This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
136
E-Mail / Re: smtpauth not working for me.
« on: December 15, 2021, 10:28:39 PM »
So you have problem with SNI configuration in postfix.
Check you have the following configuration enabled in /etc/postfix/main.cf :
...and make sure all domains you have (included 'mail.grannydriver.com') in the file '/etc/postfix/vmail_ssl.map'.
Check you have the following configuration enabled in /etc/postfix/main.cf :
Code: [Select]
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
...and make sure all domains you have (included 'mail.grannydriver.com') in the file '/etc/postfix/vmail_ssl.map'.
137
CSF Firewall / Re: Spamhaus in CSF Firewall
« on: December 15, 2021, 10:14:14 PM »
Yes.
Check the file '/etc/csf/csf.blocklists'. You can enable three lists:
SPAMDROP
SPAMEDROP
SPAMDROPV6
Regards,
Netino
Check the file '/etc/csf/csf.blocklists'. You can enable three lists:
SPAMDROP
SPAMEDROP
SPAMDROPV6
Regards,
Netino
138
CSF Firewall / Re: Firewall Disabled (CSF cannot be started suddenly)
« on: December 10, 2021, 11:18:39 PM »(...)
However, I have installed a whole new server and the CSF there is running well, but it is not banning anything. The file /var/lib/csf/csf.tempban is empty
The file csf.tempban is just for temp bans.
Did you try to temp block any address, or permanent block?
139
CentOS 7 Problems / Re: Clients cannot login - uerror
« on: December 09, 2021, 11:35:33 PM »(...)
How to check if /home/USER/tmp/ is locked?
(...)
To just check if you have your files locked, issue the following command:
Code: [Select]
# lsattr /home/USER/tmp/
Regards,
Netino
140
E-Mail / Re: smtpauth not working for me.
« on: December 09, 2021, 11:28:12 PM »
Your server is responding with domain "www.grannydriver.com", not "mail.grannydriver.com":
This suggests that you need to configure a additional certificate, for "mail.grannydriver.com", in addition to other domains you use.
Regards,
Netino
Code: [Select]
# openssl s_client -crlf -servername mail.grannydriver.com -connect mail.grannydriver.com:465
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.grannydriver.com
verify return:1
---
Certificate chain
0 s:/CN=www.grannydriver.com
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAy1c+T30Hq0QxG1AgMrf/eb2MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDYxMzI2NDVaFw0yMjAzMDYxMzI2NDRaMB8xHTAbBgNVBAMT
FHd3dy5ncmFubnlkcml2ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA5LJVpmxdDxioBXUQs3CHZEHvrHK1iHgyZ3NDj2XMdNBkae1TroZgEiJH
nb4wo2XRfCYlZu4iLCmd86sjnwO8xjI4VLQylvoKAYBllWgXUy9sc7nRYNo5pWiP
fKshcAjyeHtIkfX9KFYnpBQqqGdgk+QPnZG89OPAZdhmasl0airdvZ3BR1KFpEDH
9oEzOIN9lZxCuOTxAdUzbhDzI9svMwi6/NVHKEeNS/+5pO05tvCRZ7D41miDx62g
Fu5ayg+i3JtrucpLIMp6Vxd3koh6sN9Roq3QoZuCUU07Bs9UE7aYFpUcxeRclcu1
B/ZATL6D4UK3YrkxaAS+BAmVXOt1BQIDAQABo4ICdjCCAnIwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBS1wiCY1ZdYvJu2oG9RJPJVtEP0CjAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzBIBgNVHREEQTA/ghBncmFubnlkcml2ZXIuY29tghVtYWlsLmdyYW5u
eWRyaXZlci5jb22CFHd3dy5ncmFubnlkcml2ZXIuY29tMEwGA1UdIARFMEMwCAYG
Z4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMu
bGV0c2VuY3J5cHQub3JnMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAQcjKsd8i
RkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF9kCPPlQAABAMARjBEAiBkbDdF
4bK2bsm5rbZR4gBM7R5piXWC3RC3FVMXhBsGzgIgaOgWnvdAOKUWgzZvSgt9gtE/
3WrpA8ujgFvx69acX8oAdQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3H
