version correct. I have noticed that it happens only with debian 9.8

By: till

Thank you for the notice. The issue has been fixed.

By: Joseba

Hi, I don't undenstand a what have to do in 22.1 index point. My machine is a proxmox vm.

By: Joseba

Hi, smf is not installing at all. Wordpress installs easily and works pretty fine. However smf  just do nothing. ISP 3.1 over debian 9 with apache2 a¡nd neither FastCGI, CGI or PHP-FPM

By: nick

for anyone who gets stuck at the certbot or see this comment before following this; install certbot with pip3


so if you've already installed certbot via apt-get, then purge it and everything certbot related. if you've already tried installing certbot with regular old pip then youre going to have to uninstall that as well, maybe might even have to manually remove it completely.


once thats done, apt-get python3-pip, then pip3 install certbot



you'll see no errors now.

thank me later, or now B)

By: AWStats Login

When I run it asks for a login. How do I configure the login for AWStats? It did not ask on install and it doesn't work with admin credentials?

By: till

You can set the password for the statistics logon on the stats tab of the website settings in ISPConfig.

By: Joe

where is the Virtual Machine version of this build?

By: till

See Big red download icon in the menu on the right side of the page, near the top.

By: 2FR3

Sorry for my poor english !

For status : /.../ systemd[1]: Failed to start MariaDB 10.1.37 database se /.../For logs : /.../ [ERROR] /usr/sbin/mysqld: unknown variable 'mode=NO_ENGINE_SUBSTITUTION' /.../

Please correct for last debian stable :

[mysqld]sql_mode="NO_ENGINE_SUBSTITUTION" <== Just after [mysqld]

If I can help some one !


By: till

There is no correction needed, the tutorial is fine for latest MariaDB version, you just made a typo in your own config. The variable is named 'sql-mode' and you typed just 'mode', please see the tutorial above.

By: prieto

when i type the following, i get "name or service not known" -- any tips? thanks

hostname -f

By: till

The short and FQDN hostname is missing or wrong in /etc/hosts file.

By: Marco

Thank you for this great manual. For sure it saved millions of hours, which are many human lives! On a brandnew Debian Stretch minimal installation it worked nearly flawless. A few issues i had...Quotaneeds a different setup for the BTRFS file system, which I choosed for. BTRFS comes by default with Quota support and commands. They look easy and simple, but I still need to figure them out right now.php -q install.php quitted complaining that the 'patch' command was missing. solved easy with "apt-get install patch".

By: till

ISPConfig does not support BTRFS Quota, you will not be able to limit the size of websites on your server.

By: MaxT

if anyone plain to use .pcre files or there is some .log error about .pcre dictionary then there is need to install postfix-pcre

# apt-get install postfix-pcre

and error is solved

By: Mario

PLEASE HELP-Server doesn't receives new e-Mails-

First: Thx for that perfect server tutorial.

Unfortunatly I have problems receiving e-Mails. Everything else works fine (perfect).I seems that I made a mistake in step 4: "Do not use a domain name without subdomain part like "" as hostname as this will cause problems later with your mail setup.". Instead of setting up like the tutorial said: localhost.localdomain localhost server1

I accidently screwed it up and it looked like this: localhost.localdomain localhost example

How can I solve this?I already tried to change the hostname with several hints from the web. But after reboot it is like before.SMTP is working. I can send emails. I also restored successfully mails from the old server with imapsync. They are shown in the mail client.Only Problem is: Server doesn't receives new e-Mails.

By: till

Change the hostname in /etc/hosts, /etc/hostname, /etc/mailname and /etc/postfix/ wherever it occurs and restart the server.

By: rares

Yep, right.

By: Mario

Thanks Till!

Your answer helped me to come to a solution for my problem.

If someone else trapped into the same issues, I want to give some hints here. After you followed my Fix-Instructions you should receive the following answers from hostname calls:


(For all examples I used:

Your FQDN :

Your Hostname : Server1

Your IP :


Hostname : Server1

Hostname -f (FQDN) :



### FILE HINTS ###

The following files should look like this:

(-EOF means End of File and is a marker. "-EOF" shouldn't appear in any of your files!)


Content of /etc/hosts localhost.localdomain localhost

# Auto-generated hostname. Please do not remove this comment.  server1

::1 localhost.localdomain localhost




Content of /etc/hostname







Content of /etc/mailname




### TODO HINTS ###


Don't follow googled tutorials how to change a hostname in debian. None worked for me but this way:

(used from command line / bash / ssh of your server)

Maybe one or more steps are redundant or not necessary, but they don't bust anything and with this way I solved my issues.


touch /etc/mailname                                                  - create if not there, and make "server1" the only content of it

postconf -e - change Postfix setup

hostname -b server1                  - change hostname

hostnamectl                 - shows actual settings

hostnamectl -set-hostname - set your true and correct hostname with hostname as subdomain

/etc/init.d/postfix restart                  - reboot wasn't necessary, Postfix restart did it



By: mario

PS: Forgotten Infos: 

In your/etc/postix/ there shall be the lines as following

mydestination =, localhost, localhost.localdomain

myhostname =



I hope this helps somebody, as I didn't found any explanation which information has to be inserted where. i.e. should "myhostname = " be server1, or, or just yourdomain and so on. At the end of the day I tried out and this values made it working.


