in a fit of trying things I used an existing cert from a site that had a valid cert and changed my hosts file to default to that website first entry to that hostname with the existing cert. Now my ispconfig login is https://example.hostname.com:9999/login
However, after that I still had the 403 forbidden issue on the ispconfig 8080/login , but it was a different solution.
Some reason I get this in /var/log/apache2/error.log: mod_ruid2 ERROR getgroups() failed on child init, ignoring supplementary group IDs
My fix/workaround is to use setfacl on the /usr/local/ispconfig/interface/web folder as follows
setfacl -R -m u:www-data:rwx /usr/local/ispconfig/interface/web
setfacl -R -m g:www-data:rwx /usr/local/ispconfig/interface/web
now my ispconfig login works again
before I was getting a 403 forbidden
now , keep in mind, this is a workaround, myapache error logs still complain about ignoring supplementary group IDs , if I solve this I probably won't need the setfacl
here's getfacl on that folder, just to give you an idea of what it looks like.
└─ $ ▶ getfacl web
# file: web
# owner: ispconfig
# group: ispconfig
with that said, my server upgrades forced PHP 8 as the default, I had to adjust symlinks to drop that back down to php 7.4 because ISPConfig is not yet ready for PHP 8.0
On 2021-04-18, Friend wrote :
To use the new certificate for ISPConfig, the easiest way is to simply soft-link the existing certs to the new ones. Then we don't need to change the vhost files. Do this:cd /usr/local/ispconfig/interface/ssl mv ispserver.crt ispserver.crt.old mv ispserver.key ispserver.key.old ln -s /etc/letsencrypt/live/example.hostname.com/fullchain.pem ispserver.crt ln -s /etc/letsencrypt/live/example.hostname.com/privkey.pem ispserver.key systemctl restart apache2
PHP / Compatibility
If ISPCONFIG does not work with the latest version of php, you can choose the version in force globally in the system.
update-alternatives --config php update-alternatives --config php-cgi
Reboot with the prod clone (backup system) keeping the static IP address of prod:
vi /etc/network/interfaces; # set the correct adapter according to the server. vi netplan/01-netcfg.yaml network: version: 2 renderer: networkd ethernets: enp5s0: dhcp4: no addresses: [22.214.171.124/29] gateway4: 126.96.36.199 nameservers: addresses: [188.8.131.52,184.108.40.206] change enp5s0 to enp6s0