hAAAAX2QI8+IAAAEAwBGMEQCIB+R6SC4K8ZnaLx2bfXgUR7cSF7tuSv/OlEGiO25
hXi1AiBZz/CWruKNuk1t1wzFRAFwimFwxMa15syTkLg2RKawQzANBgkqhkiG9w0B
AQsFAAOCAQEAgEtCO6DqfOVGCXueRtj3+6qfsL7xqPcsFn/yXDV1pronetiHpHMr
hzew5C81guGslzHtLaMHbh6DGGE4hkdYgfGn7NF9EQ4DHO1muuvoJGeFef8SJOln
DRq2CY+qlgPct0uhuJAwGP6tpssr6KGD3Lnkd2qFcOa7dDVmzTelLQeJ1wBIZwYo
HCJv+VhIEzBxNBuNf+UJjtGWbJGYhz/bcAUf4w+Kc1/1ED5na2w2jeTW6wnAAq/O
QSulyYBEtVakt4D0jGkATrFf0C3yFMuBQkm37PGxVPFiF59wh4gqjinRwM88zNub
u6A9Nlxi6yyqpGLVUUqO93bmmDb7yCRIpw==
-----END CERTIFICATE-----
subject=/CN=www.grannydriver.com
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4751 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 521A1C63857F51F18148ECE661E290716C20E600C947D8FDA9F4FAA12FEB89CD
Session-ID-ctx:
Master-Key: 8F4BA1D0A7D47069BB9A1E006D4C5BDE7A2EFEF24022042038EDFD49DF272B53A4676C66407D018E3C2D76D593E2ED21
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b7 51 6e e1 c0 5b 8e 4a-92 3d 84 6d ec be f2 fb .Qn..[.J.=.m....
0010 - be 9f 39 4e 6c 15 70 93-a5 e3 59 32 cb f9 fa bc ..9Nl.p...Y2....
0020 - 51 d6 8c 21 88 64 da d8-1d bc f3 02 d9 6d f5 bc Q..!.d.......m..
0030 - 90 62 d0 a6 f9 03 52 c5-c3 b1 b5 30 37 68 e2 f3 .b....R....07h..
0040 - 6d 39 97 f8 b2 51 ab 20-4e c0 99 2d b2 61 32 7b m9...Q. N..-.a2{
0050 - 0e a1 2a ad 66 8e 83 1b-08 5c d2 e3 99 69 0b 03 ..*.f....\...i..
0060 - 66 fc d1 fb d0 a2 33 c9-47 27 d1 da 2f 4a a6 11 f.....3.G'../J..
0070 - fa a0 59 4c 0e 5f 41 dd-80 cc f5 a8 c0 bc e3 74 ..YL._A........t
0080 - 7a 31 44 96 94 4b b5 29-cf e4 0c 4b ad 58 af f7 z1D..K.)...K.X..
0090 - a3 68 4d 2a 40 2a d4 d2-57 99 38 e0 8c d1 c1 d7 .hM*@*..W.8.....
00a0 - 72 28 20 67 8c ca ff 68-68 ab 01 be 48 80 9c 44 r( g...hh...H..D
00b0 - c1 b6 49 12 bb 99 9a 81-8e b5 85 de 9e 57 e2 b1 ..I..........W..
Start Time: 1639091792
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
220 server.companiondriver.com ESMTP Postfix
quit
221 2.0.0 Bye
closed
This suggests that you need to configure a additional certificate, for "mail.grannydriver.com", in addition to other domains you use.
Regards,
Netino
141
SSL / Re: how to enable nginx QUIC HTTP/3?
« on: December 09, 2021, 11:08:30 PM »Would you like to know how to enable http2 + quic in nginx?
(...)
is someone already using it?
Cool!
This may be a site configuration problem.
Check you site is using correct templates, in CWP panel at "WebServer Settings -> WebServers Main Conf" for config all sites in your server, or "WebServer Settings -> WebServers Domain Conf" for a specific site config. These two menus rebuild configuration to use the correct certificate locations in your server.
Regards,
Netino
142
SSL / Re: Broken Chain intermediate certs
« on: December 09, 2021, 10:49:38 PM »
Try to manually upgrade openssl with the following excellent tutorial (by enabling TLS 1.3):
https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/
Regards,
Netino
https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/
Regards,
Netino
143
CSF Firewall / Re: Firewall Disabled (CSF cannot be started suddenly)
« on: December 09, 2021, 10:46:16 PM »
I had problems with upgraded csf yesterday, in temp bans.
What output you have for the following command?:
If you have problems too with temp bans, check your file: /var/lib/csf/csf.tempban
The format of this file must be:
$time|$ip|$port|$inout|$timeout|$message
If you see something strange there, correct it, and restart your firewall.
