Posts by fulltilt

fulltilt · Jun 10th 2024

Quote from Athar

Just did a check on my system and yeah, I confirm this is still working for newly added domain on my end.

On an "old" one, I got one cert from R3+Root X1.
On the new test domain created yesterday night (and certificate just a few minutes ago), got it from E6+Root X1.

But you seems to have fixed it, it's fine for now 😁

Display More

I can confirm that (but E5 instead of E6) a new one from yesterday shows E5 and previous certs R3.

However, I can't see any problems at the moment ...

I have also checked certs & letsencrypt tables w/ status OK everywhere

do you think it could cause problems with future renewal tasks?

### edit ###

I see that any other non-imscp system also shows R3, so I guess everything is fine!

fulltilt · Jun 10th 2024

Quote from theqkash

Not working as well on Ubuntu.
I'll try to fix it in different way.

Edit:
What I've done finally:
- backed up changes in code which was made here: LetsEncrypt - SSL certificate is not valid
- imported new SSL certs to OS from some newer Ubuntu
- made kess certbot setup way

Now it's working great.

Anyway, time to make moving out faster.

Display More

first, you have to restore the previously modified files to their original state, afterwards perform the classic certbot setup

fulltilt · Jun 8th 2024

Quote from theqkash

fulltilt I did it that way before:
LetsEncrypt - SSL certificate is not valid

So probably it's time to change it for new version of certbot, as moving out all the instances of i-MSCP is not done by me yet.

try the classic certbot setup by kess

LetsEncrypt - SSL certificate is not valid

fulltilt · Jun 8th 2024

Quote from theqkash

I've generated new certs today for new addresses, it says "Invalid SSL Certificate" in table, and certificate is not attached to domain. No way to do it, I'll do some bypasses for remaining machines.

have you installed the classic certbot as described here?

LetsEncrypt - SSL certificate is not valid

maybe the symlinks are broken ...

Code

which certbot
which -a certbot

fulltilt · Jun 7th 2024

Quote from theqkash

All the situation happened again on old ubuntu's (while we cannot get any new), as Let's Encrypt changed SSLs again: https://letsencrypt.org/certificates/ .
I guess it's final time to move along somewhere.

it shows:

ISRG Root X1 - Validity: until 2030-06-04

I see no problems with Debian ... yet

fulltilt · Jan 18th 2023

Quote from victor531

Hi, I haven't been here for a long time but now I have a problem with my server and I need a little help.

Suddenly the php service stops working (php service not responding) and the websites shows an 503 error. I have checked the php logs and it shows nothing, also I have checked the domain error logs and it only shows some warnings.

Restarting the service it works again (systemctl restart php7.1-fpm.service)

I need help to know where to look or how I can find the script that makes the php stop working.
Logs checked:
var/log/apache2/domain.com/error.log
var/log/php7.1-fpm.log
var/log/syslog

Any help is appreciated
Thanks in advance

Victor

My server
RAM: 4GB
CPU: 2
S.O.: Debian 9.13
Panel Version = 1.5.3
Build = 2018120800 - CodeName = Ennio Morricone
PHP_SERVER = php7.1
PHP mod = php-fpm
SQL_SERVER = mysql_5.7

Display More

check /etc/php/7.1/fpm/pool.d/* for orphaned domain config files and delete them, then restart the service

fulltilt · Nov 25th 2022

Quote from gOOvER

https://www.hestiacp.com/

Wird aktiv weiterentwickelt und man muss nicht für kostenlose dinge wie LE zahlen. Keyhelp ist nett, aber man ist wieder von nur einem Entwickler anhängig und ist in keinster weise OpenSource, da der komplette Quelltext verschlüsselt ist.

Denke, so langsam sollte jeder einsehen, das i-MSCP ebenso Tod ist und man sollte schleunigst wechseln.

An sich ist hestiacp nicht übel, die Client GUI ist für meinen Geschmack etwas unübersichtilich ... aber OK.

