ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2017-06-29T16:02:15Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4684Insufficient privilege check in sites module2017-06-29T16:02:15ZTill BrehmInsufficient privilege check in sites moduleA user that is logged into ISPConfig is able to view contact details of other users due to an insufficient privilege check in a file.A user that is logged into ISPConfig is able to view contact details of other users due to an insufficient privilege check in a file.3.1.5Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4679Certbot not working with itk-apache2017-06-28T15:21:01ZMichael WeissCertbot not working with itk-apacheDue to the filesystem-permissions of the "acme"-folder the webroot-validation will always fail if apache is run with the itk-mpm. This is because of the vhost is running with user and group of the web+client of the domain to be checked w...Due to the filesystem-permissions of the "acme"-folder the webroot-validation will always fail if apache is run with the itk-mpm. This is because of the vhost is running with user and group of the web+client of the domain to be checked which has no access to enter or read the "acme"-folder in ispconfig's frontend location. I suggest to move the folder from ispconfig's frontend to e.g. /var/www and change the permissions to 0755. The renew-config-files under /etc/letsencrypt/renewal should be adjusted accordingly.3.1.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4678Problems with autoinstaller (unattended setup)2017-06-28T15:15:20ZMichael WeissProblems with autoinstaller (unattended setup)If an ini-file is given as autoinstall file, the installer always tries to include a file named "autoinstall.ini". You might want to fix the parameter to file_get_contents() in line 117 of install.php. Furthermore there's a problem when ...If an ini-file is given as autoinstall file, the installer always tries to include a file named "autoinstall.ini". You might want to fix the parameter to file_get_contents() in line 117 of install.php. Furthermore there's a problem when querying the admin password (lines 549ff). If the admin password is defined in the autoinstall file, the installer interactively asks to re-enter the password since there is no check if the password came from the ini-file or was read interactively. This breaks unattended setups.3.1.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4676auth.log shows 0.0.0.0 as IP for IPv62017-06-26T10:14:21Zfireba11auth.log shows 0.0.0.0 as IP for IPv6> Successful login for user 'admin' from 0.0.0.0 at ...
Not helpful at all :-D> Successful login for user 'admin' from 0.0.0.0 at ...
Not helpful at all :-D3.1.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4667Websites UI / Let's Encrypt :: add Option to allow switching to fullchain.pem...2017-08-10T20:10:33ZTimo VolkmarWebsites UI / Let's Encrypt :: add Option to allow switching to fullchain.pem in favor of chain.pemISPC 3.1.3
Currently we had multiple customers on Mac OS (latest: Mac OS Sierra Vers. 10.12.4.- Safari Vers. 10.1.) that cannot connect to Let's Encrypt protected Domains.
A little search reveals it is an known issue of lets encrypt and...ISPC 3.1.3
Currently we had multiple customers on Mac OS (latest: Mac OS Sierra Vers. 10.12.4.- Safari Vers. 10.1.) that cannot connect to Let's Encrypt protected Domains.
A little search reveals it is an known issue of lets encrypt and - apparently - an simple fix for it. Simply the use of the LE given fullchain.pem instead of the chain.pem.
A) seems to fix the problem in every case.
b) seems not to interfere with other Users (OS/Browser)
Solution was as follows:
1. create in symlink to the fullchain-pem in the clients-ssl folder:
`/var/www/clients/clientX/webY/ssl/domain.example.com.pem -> /etc/letsencrypt/live/domain.example.com/fullchain.pem`
2. Inserting the new link as directive over the Interface overwriting in fact the default cert-Declaration.
Unfortunately the symlinks in the clients subfolder are not offering an link to the fullchain by default.
In fact the usage of chain.pem is nothring wrong, but faced with compatibility issue it seems maybe an good solution to add an option for that in an by page level.3.1.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4656SSL is not enabled in Nginx configuration for (sub)domains with alias domain2017-11-10T15:26:38ZAntalSSL is not enabled in Nginx configuration for (sub)domains with alias domainWebsite domain = **domain.tld ** or **sub.domain.tld** + alias domain = **domain.tld** > SSL is **not** activated in Nginx configuration
Website domain = **domain.tld** or **sub.domain.tld** + alias domain = **sub.domain.tld** > SSL is ...Website domain = **domain.tld ** or **sub.domain.tld** + alias domain = **domain.tld** > SSL is **not** activated in Nginx configuration
Website domain = **domain.tld** or **sub.domain.tld** + alias domain = **sub.domain.tld** > SSL is correctly activated in Nginx configuration
So the "listen *:443 ssl" is not added to the Nginx configuration when the alias domain is a 'parent' domain.3.1.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4633ispconfig 3.1.2: /etc/httpd/conf/sites-enabled does not get created2017-11-10T15:26:41ZJustinispconfig 3.1.2: /etc/httpd/conf/sites-enabled does not get createdOn install /etc/httpd/conf/sites-enabled is not created on Centos7.
This results in the following error during install:
ln: failed to create symbolic link '/etc/httpd/conf/sites-enabled/000-ispconfig.vhost': No such file or directoryOn install /etc/httpd/conf/sites-enabled is not created on Centos7.
This results in the following error during install:
ln: failed to create symbolic link '/etc/httpd/conf/sites-enabled/000-ispconfig.vhost': No such file or directory3.1.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4499Change column types of spamfilter_policy2017-11-10T15:26:46ZTill BrehmChange column types of spamfilter_policyChange column types of spamfilter_policy for compatibility with latest perl versions.
ALTER TABLE `spamfilter_policy` CHANGE `spam_tag_level` `spam_tag_level` DECIMAL(5,2) NULL DEFAULT NULL, CHANGE `spam_tag2_level` `spam_tag2_level` DE...Change column types of spamfilter_policy for compatibility with latest perl versions.
ALTER TABLE `spamfilter_policy` CHANGE `spam_tag_level` `spam_tag_level` DECIMAL(5,2) NULL DEFAULT NULL, CHANGE `spam_tag2_level` `spam_tag2_level` DECIMAL(5,2) NULL DEFAULT NULL, CHANGE `spam_kill_level` `spam_kill_level` DECIMAL(5,2) NULL DEFAULT NULL, CHANGE `spam_dsn_cutoff_level` `spam_dsn_cutoff_level` DECIMAL(5,2) NULL DEFAULT NULL, CHANGE `spam_quarantine_cutoff_level` `spam_quarantine_cutoff_level` DECIMAL(5,2) NULL DEFAULT NULL;3.1.5Till BrehmTill Brehm