Regards,
Netino
What output you have for the following command?:
Code: [Select]
csf -r
If you have problems too with temp bans, check your file: /var/lib/csf/csf.tempban
The format of this file must be:
$time|$ip|$port|$inout|$timeout|$message
If you see something strange there, correct it, and restart your firewall.
Code: [Select]
csf -r
Regards,
Netino
144
Updates / Re: yum nginx update failed
« on: November 20, 2021, 07:39:27 PM »
The problem probably you have two repositories for nginx binaries (possibly CentOS and nginx repositories).
I had the exact same problem, and was needed to remove and downgrade the nginx version to a working version:
A *serious* problem:
Be careful and make sure you have the configuration file backed up ('/etc/nginx/nginx.conf'), because it will erase that file.
You will need to restore this file from backup, to keep the new downgraded binary nginx working.
Regards,
Netino
I had the exact same problem, and was needed to remove and downgrade the nginx version to a working version:
Code: [Select]
# yum remove nginx
# yum install nginx-1.20.1-1.el7.ngx
May be needed remove other nginx packages too.A *serious* problem:
Be careful and make sure you have the configuration file backed up ('/etc/nginx/nginx.conf'), because it will erase that file.
You will need to restore this file from backup, to keep the new downgraded binary nginx working.
Regards,
Netino
145
CentOS 7 Problems / Re: nGINX ONLY ssl_error_rx_record_too_long
« on: November 20, 2021, 07:30:31 PM »
You can compile nginx from sources based in the current nginx binary, with command:
From there, you can compile a new binary with exact same parameters, or even with new modules.
The problem would be know what binary version are you using, if upgraded and changed, or not.
If you know what binary version is correct, chack that command.
Code: [Select]
# nginx -V
("V" is uppercase)From there, you can compile a new binary with exact same parameters, or even with new modules.
The problem would be know what binary version are you using, if upgraded and changed, or not.
If you know what binary version is correct, chack that command.
146
CentOS 7 Problems / Re: nGINX ONLY ssl_error_rx_record_too_long
« on: November 19, 2021, 01:54:55 AM »
The problem seems is with SSL, not with IPv6.
It happens to me, but was updated a nginx version (1.20.2 from nginx repository) that deleted the configuration file '/etc/nginx/nginx.conf', and was needed to restore it from backup.
Check your configuration.
Regards,
Netino
It happens to me, but was updated a nginx version (1.20.2 from nginx repository) that deleted the configuration file '/etc/nginx/nginx.conf', and was needed to restore it from backup.
Check your configuration.
Regards,
Netino
147
SSL / Re: Wiped AutoSSL hostname cert and files, reinstalled, same issue
« on: November 17, 2021, 11:06:23 PM »
In "WebServer Settings", "SSL Certificates", in the tab "List Installed" you must see the domains installed in your server.
So, click "Renew" to renew the certificates, or "Admin Services" to install SSL Certificates to default subdomains.
Did I understand your question correctly?
Regards,
Netino
So, click "Renew" to renew the certificates, or "Admin Services" to install SSL Certificates to default subdomains.
Did I understand your question correctly?
Regards,
Netino
148
Installation / Re: I need your help regarding the secondary directory of the website!
« on: November 13, 2021, 08:50:03 PM »centos7 apache+nginx
Is nginx -> apache, right?
Check with the command
Code: [Select]
# grep -i DirectoryIndex /usr/local/apache/conf/httpd.conf
...if you have the following result:
Code: [Select]
# DirectoryIndex: sets the file that Apache will serve if a directory
DirectoryIndex index.php index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html
Changing the directive 'DirectoryIndex' in the apache server, changes your entry point in your server.
Change it to point justo to index.php
Code: [Select]
DirectoryIndex index.php
Regards,
Netino
149
Nginx / Re: Nginx service start error during boot on Rocky Linux
« on: November 13, 2021, 08:38:42 PM »
What error? (the error message)
150
PHP / Re: I'm having a problem with UTC php time
« on: November 13, 2021, 08:36:47 PM »
Seems you did not update or not installed the tzdata.
Check it:
Mine is correct, automatically, for 'America/Sao_Paulo', with theses packages.
Regards,
Netino
Check it:
Code: [Select]
# rpm -q tzdata tzdata-java
tzdata-2021e-1.el7.noarch
tzdata-java-2021e-1.el7.noarch
Mine is correct, automatically, for 'America/Sao_Paulo', with theses packages.
Regards,
Netino