Was mich allerdings stört ... es gibt da leider immer wieder massive Sicherheits- Lücken (CVE):

https://www.cvedetails.com/vul…or_id-23032/Hestiacp.html

https://vuldb.com/?product.hestiacp

fulltilt · Nov 18th 2022

is there a way to install modsecurity (min. v. 2.9.6) via backports on Debian11 and Ubuntu 18.04 LTS?

fulltilt · Aug 13th 2022

Quote from sgumbert

I'm currlently trying to install the latest i-mscp maintenance checkout from git on an Ubuntu 22.04 machine. In addition to

please try:

Please help - update i-MSCP to run on new system

this mod works for me w/ debian 11

Code

nano /usr/local/src/imscp-1.5.3-maintenance-joxi/bind_postinst.sh
replace everything with:
#!/bin/sh
# i-MSCP - internet Multi Server Control Panel
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
set -e
if [ -f /etc/init.d/named ]; then
/usr/bin/find /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/bind/bind.data.dist -type f -exec sed -i 's|bind9|named|g' {} \;
fi
if [ -f /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/systemd/bind9.service ]; then
/usr/bin/find /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/systemd/bind9.service -type f -exec sed -i 's|bind9|named|g' {} \;
fi
if [ -f /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/systemd/bind9.service ]; then
/usr/bin/find /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/systemd/bind9.service -type f -exec sed -i 's|multi-user.target|named.service|g' {} \;
fi
if [ -f /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/systemd/bind9-resolvconf.service ]; then
/usr/bin/find /usr/local/src/imscp-1.5.3-maintenance-joxi/configs/debian/systemd/bind9-resolvconf.service -type f -exec sed -i 's|bind9.service|named.service|g' {} \;
fi
if [ -f /etc/default/bind9 ]; then
/usr/bin/mv /etc/default/bind9 /etc/default/named
fi
if [ -f /etc/systemd/system/bind9-resolvconf.service ]; then
/usr/bin/rm /etc/systemd/system/bind9-resolvconf.service
fi
if [ -f /etc/systemd/system/bind9.service ]; then
/usr/bin/rm /etc/systemd/system/bind9.service
fi
if [ -f /lib/systemd/system/bind9.service ]; then
/usr/bin/mv /lib/systemd/system/bind9.service /lib/systemd/system/named.service
fi
if [ -f /lib/systemd/system/bind9-resolvconf.service ]; then
/usr/bin/mv /lib/systemd/system/bind9-resolvconf.service /lib/systemd/system/named-resolvconf.service
fi
if [ -f /lib/systemd/system/named.service ]; then
/usr/bin/find /lib/systemd/system/named.service -type f -exec sed -i 's|bind9|named|g' {} \;
fi
if [ -f /lib/systemd/system/named.service ]; then
/usr/bin/find /lib/systemd/system/named.service -type f -exec sed -i 's|multi-user.target|named.service|g' {} \;
fi
if [ -f /lib/systemd/system/named-resolvconf.service ]; then
/usr/bin/find /lib/systemd/system/named-resolvconf.service -type f -exec sed -i 's|bind9.service|named.service|g' {} \;
fi
/usr/bin/ln -s /lib/systemd/system/named-resolvconf.service /etc/systemd/system/bind9-resolvconf.service
/usr/bin/ln -s /lib/systemd/system/named.service /etc/systemd/system/bind9.service
if [ -f /etc/default/named ]; then
/usr/bin/find /etc/default/named -type f -exec sed -i 's|OPTIONS="-u bind"|OPTIONS="-u bind -4"|g' {} \;
/usr/bin/find /etc/default/named -type f -exec sed -i 's|OPTIONS="-4 -u bind"|OPTIONS="-u bind -4"|g' {} \;
fi
/usr/bin/systemctl daemon-reload

Display More

fulltilt · Aug 8th 2022

it seems AppArmor causes errors with bind when using debian 11 (and other new systems) ...

e.g.

Add function to configure AppArmor (needed to allow use of /etc/bind for zone files)

https://git.ispconfig.org/ispc…2529ffbddc17bc9966?page=2

Posts by fulltilt

LetsEncrypt - SSL certificate is not valid

LetsEncrypt - SSL certificate is not valid

LetsEncrypt - SSL certificate is not valid

LetsEncrypt - SSL certificate is not valid

LetsEncrypt - SSL certificate is not valid

php 7.1 malfunction (php service not responding)

Alternativen zu i-MSCP?

modsecurity v. 2.9.6 backports for debian10 & ubuntu 18.04 lts?

HowTo: I-MSCP 1.5.3 installation on Debian 10

HowTo: I-MSCP 1.5.3 installation on Debian 10