ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2023-06-05T06:59:21Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5214relayhost without authentication (easy fix)2023-06-05T06:59:21ZGhost Userrelayhost without authentication (easy fix)## short description
Setting up a relayhost without username/password results in "smtp_sasl_auth_enable = yes", which means it is trying to authenticate to the relayhost, but cannot (nothing to authenticate with), hence a SASL authentica...## short description
Setting up a relayhost without username/password results in "smtp_sasl_auth_enable = yes", which means it is trying to authenticate to the relayhost, but cannot (nothing to authenticate with), hence a SASL authentication failure error from the relayhost.
## correct behaviour
No relayhost credentials provided shouldn't cause authentication to be tried.
## environment
Server OS: Debian
Server OS version: stretch (9.6)
ISPConfig version: 3.1.13
## proposed fix
When the username field is empty, do not flip the smtp_sasl_auth_enable setting, but leave it instead to its default of "smtp_sasl_auth_enable = no".3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5254Cronjob locking not working properly2020-09-08T12:51:04ZThomas Hellert.heller@timmehosting.deCronjob locking not working properly## short description
If a cronjob (e.g. website backups) is taking a really long time, it gets started again even though it is still running.
## correct behaviour
Cronjobs should be locked according to `running` status in `sys_cron`.
...## short description
If a cronjob (e.g. website backups) is taking a really long time, it gets started again even though it is still running.
## correct behaviour
Cronjobs should be locked according to `running` status in `sys_cron`.
## proposed fix
Is caused by `cronjob::run()` which will reset `running` status through `onCompleted()` after the first failed attempt. Will supply MR.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.1.0.03.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5331Disallow 0 as website harddisk quota value2019-07-05T10:16:12ZTill BrehmDisallow 0 as website harddisk quota valueDisallow 0 as website harddisk quota value as this is treated by the quota command as unlimited too while ISPConfig uses -1 as unlimited value.Disallow 0 as website harddisk quota value as this is treated by the quota command as unlimited too while ISPConfig uses -1 as unlimited value.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5146disabled reseller still may login2019-07-05T08:56:41ZTobias Wollowskidisabled reseller still may login## short description
A disables reseller is able to login into ispconfig
## correct behaviour
Login should be disabled
## environment
Server OS: debian
ISPConfig version: 3## short description
A disables reseller is able to login into ispconfig
## correct behaviour
Login should be disabled
## environment
Server OS: debian
ISPConfig version: 33.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5163Databases still exists on reseller delete2019-07-04T16:55:34ZWHODatabases still exists on reseller delete## short description
Reseller-Databases still exists in ISPConfig if a reseller will deleted. (Only assigned site will removed)
## correct behaviour
If a reseller is deleted the databases should removed too.
## environment
Server OS: (...## short description
Reseller-Databases still exists in ISPConfig if a reseller will deleted. (Only assigned site will removed)
## correct behaviour
If a reseller is deleted the databases should removed too.
## environment
Server OS: (debian)
Server OS version: (stretch)
ISPConfig version: (3.1.13 stable)
Server version: Apache/2.4.25 (Debian)
Server built: 2018-06-02T08:01:13
PHP 7.2.11-2+0~20181015120801.9+stretch~1.gbp8105e0 (cli) (built: Oct 15 2018 12:08:03) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.11-2+0~20181015120801.9+stretch~1.gbp8105e0, Copyright (c) 1999-2018, by Zend Technologies3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5248ISPConfig user login database record not created on percona DB2019-07-03T14:49:01ZTill BrehmISPConfig user login database record not created on percona DBhttps://www.howtoforge.com/community/threads/created-client-doesnt-have-user-login.81343/https://www.howtoforge.com/community/threads/created-client-doesnt-have-user-login.81343/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4946e-mail stats cronjob funktioniert nicht ( https://www.howtoforge.de/forum/thr...2019-07-03T12:02:17ZAndreas Weike-mail stats cronjob funktioniert nicht ( https://www.howtoforge.de/forum/threads/e-mail-konto-datenverkehr-ist-0mb.8806/ )E-Mail traffic wird nicht generiert. Der Fehler ist in /usr/share/ispconfig/server/lib/classes/cron.d/100-mailbox_stats.inc.php.
Im Anhang meine bearbeitete Version zur Prüfung.
Die Zeilen 194 bis 197 und 248 bis 250 sind die Änderungen...E-Mail traffic wird nicht generiert. Der Fehler ist in /usr/share/ispconfig/server/lib/classes/cron.d/100-mailbox_stats.inc.php.
Im Anhang meine bearbeitete Version zur Prüfung.
