ISPConfig upgrade from 3.2.1 to 3.2.4

in a fit of trying things I used an existing cert from a site that had a valid cert and changed my hosts file to default to that website first entry to that hostname with the existing cert.  Now my ispconfig login is


However, after that I still had the 403 forbidden issue on the ispconfig 8080/login , but it was a different solution.  


Some reason I get this in /var/log/apache2/error.log: mod_ruid2 ERROR getgroups() failed on child init, ignoring supplementary group IDs

My fix/workaround is to use setfacl on the /usr/local/ispconfig/interface/web folder as follows

setfacl -R -m u:www-data:rwx /usr/local/ispconfig/interface/web

setfacl -R -m g:www-data:rwx /usr/local/ispconfig/interface/web


now my ispconfig login works again

before I was getting a 403 forbidden 


now , keep in mind, this is a workaround, myapache error logs still complain about ignoring supplementary group IDs , if I solve this I probably won't need the setfacl


here's getfacl on that folder, just to give you an idea of what it looks like.

└─ $ ▶ getfacl web
# file: web
# owner: ispconfig
# group: ispconfig

with that said, my server upgrades forced PHP 8 as the default, I had to adjust symlinks to drop that back down to php 7.4 because ISPConfig is not yet ready for PHP 8.0


On 2021-04-18, Friend wrote :

To use the new certificate for ISPConfig, the easiest way is to simply soft-link the existing certs to the new ones. Then we don't need to change the vhost files. Do this:

cd /usr/local/ispconfig/interface/ssl
mv ispserver.crt ispserver.crt.old
mv ispserver.key ispserver.key.old
ln -s /etc/letsencrypt/live/ ispserver.crt
ln -s /etc/letsencrypt/live/ ispserver.key
systemctl restart apache2


PHP / Compatibility

If ISPCONFIG does not work with the latest version of php, you can choose the version in force globally in the system.

update-alternatives --config php
update-alternatives --config php-cgi

Reboot with the prod clone (backup system) keeping the static IP address of prod:

vi /etc/network/interfaces;   # set the correct adapter according to the server.

vi netplan/01-netcfg.yaml

  version: 2
  renderer: networkd
      dhcp4: no
      addresses: []
        addresses: [,]

change enp5s0 to enp6s0