By: till

myhostname should be set to But does not need to be edited at all when your server has correct hostname when you start with the tutorials as apt sets it correctly in then.

By: Werner

Plus change timezone accordingly in 1) your shell (do a dpkg-reconfigure tzdata  on command line) and 2) change timezone in ISPConfig eg as per  this ISPConfig3 info

By: Peter Oudenes



Can you explain how to change it? Because the whole tutor is so clear expect this part... :)




By: Peter

Hi All,

Did full install and eveything seems ok. Only when i want enable ssl letscrypt there is nothing going on. (do this in ISPconfig, Debian 9)


Can someone assist me?

By: till
By: Peter

Thanks. After the post i find out this as well

By: Peter Oudenes

Hi All,

I love the tutorial. I see in logs a error and dont know how to solve this:

Tue Apr  9 17:20:10 2019 -> Received signal: wake up

Tue Apr  9 17:20:10 2019 -> ClamAV update process started at Tue Apr  9 17:20:10 2019

Tue Apr  9 17:20:10 2019 -> WARNING: Your ClamAV installation is OUTDATED!

Tue Apr  9 17:20:10 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.2

Tue Apr  9 17:20:10 2019 -> DON'T PANIC! Read

Tue Apr  9 17:20:10 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

Tue Apr  9 17:20:10 2019 -> daily.cld is up to date (version: 25414, sigs: 1548262, f-level: 63, builder: raynman)


Tue Apr  9 17:20:10 2019 -> bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)

Can someone tell me how to update?



By: till

That's fine, nothing needs to be updated, the false ClamAV outdated warning exists for so many years now and they will probably never fix it, but we at howtoforge and many other websites explained it so so many times, please search first. The message tells you that it's already up to date, see 'main.cvd is up to date', 'daily.cld is up to date ' and 'bytecode.cvd is up to date' so you got the latest signatures and that's what matters. The outdated part means that ClamAV is not recognizing that it gets patched by the Linux distributions without raising the version number in the software, so you have the latest version from Debian installed but there might be a newer version available from the vendor but it is not recommended to install that newer vendor version as it might be unstable. Debian maintains and patches ClamAV, so just run 'apt-get update && apt-get upgrade' from time to time to keep your Debian system updated.

By: bforpc

Very well documentation.

Running fpr me out of the box.


By: Exordium

No problems building a new server. Thanks for the very good manual!

By: Mohammed Sufian

You are awesome.

I love the way you deliver your sentences, totally simple to understand and enjoyable.

Thanks for the hard work :-)

By: helmo

The `CRON=0` line in /etc/default/spamassassin might be something to add to section 9.

It's preventing sa-update to run from the default cronscript in /etc/cron.daily/spamassassin

By: Rodrigo Lemos

Perfect tutorial, I'm impressed!

By: ragnarok

I rarelly leave feedback behind but thanks so much for this project. I will start working it out and if it is all it says it is I will surely be supporting developers to continue the good work. If it doesn't I probably end up supporting you guys anyways. Great work!!! Thanks

By: brenryan

Followed instructions, created new mailbox.

Getting 'SMTP Error (-1): Connection to server failed.' after sending test email, not recieving incoming either...

Any suggestions much appreciated...

By: Rafal


I have to change/add hostmane when I have this (on OVH vps): vpsXXXXXX # replaced numbers with X marks localhost


# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

By: abde007

Hello, when i installed ISP apache failed to start and outputed these errors:

Jun 10 13:17:28 vps242743 apachectl[1989]: AH00526: Syntax error on line 43 of /etc/apache2/sites-enabled/000-apps.vhost:Jun 10 13:17:28 vps242743 apachectl[1989]: Invalid command 'SuexecUserGroup', perhaps misspelled or defined by a module not included in the server configuration

Jun 10 13:23:38 vps242743 apachectl[2274]: AH00526: Syntax error on line 61 of /etc/apache2/sites-enabled/000-ispconfig.vhost:Jun 10 13:23:38 vps242743 apachectl[2274]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

aparently these modules needed to be installed SSL and suexec

By: till

You missed installing or enabling the suexec module as shown in this tutorial (page 2, chapter 10). Please redo the apache install chapter to ensure that you installed all modules.

