Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - DevLexicon

Pages: [1]
1
SSL / Re: Wrong Hostname? SSL Issue
« on: January 08, 2021, 12:33:28 AM »
Hello,

So I now have the proper "Common Name", and "Issuer" listing on the SSL! However, when going to the admin panel it still show that the connection is not secure. After some more digging I found another error which was to do with the "Intermediate/Chain certificate" and it not being found. With this, I noticed that the SSL was labeled as Self-Signed.

I have went through SSH and entered:
Code: [Select]
sh /usr/local/cwpsrv/htdocs/resources/scripts/generate_hostname_ssl
Which is how I was finally able to get the Common Name and Issuer to change!

Is there a way to use something like Let's Encrypt to properly install a SSL for the hostname and panels?!

Cheers,
Donald Louch from DevLexicon

2
SSL / Re: Wrong Hostname? SSL Issue
« on: January 03, 2021, 10:26:51 PM »
The hostname has to be different than an account on the system.

Also you have to log into Vultr and set the servers main IP to the hostname.

At Vultr, this is at:

Products -> (select your server) -> Settings -> Click on the pencil next to the Vultr default Reverse DNS.
Change it to your hostname, then click on the Checkmark to save.

Vultr has various time to update the rDNS. I've seen as fast as a couple minutes, to over an hour.

Then ALSO in your domains DNS, you have to have an A record for the hostname and IP.

Hope this answers your question.

Hello Starburst,

Thank you so much for your reply! I have done that and now the "under Server Settings > Change Hostname the "rDNS/PTR" section has my IP.vulter.com then in a orange square "FAILED"." issue now is fixed and now say's "SUCCESS" in green!

However, even after reinstalling the SSL through "Changing the Hostname" I still get a message saying the connection isn't secure.

I did click on the SSL Check that is listed beside "Your Hostname" text and it stats that "The Common Name" and the "Issuer" is my old hostname from before. How do I change those settings?

Thanks,
Donald Louch from DevLexicon

3
SSL / Re: Wrong Hostname? SSL Issue
« on: December 30, 2020, 02:33:36 PM »
can you check this log probably you reached rate limit 429
/root/.acme.sh/acme.sh.log

So I looked in the /root/.acme.sh/acme.sh.log and I had well over 5,000 lines of logged items. I'm not quite sure what I'm looking for?! I found lines that said code 400 and code 200 quite a bit. However, I don't believe I saw anything with code 429 or the wording of "Reached Rate Limit"?

Thanks,
Donald Louch from DevLexicon

4
SSL / Re: Wrong Hostname? SSL Issue
« on: December 30, 2020, 12:25:52 AM »
hostname should be like subdomain of your main domain and should have dns A record :
check this tutorial https://www.mysterydata.com/how-to-change-and-install-ssl-for-hostname-in-cwp-control-web-panel/

Thank you for your reply!

Nice article Sandeep! However, I have tried those steps and have the hostname/subdomain listed on my Vultr DNS with the right IP and everything.

I then just now, went in and changed the hostname again (from Server Settings > Change Hostname) and still having the same issue. However it now shows up with proper hostname on the certificate but still has the error of "Not a Secure Connection" and that
Quote
"This root certificate is not trusted."

5
SSL / Wrong Hostname? SSL Issue
« on: December 27, 2020, 08:24:45 PM »
Hello,

I've had issues with installing CWP. I created a thread already in the installation section. I have been successful though and fixed the main installation issues! It turned out that i had forgotten to change my hostname on Vulters end and the DNS on their systems. I have been able to transfer all my sites over and get proper SSLs installed!

However, on my CWP panels (admin and user, as well as mall and ftp) I seem to have a non-secure connection as the SSL is connected to the old Hostname. I did reinstall CWP with the new hostname and even entered that into the control panel (Server Settings > Change Hostname) and via. SSH. But when reissuing the SSL, the old hostname still pops up.

Furthermore, under Server Settings > Change Hostname the "rDNS/PTR" section has my IP.vulter.com then in a orange square "FAILED".

The "Your Hostname is: HOSTNAME and it resolves to IP: IPADDRESS" section has the correct hostname and IP and no known errors!

Am I missing a step?!

Thanks,
Donald Louch from DevLexicon

6
*TOCH WOOD* I think I fixed it? I just had the wrong hostname in my Vultr DNS and such!