Die Zeilen 194 bis 197 und 248 bis 250 sind die Änderungen.[100-mailbox_stats.inc.php](/uploads/0ced0a8578cfeff07f3d1914e21dd777/100-mailbox_stats.inc.php)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4353Layout Issues2019-07-03T11:12:07ZSamuel SutherLayout IssuesThe new Layout is awesome. :Thanks a lot for this.
But here a Bug I've found... the dropdodwn-Field is much to small (on any view, not only on the "Server"-View) [here in Google Chrome on Linux]:
![Auswahl_090](/uploads/e88d229820532c590...The new Layout is awesome. :Thanks a lot for this.
But here a Bug I've found... the dropdodwn-Field is much to small (on any view, not only on the "Server"-View) [here in Google Chrome on Linux]:
![Auswahl_090](/uploads/e88d229820532c590fb01f9293db2b8d/Auswahl_090.jpg)
Here how to fix it:
![Auswahl_089](/uploads/8ab8ccfc11e5fb6f5ba0e9f02ae7b7b0/Auswahl_089.jpg)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5070Firewall > Character not allowed in tcp port definition2019-07-03T10:58:32ZAndreas B.Firewall > Character not allowed in tcp port definition## short description
What is happening and what is wrong with that?
Firewall Open TCP ports limit to 255 chars
## correct behaviour
What should happen instead?
`error message : "Character not allowed in tcp port definition. Allowed cha...## short description
What is happening and what is wrong with that?
Firewall Open TCP ports limit to 255 chars
## correct behaviour
What should happen instead?
`error message : "Character not allowed in tcp port definition. Allowed characters are numbers, ":" and ","."`
## environment
Server OS: Debian
Server OS version: jessie 8.11
ISPConfig version: 3.1.12 (define('ISPC_APP_VERSION', '3.1.12');)
If it might be related to the problem
no more output.
## references
https://www.howtoforge.de/forum/threads/firewall-character-not-allowed-in-tcp-port-definition.11141/#post-55559
## screenshots
![2018-07-03_15_55_14-ISPConfig](/uploads/bb16d9b46431b5ec4f03a0cf0a226de2/2018-07-03_15_55_14-ISPConfig.png)
## log entries
no entries3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5293If an email is submitted via SMTPUTF8 it will bounce2019-07-03T10:31:34ZPatrick GatterdamIf an email is submitted via SMTPUTF8 it will bounce## short description
If a email is accepted via SMTPUTF8 and amavis via port 10026 is used the email is bounced.
I think this happens if the mail is being forwarded.
## correct behaviour
amavis should announce SMTPUTF8 on port 10026 cor...## short description
If a email is accepted via SMTPUTF8 and amavis via port 10026 is used the email is bounced.
I think this happens if the mail is being forwarded.
## correct behaviour
amavis should announce SMTPUTF8 on port 10026 correctly, port 10024 is not affected
## environment
Server OS: (debian)
Server OS version: (stretch)
ISPConfig version: (3.1.13p1)
## proposed fix
remove this line from install/tpl/amavisd_user_config.master
```
smtpd_discard_ehlo_keywords => ['8BITMIME'],
```
## references
http://www.postfix.org/SMTPUTF8_README.html
```
Introduced with Postfix version 3.0, this fully supports UTF-8 email addresses and UTF-8 message header values.
```
https://www.ijs.si/software/amavisd/release-notes.txt
```
A SMTP response to an EHLO command will now announce SMTPUTF8 capability by default.
```
## log entries
```
relay=127.0.0.1[127.0.0.1]:10026, delay=0.2, delays=0.15/0/0.05/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host 127.0.0.1[127.0.0.1])
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5313Extend custom php.ini check regex2019-07-03T10:02:49ZTill BrehmExtend custom php.ini check regexhttps://forum.howtoforge.de/threads/fehler-invalid_custom_php_ini_settings_txt.11654/#post-57922https://forum.howtoforge.de/threads/fehler-invalid_custom_php_ini_settings_txt.11654/#post-579223.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5113PHP error in server config edit form when old PHP versions are used2019-06-26T14:09:13ZTill BrehmPHP error in server config edit form when old PHP versions are usedSee comments in #5063 for details.See comments in #5063 for details.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5129Syntax errors in PHP 5.3.32019-06-26T14:06:59ZTill BrehmSyntax errors in PHP 5.3.3There are some syntax errors in PHP 5.3.3 due to lack of new PHP array access function syntax:
https://www.howtoforge.com/community/threads/cant-generate-dkim-and-access-server-config.80015/There are some syntax errors in PHP 5.3.3 due to lack of new PHP array access function syntax:
https://www.howtoforge.com/community/threads/cant-generate-dkim-and-access-server-config.80015/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5033Renewal of letsencrypt does not restart/reload nginx2019-06-26T13:51:42ZRajko AlbrechtRenewal of letsencrypt does not restart/reload nginx## short description
When renew letsencrypt certificates from domains in nginx service the nginx service will not restart in debian9. So it may happen, that a non valid certificate is send by nginx to clients instead of the newly generat...## short description
When renew letsencrypt certificates from domains in nginx service the nginx service will not restart in debian9. So it may happen, that a non valid certificate is send by nginx to clients instead of the newly generated one.