By: Claudio Hideki Imai

HI, there.I just followed these instructions, (and jumped a few steps, like installing anything related to mailing - postfix, roundcube, etc - since I won't use it) BUT, when I started installing ISPConfig, it showed the message "The patch command is missing. Install patch command and start installation again !!!"I already fixed it, but guess it would be good to have Florian030's answer here, too.The command is

apt install patch

By: majster

During installation onfresh  Debian 10, I've got this error:ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)I had to:- apt purge roudcube* - apt install default-mysql-server  - apt install roundcube roundcube-core roundcube-mysql roundcube-pluginsInstallation went successful then. I'm trying to configure it.

By: till

The headline of the tutorial clearly states that it is for Debian 9, it is not for Debian 10! So your issues are to be expected when you use a wrong OS version. To install ISPConfig on Debian 10, use the Debian 10 installation tutorial instead of the Debian 9 installation tutorial:

By: Leopoldo

 Hi, you can use your article to translate in Spanish. Of course with reference to the source to the original.

By: till

No, I'm sorry. Republishing and translation of HowtoForge tutorials is not permitted.

By: klncdc


J'ai fait l'installation sans problème et j'ai eu accès à ISPCONFIG mais après redémarrage, plus rien même pas le webmail à dire que tout marchait. J'ai essayé de redémarré apache2 mais pareil. Une idée ? L'installation est sur Proxmox avec un container Debian9.

Merci d'avance.

By: glz

after installing ISPconfig 3:PAM unable to dlopen( /lib/security/ cannot open shared object file: No such file or directory

And also web server is down. Can't even start it.

By: stargazer

FYI, this also works for Devuan Linux (Debian without SystemD). Just a few minor changes:

Section 8  Install Postfix, Dovecot, MySQL, rkhunter, and BinutilsFor Debianmkdir -p /etc/systemd/system/mysql.service.d/...systemctl daemon-reload(nothing for Devuan)Section 9 Install Amavisd-new, SpamAssassin, and ClamAVFor Debiansystemctl disable spamassassinFor Devuanupdate-rc.d spamassassin disable


By: Ismed Rizal

Hello Till, thank you for this tutorial..I need help, i create with two ethernet, 1 for public another for intranet.Can i access site from intranet??.. if can, how to access it.Thank You

By: Manager Web


This tutorial is the better I have seen. He works very well since 2 years but today I have a ssl error with Firefox : SEC_ERROR_EXPIRED_CERTIFICATE when I want to login in Ispconfig page admin.

What I can do ?

Thanks so lot for your help.

By: Luca


I have been using your guides for many years to set up perfect debian servers.

But this time there is something wrong!

I have repeatedly followed this guide, I have applied it to various cloud server providers, following step by step with extreme attention.

The result is always the same, an error in the operation of some sites. It's not a PHP version issue, the site that I highlight is a very simple html/php site that works great on free hosting.

You can see it on free hosting with PHP 7.3 to this link:

You can see in on "perfect server" simply to the following ip addresses:

They are less than 20 Mb inserted in the /var/www/html directory

Obviously I have found other anomalies with more complex sites made with Joomla and Wordpress CMS, that's why I decided to write to you.

I am sure in your reply and I look forward to it


By: till

I have several servers that use this setup and they are working perfectly fine, so there is no issue with the instructions above. You say you have PHP 7.3, but the PHP version of Debian 9 is PHP 7.0, so your server is not what gets installed by this tutorial. Either you are using a wrong Debian version, you probably use Debian 10 and this guide is for Debian 9 only, for Debian 10, there is a different guide:

Or you installed a PHP from another source on Debian 9 which is not used in this setup.


In any case, if you need further help, please post in the ISPConfig support forum here at howtoforge.

By: Luca


you probably didn't understand my poor english well.

I put the site on HOSTING FREE, and it works great with any version of PHP (I can change it) up to 7.3 !!!

So the site works well with all versions of PHP

You can see it to this link:

I run the same site on PERFECT SERVER (Debian 9 and PHP 7.0) and it doesn't work well.

I have created two PERFECT SERVER on two different Cloud Providers, Aruba and Hetzner , and the result is what you can see at the following two IP addresses:

if you follow my links, you can see the differences; to resolve with the customer, I bought a small paid hosting and site now works perfect.

I am sure in your reply and I look forward to it



By: till

I explained already that your problem is not related to the above tutorial as the above setup works fine on Debian 9 and Wordpress works perfectly on it, I host several WordPress sites myself on this exact setup at Hetzner. So whatever your problem is, it's neither a general ISPConfig issue nor an issue with the above setup in combination with WordPress. If you need further help to debug your server or website issue, post in the ISPConfig support forum. The comments section here is the wrong place.

By: Luca

The problem is that it is not a wordpress site. It's a simple PHP site! and it doesn't work well ...

I'm curious, I would send you the site in ZIP to see if it works well on your installation.

By: till

Post in the forum!

By: zack


I have a problem with my mail server roundcube wt ispconfig.

I can send mail through webmai roundcube or thunderbird, but I can't see new mail on INBOX (both of mail client), but no mail.log show about this.

I can read the new mail on /var/mail/$user.

Please give me some solution for this.