7
I'm just going to try and reinstall CWP! Will update soon!

8
So I logged into the SSH and when running the following DNS status check I was met with:
Code: [Select]

# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2020-12-21 23:31:24 PST; 3min 41s ago
  Process: 10658 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
  Process: 10654 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Dec 21 23:31:24 {HOSTNAME} bash[10654]: zone DOMAINNAME/IN: loaded serial 2020121927
Dec 21 23:31:24 {HOSTNAME} named[10658]: usage: named [-4|-6] [-c conffile] [-d debuglevel] [-E engine] [-f|-g]
Dec 21 23:31:24 {HOSTNAME} named[10658]: [-n number_of_cpus] [-p port] [-s] [-S sockets] [-t chrootdir]
Dec 21 23:31:24 {HOSTNAME} named[10658]: [-u username] [-U listeners] [-m {usage|trace|record|size|mctx}]
Dec 21 23:31:24 {HOSTNAME} named[10658]: usage: named [-v|-V]
Dec 21 23:31:24 {HOSTNAME} named[10658]: named: unknown option '-`'
Dec 21 23:31:24 {HOSTNAME} systemd[1]: named.service: control process exited, code=exited status=1
Dec 21 23:31:24 {HOSTNAME} systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Dec 21 23:31:24 {HOSTNAME} systemd[1]: Unit named.service entered failed state.
Dec 21 23:31:24 {HOSTNAME} systemd[1]: named.service failed.

I'm thinking maybe there is something wrong with me /etc/named.conf file or maybe my DNS zones? I've looked in them all and to be honest I'm not sure if the /etc/named.conf is correct but the zones look good to me!

My /etc/named.conf file:
Code: [Select]
/*
 Sample named.conf BIND DNS server 'named' configuration file
 for the Red Hat BIND distribution.

 See the BIND Administrator's Reference Manual (ARM) for details about the
 configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
*/

options
{
        // Put files that named is allowed to write in the data/ directory:
        directory               "/var/named";           // "Working" directory
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        recursing-file          "data/named.recursing";
        secroots-file           "data/named.secroots";


        /*
          Specify listenning interfaces. You can use list of addresses (';' is
          delimiter) or keywords "any"/"none"
        */
        listen-on port 53     { any; };
        //listen-on port 53       { 127.0.0.1; };

        //listen-on-v6 port 53  { any; };
        //listen-on-v6 port 53    { ::1; };

              /*
          Access restrictions

          There are two important options:
            allow-query { argument; };
              - allow queries for authoritative data

            allow-query-cache { argument; };
              - allow queries for non-authoritative data (mostly cached data)

          You can use address, network address or keywords "any"/"localhost"/"none" as argument
          Examples:
            allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
            allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
        */

        allow-query             { any; };
        allow-query-cache       { localhost; };

        /* Enable/disable recursion - recursion yes/no;

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
         */
        recursion no;

        /* DNSSEC related options. See information about keys ("Trusted keys", bellow) */

        /* Enable serving of DNSSEC related data - enable on both authoritative
           and recursive servers DNSSEC aware servers */
        dnssec-enable yes;

        /* Enable DNSSEC validation on recursive servers */
        dnssec-validation yes;

        /* In RHEL-7 we use /run/named instead of default /var/run/named
           so we have to configure paths properly. */
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        managed-keys-directory "/var/named/dynamic";
};

logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "/var/named/named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "ns1.{NAMESERVER}" {type master;file "ns1.{NAMESERVER}.db";};
zone "ns2.{NAMESERVER}" {type master;file "ns2.{NAMESERVER}.db";};

zone "{HOSTNAME}" {type master;file "{HOSTNAME}.db";};

zone “{DOMAINNAME1}” {type master;file "{DOMAINNAME1}.db";};
zone "{DOMAINNAME2}" {type master;file "{DOMAINNAME2}.db";};
zone "{DOMAINNAME3}" {type master;file "{DOMAINNAME3}.db";};