## correct behaviour
After renew of letsencrypt nginx should be restarted. On a debian stretch with apache as webserver it works.
## environment
Server OS: Debian
Server OS version: Stretch
ISPConfig version: 3.1.11
```
nginx version: nginx/1.10.3
```
Not sure, but I think the problem is in `900-letsencrypt.inc.php` in line 71 - `systemctl force-reload nginx` does not work.
I had not tracked down what is realy send at this point but wouldn't be a `restart` better for nginx?
Bye
Rajko3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5326LE Renewal issue on systems that use the relative symlink option for websites2019-06-26T13:48:15ZTill BrehmLE Renewal issue on systems that use the relative symlink option for websitesThere is an issue with LE renewals when the relative symlinks option is on under system > server config > web. This option is off by default and only needed on some specific chrooted apache configurations, not used in any standard ISPCon...There is an issue with LE renewals when the relative symlinks option is on under system > server config > web. This option is off by default and only needed on some specific chrooted apache configurations, not used in any standard ISPConfig setup, so very few users are affected by this.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5258Let's Encrypt Cert file: does not exist.2019-05-13T16:08:06ZBart DorlandtLet's Encrypt Cert file: does not exist.## short description
While trying to enable a website with a LE certificate, it goes through the process, which all looks fine, except for the part it says: "Let's Encrypt Cert file: does not exist." (with debug enabled).
Therefore not ...## short description
While trying to enable a website with a LE certificate, it goes through the process, which all looks fine, except for the part it says: "Let's Encrypt Cert file: does not exist." (with debug enabled).
Therefore not enabling SSL (with LE) on the website.
Even though the LE certs are created in the correct directory.
## correct behaviour
The letsencrypt log shows the process where the certificate has been received. It is expected that ispconfig uses that certificate to enable the website with SSL.
## environment
Server OS: Debian
Server OS version: 9.7, stretch
ISPConfig version: 3.1.13
## log entries
/var/log/ispconfig/ispconfig.log
```
27.02.2019-13:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
27.02.2019-13:37 - DEBUG - Found 1 changes, starting update process.
27.02.2019-13:37 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
27.02.2019-13:37 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
27.02.2019-13:37 - DEBUG - Verified domain zwart-licht.nl should be reachable for letsencrypt.
27.02.2019-13:37 - DEBUG - Verified domain www.zwart-licht.nl should be reachable for letsencrypt.
27.02.2019-13:37 - DEBUG - Create Let's Encrypt SSL Cert for: zwart-licht.nl
27.02.2019-13:37 - DEBUG - Let's Encrypt SSL Cert domains: --domains zwart-licht.nl --domains www.zwart-licht.nl
27.02.2019-13:37 - DEBUG - exec: /opt/eff.org/certbot/venv/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@zwart-licht.nl --domains zwart-licht.nl --domains www.zwart-licht.nl --webroot-path /usr/local/ispconfig/interface/acme
27.02.2019-13:37 - DEBUG - Let's Encrypt Cert file: does not exist.
27.02.2019-13:37 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/zwart-licht.nl.vhost
27.02.2019-13:37 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web22.conf
27.02.2019-13:37 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
27.02.2019-13:37 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service
27.02.2019-13:37 - DEBUG - Apache status is: running
27.02.2019-13:37 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
27.02.2019-13:37 - DEBUG - Restarting httpd: systemctl restart apache2.service
27.02.2019-13:37 - DEBUG - Apache restart return value is: 0
27.02.2019-13:37 - DEBUG - Apache online status after restart is: running
27.02.2019-13:37 - DEBUG - Processed datalog_id 1344
27.02.2019-13:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
```
/var/log/letsencrypt/letsencrypt.log
```
2019-02-27 13:37:12,844:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/zwart-licht.nl and live directory /etc/letsencrypt/live/zwart-licht.nl created.
2019-02-27 13:37:12,844:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/zwart-licht.nl/cert.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/zwart-licht.nl/privkey.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/zwart-licht.nl/chain.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/zwart-licht.nl/fullchain.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/zwart-licht.nl/README.
