ISPConfig upgrade from 3.2.1 to 3.2.4

in a fit of trying things I used an existing cert from a site that had a valid cert and changed my hosts file to default to that website first entry to that hostname with the existing cert.  Now my ispconfig login is https://example.hostname.com:9999/login

 

However, after that I still had the 403 forbidden issue on the ispconfig 8080/login , but it was a different solution.  

 

Some reason I get this in /var/log/apache2/error.log: mod_ruid2 ERROR getgroups() failed on child init, ignoring supplementary group IDs

My fix/workaround is to use setfacl on the /usr/local/ispconfig/interface/web folder as follows
 

setfacl -R -m u:www-data:rwx /usr/local/ispconfig/interface/web

setfacl -R -m g:www-data:rwx /usr/local/ispconfig/interface/web

 

now my ispconfig login works again

before I was getting a 403 forbidden 

 

now , keep in mind, this is a workaround, myapache error logs still complain about ignoring supplementary group IDs , if I solve this I probably won't need the setfacl

 

here's getfacl on that folder, just to give you an idea of what it looks like.

└─ $ ▶ getfacl web
# file: web
# owner: ispconfig
# group: ispconfig
user::rwx
user:www-data:rwx
group::r-x
group:www-data:rwx
mask::rwx
other::---

with that said, my server upgrades forced PHP 8 as the default, I had to adjust symlinks to drop that back down to php 7.4 because ISPConfig is not yet ready for PHP 8.0

 

On 2021-04-18, Friend wrote :

To use the new certificate for ISPConfig, the easiest way is to simply soft-link the existing certs to the new ones. Then we don't need to change the vhost files. Do this:

cd /usr/local/ispconfig/interface/ssl
mv ispserver.crt ispserver.crt.old
mv ispserver.key ispserver.key.old
ln -s /etc/letsencrypt/live/example.hostname.com/fullchain.pem ispserver.crt
ln -s /etc/letsencrypt/live/example.hostname.com/privkey.pem ispserver.key
systemctl restart apache2