And an example zone:
Code: [Select]
; Generated by CWP
; Zone file for {ZONEDOMAIN}
$TTL 14400
@    86400        IN      SOA     ns1.{NAMESERVER}. {HOSTNAME}. (
                                2020121940 ; serial, todays date+todays
                                3600            ; refresh, seconds
                                7200            ; retry, seconds
                                1209600         ; expire, seconds
                                86400 )         ; minimum, seconds
@       86400   IN      NS              ns1.{NAMESERVER}.
@       86400   IN      NS              ns2.{NAMESERVER}.
@                         IN A  {IPADDRESS}
localhost.{ZONEDOMAIN}. IN A  127.0.0.1
@                         IN MX 0     {ZONEDOMAIN}.

mail                    14400 IN CNAME {ZONEDOMAIN}.
smtp                    14400 IN CNAME {ZONEDOMAIN}.
pop                     14400 IN CNAME {ZONEDOMAIN}.
pop3                    14400 IN CNAME {ZONEDOMAIN}.
imap                    14400 IN CNAME {ZONEDOMAIN}.
webmail                 14400 IN A {IPADDRESS}
cpanel                  14400 IN A {IPADDRESS}
cwp                     14400 IN A {IPADDRESS}
www                     14400 IN CNAME {ZONEDOMAIN}.
ftp                     14400 IN CNAME {ZONEDOMAIN}.

_dmarc                  14400   IN      TXT     "v=DMARC1; p=none; pct=100; rua=mailto:admin@{ZONEDOMAIN}; ruf=mailto:admin@{ZONEDOMAIN}"
@                       14400   IN      TXT     "v=spf1 +a +mx +ptr +a:{ZONEDOMAIN} +mx:{ZONEDOMAIN} +ip4:{IPADDRESS} -all"

{SUBDOMAIN1}                    14400   IN      A       {IPADDRESS}  ; #subdomain {SUBDOMAIN1}     
www. {SUBDOMAIN1}                     14400   IN      A       {IPADDRESS}  ; #subdomain {SUBDOMAIN1}   
{SUBDOMAIN2}                    14400   IN      A       {IPADDRESS}  ; #subdomain {SUBDOMAIN2}     
www. {SUBDOMAIN2}                     14400   IN      A       {IPADDRESS}  ; #subdomain {SUBDOMAIN2}

9
There is a problem logging into the user panel. It is waiting for a long time and does not connect to the panel.

The user panel on port 2083 seems to still be working fine for me! However both admin panel (SSL and Non-SSL) are not loading and giving me errors such as
Code: [Select]
ERR_CONNECTION_REFUSED
and
Code: [Select]
ERR_SSL_PROTOCOL_ERROR.
When I also try loading any of the sites on my server (such as https://devlexicon.ca) I get the error
Code: [Select]
DNS_PROBE_FINISHED_NXDOMAIN. These error messages pop up as soon as go to the website.

we're checking if there is any issue if found there will be an update

Thanks!

10
I would suggest try to connect by IP instead of a domain for beginning.

Hello,

Thanks for your reply!

I have connected to the panels using both IP and hostname! Neither works.

Cheers,
Donald Louch from DevLexicon

11
The user panel at port 2083 is no longer working, now.

I've tried different firewalls and opened and closed all ports to see if that was the issue and it wasn't.

UPDATE: The user panel (and only user panel) is back up after disabling all firewalls. Websites and Admin panel are still down though.

12
Installation / Websites and Admin Panel No Longer Loading After Installing
« on: December 20, 2020, 12:14:26 AM »
Hello,

I'm not sure if this is the right forum?

I just installed CWP and was able to create all the users, domain names, emails, MySQL, and setup the base server from the Admin and User Control Panel!

I have uploaded all the files to the domain and MySQL!

However, none of the websites are working. I keep getting errors such as "This site can’t be reached. Refused to connect." "ERR_CONNECTION_REFUSED" or "DNS_PROBE_FINISHED_NXDOMAIN".

This is also now happening on port 8083. However, I can still access the User Panel on port 2083, PHPMyAdmin, Roundcube mail and that's all the server services that I've tried to access!

I have ran system checks on apache, NGIX, tried updating through YUM, disabled firewalls. And nothing seems to be working. I have setup the nameserver, hostname, and all that. It should be pointing to the right IP address!

My system is:
Vultr High Frequency:
2 vCPU, 4096 MB RAM, 128 GB NVMe, 3.00 TB Transfer
Running CentOS 7 x64

and using the Vultr built-in CWP application installation.

Does anyone know how I can fix this?!

Thanks,
Donald Louch from DevLexicon

Pages: [1]