2019-02-27 13:37:12,959:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x7f846dcbc4d0>
2019-02-27 13:37:13,086:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
2019-02-27 13:37:13,086:DEBUG:certbot.cli:Var webroot_map=set(['webroot_path']) (set by user).
2019-02-27 13:37:13,362:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
2019-02-27 13:37:14,026:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
2019-02-27 13:37:14,145:DEBUG:certbot.cli:Var rsa_key_size=4096 (set by user).
2019-02-27 13:37:14,779:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2019-02-27 13:37:14,875:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
2019-02-27 13:37:14,875:DEBUG:certbot.cli:Var account=set(['server']) (set by user).
2019-02-27 13:37:15,780:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/zwart-licht.nl.conf.
2019-02-27 13:37:15,781:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zwart-licht.nl/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/zwart-licht.nl/privkey.pem
```
CLI information
```
# pwd
/etc/letsencrypt/live/zwart-licht.nl
# ll
total 4,0K
lrwxrwxrwx 1 root root 38 feb 27 13:37 cert.pem -> ../../archive/zwart-licht.nl/cert1.pem
lrwxrwxrwx 1 root root 39 feb 27 13:37 chain.pem -> ../../archive/zwart-licht.nl/chain1.pem
lrwxrwxrwx 1 root root 43 feb 27 13:37 fullchain.pem -> ../../archive/zwart-licht.nl/fullchain1.pem
lrwxrwxrwx 1 root root 41 feb 27 13:37 privkey.pem -> ../../archive/zwart-licht.nl/privkey1.pem
-rw-r--r-- 1 root root 692 feb 27 13:37 README
# pwd
/etc/letsencrypt/renewal
# cat zwart-licht.nl.conf
# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/zwart-licht.nl
cert = /etc/letsencrypt/live/zwart-licht.nl/cert.pem
privkey = /etc/letsencrypt/live/zwart-licht.nl/privkey.pem
chain = /etc/letsencrypt/live/zwart-licht.nl/chain.pem
fullchain = /etc/letsencrypt/live/zwart-licht.nl/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = ***
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
rsa_key_size = 4096
webroot_path = /usr/local/ispconfig/interface/acme,
[[webroot_map]]
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5291Unable to initalize letsencrypt with subdomains2019-04-15T12:19:33ZRajko AlbrechtUnable to initalize letsencrypt with subdomains## short description
When setting up a site with auto subdomains enable of letsencrypt fails.
## environment
* Server OS: debian
* Server OS version: 9.8
* ISPConfig version: 3.1.13
* certbot: 0.33.1
* Apache/2.4.25 (Debian)
## Probl...## short description
When setting up a site with auto subdomains enable of letsencrypt fails.
## environment
* Server OS: debian
* Server OS version: 9.8
* ISPConfig version: 3.1.13
* certbot: 0.33.1
* Apache/2.4.25 (Debian)
## Problem behind
in `get_letsencrypt_certificate_paths` in `letsencrypt.inc.php` you try to read the related domains from renewal config files due reading the lines in section `[[webroot_map]]`
But sometimes (I don't know why) certbot does not write these lines into config file. So there is no certificate files given back to `request_certificates` and then letsencrypt is of course disabled.
A possible stable solution would, instead of parsing the config file of letsencrypt you may use the output of `certbot-auto certificates -d <maindomain> -d <subdomain> -d <subdomain>` which results always in a _single_ output of associated files like
```
Certificate Name: example.com
Domains: example.com www.example.com
Expiry Date: xxxxx (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
```
I think parsing such a small blob would be more stable then reading of config files.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5288Wrong permissions of dkim cert folder on CentOS 72019-04-08T16:34:07ZTill BrehmWrong permissions of dkim cert folder on CentOS 7The wrong permissions cause this error:
Error in config file "/etc/amavisd/amavisd.conf": Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkimThe wrong permissions cause this error:
Error in config file "/etc/amavisd/amavisd.conf": Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkim3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5275DNS Wizard does not add new zone2019-03-20T17:46:41ZTill BrehmDNS Wizard does not add new zoneThis issue existed in GIT stable branch temporarily only, the code was not part of any released version.This issue existed in GIT stable branch temporarily only, the code was not part of any released version.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5219Run getmail only on master when server is a mirror2019-03-05T17:03:53ZTill BrehmRun getmail only on master when server is a mirrorhttps://www.howtoforge.com/community/threads/getmail-catch-emails-duplicate-on-servers-in-cluster.81076/https://www.howtoforge.com/community/threads/getmail-catch-emails-duplicate-on-servers-in-cluster.81076/3.1.14