1. Documentation publique
  2. Linux
  3. ISPConfig
  4. ISPConfig upgrade from 3.2.1 to 3.2.4

ISPConfig upgrade from 3.2.1 to 3.2.4

Submitted by entreprise7pro on Sun, 04/18/2021 - 22:49

in a fit of trying things I used an existing cert from a site that had a valid cert and changed my hosts file to default to that website first entry to that hostname with the existing cert.  Now my ispconfig login is https://example.hostname.com:9999/login

 

However, after that I still had the 403 forbidden issue on the ispconfig 8080/login , but it was a different solution.  

 

Some reason I get this in /var/log/apache2/error.log: mod_ruid2 ERROR getgroups() failed on child init, ignoring supplementary group IDs

My fix/workaround is to use setfacl on the /usr/local/ispconfig/interface/web folder as follows
 

setfacl -R -m u:www-data:rwx /usr/local/ispconfig/interface/web

setfacl -R -m g:www-data:rwx /usr/local/ispconfig/interface/web

 

now my ispconfig login works again

before I was getting a 403 forbidden 

 

now , keep in mind, this is a workaround, myapache error logs still complain about ignoring supplementary group IDs , if I solve this I probably won't need the setfacl

 

here's getfacl on that folder, just to give you an idea of what it looks like.

└─ $ ▶ getfacl web
# file: web
# owner: ispconfig
# group: ispconfig
user::rwx
user:www-data:rwx
group::r-x
group:www-data:rwx
mask::rwx
other::---

with that said, my server upgrades forced PHP 8 as the default, I had to adjust symlinks to drop that back down to php 7.4 because ISPConfig is not yet ready for PHP 8.0

 

On 2021-04-18, Friend wrote :

To use the new certificate for ISPConfig, the easiest way is to simply soft-link the existing certs to the new ones. Then we don't need to change the vhost files. Do this:

cd /usr/local/ispconfig/interface/ssl
mv ispserver.crt ispserver.crt.old
mv ispserver.key ispserver.key.old
ln -s /etc/letsencrypt/live/example.hostname.com/fullchain.pem ispserver.crt
ln -s /etc/letsencrypt/live/example.hostname.com/privkey.pem ispserver.key
systemctl restart apache2

 

PHP / Compatibility

If ISPCONFIG does not work with the latest version of php, you can choose the version in force globally in the system.

update-alternatives --config php
update-alternatives --config php-cgi

Reboot with the prod clone (backup system) keeping the static IP address of prod:

vi /etc/network/interfaces;   # set the correct adapter according to the server.

vi netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    enp5s0:
      dhcp4: no
      addresses: [45.73.49.155/29]
      gateway4: 45.73.49.153
      nameservers:
        addresses: [24.200.241.37,24.200.243.189]


change enp5s0 to enp6s0