CustomBuild problems after update to new DA version

Sappie

Verified User
Joined
Dec 2, 2021
Messages
17
Dear DirectAdmin,

After working with DA for several years now (2 servers) I have a strange problem on one server after updating to version 1.646 (7) with integrated custombuild.

Suddenly options.conf does not correspond with the previous settings and current running versions. Looks like it has reset to all default settings. For example: I actually run php1_release=7.4 php1_mode=php-fpm and php2_release=5.6 php2_mode=php-fpm but options.conf shows only release=8.1 now. Also all other settings are set to default now.

So when I update the versions now it installs V8.1 which causes all website offline.

Also another problem is when I set options.conf back to V7.4 I got SSL disabled for all websites after performing a new update. I have openssl version 1.0.2k-fips installed. I have searched everywhere for a possible solution but I can’t find it unfortunately. I hope you can help. When more info is needed pls. let me know.

Thanks in advance!
 
Hello,

example: I actually run php1_release=7.4 php1_mode=php-fpm and php2_release=5.6 php2_mode=php-fpm but options.conf shows only release=8.1 now. Also all other settings are set to default now.

Every time you change php versions in options.conf you should run

Code:
./build php

in CLI/SSH or reinstall PHP in DirectAdmin interface.
 
Hello,



Every time you change php versions in options.conf you should run

Code:
./build php

in CLI/SSH or reinstall PHP in DirectAdmin interface.
Hi, thanks for your quick response!

I did ./build php but unfortunately still the same SSL problems occurs.

On all domains SSL has been disabled and after manualy enabeling again, all domains have the default server certificate selected instead of Let's Encrypt. Even after enabling Let’s encrypt, the websites still shows a security warning.

This is what I found in the /var/log messages log: (I’m not sure it has something to do with this problem?)

Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm74.service:41] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm74.service:48] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm74.service:51] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm74.service:54] Unknown lvalue 'RestrictRealtime' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm56.service:41] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm56.service:48] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm56.service:51] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Mar 22 14:28:50 srv2 systemd: [/etc/systemd/system/php-fpm56.service:54] Unknown lvalue 'RestrictRealtime' in section 'Service'
Mar 22 14:28:50 srv2 systemd: Stopping The PHP FastCGI Process Manager...
Mar 22 14:28:50 srv2 systemd: Stopped The PHP FastCGI Process Manager.
Mar 22 14:28:50 srv2 systemd: Starting The PHP FastCGI Process Manager...
Mar 22 14:28:50 srv2 php-fpm56: [22-Mar-2023 14:28:50] WARNING: Nothing matches the include pattern '/usr/local/directadmin/data/users/*/php/php-fpm56.conf' from /usr/local/php56/etc/php-fpm.conf at line 68.
Mar 22 14:28:50 srv2 systemd: Started The PHP FastCGI Process Manager.
Mar 22 14:28:50 srv2 systemd: Stopping The Apache HTTP Server...
Mar 22 14:28:51 srv2 systemd: Stopped The Apache HTTP Server.
Mar 22 14:28:51 srv2 systemd: Starting The Apache HTTP Server...
 
I did ./build php but unfortunately still the same SSL problems occurs.

The solution does not address the issue with SSL. It is only to make running PHP versions as they are set in in options.conf.

Also another problem is when I set options.conf back to V7.4 I got SSL disabled for all websites after performing a new update.

When PHP is installed it makes Directadmin to rewrite Apache/Nginx configs. And if hosted domains loose their SSL settings, then it might denote the SSL instructions were added incorrectly outside Directadmin. You should make sure users have SSL set to ON, and every domain have SSL set to ON too. It seems they are now set to OFF.
 
The solution does not address the issue with SSL. It is only to make running PHP versions as they are set in in options.conf.



When PHP is installed it makes Directadmin to rewrite Apache/Nginx configs. And if hosted domains loose their SSL settings, then it might denote the SSL instructions were added incorrectly outside Directadmin. You should make sure users have SSL set to ON, and every domain have SSL set to ON too. It seems they are now set to OFF.
Ok thanks! Seems like it's only an SSL issue now. Still strange that after the DA update all my options.conf settings where reset.

Just like my other server, user and domain SSL settings are enabled. But when I update php or do ./build php, SSL is disabled. After manually enabeling, it still doesn't work and I get a security warning when loading the website.
 
This is not typical for such operations. If your license includes DirectAdmin official support, I'd suggest that you ask them to investigate the issue. If not, probably somebody else had the same issue and can help you.

I did not have the issue, so can not give steps to fix the issue. But I could investigate it on your server, if you ready to pay for it.
 
This is not typical for such operations. If your license includes DirectAdmin official support, I'd suggest that you ask them to investigate the issue. If not, probably somebody else had the same issue and can help you.

I did not have the issue, so can not give steps to fix the issue. But I could investigate it on your server, if you ready to pay for it.
Ok thanks so far! I will ask DA support.
 
This is not typical for such operations. If your license includes DirectAdmin official support, I'd suggest that you ask them to investigate the issue. If not, probably somebody else had the same issue and can help you.

I did not have the issue, so can not give steps to fix the issue. But I could investigate it on your server, if you ready to pay for it.
I just discovered that my 'domain.nl.conf' files located in /usr/local/directadmin/data/users/username/domains/domain.nl don't contain the following lines compared to my good server files:

SSLCACertificateFile=SSLCACertificateFile=.....
SSLCACertificateFile=....
SSLCertificateKeyFile=....
ip=....
ssl=OFF

I hope this clears things up?
Thanks!
 
Last edited:
Seems SSL is off, so no SSL will be generated for this domain.
You might want to set it to ON first.

And then request a new certificate for the domain.
Hoi Richard! Thanks for your reply,

Somehow after an update or openssl install, SSL went off for all domains. When I manualy turn it on again and install a new Let's Encrypt certificate, I get an certificate name mismatch error when I check the site on SSLlabs. I'm still trying the figure it out but still without success.
 
I'm still trying the figure it out but still without success.
I've seen some odd things happening indeed in your post.
Check your hostname certificate if that is still valid and present. Sometimes that causes certificate name mismatches.
Or request a new one just to be sure.
 
I've seen some odd things happening indeed in your post.
Check your hostname certificate if that is still valid and present. Sometimes that causes certificate name mismatches.
Or request a new one just to be sure.
Yes that's maybe the case. What's the best way to check the hostname certificate? :giggle: SSL Labs can't connect with my servers:/
 
I use a script, check this:
shows all domains, but also the hostname.

If SSL labs can't connect with your server, I'm wondering if LE can, which also can cause issues.... odd.... Hope you will fix it soon.
 
Ahyes, since ssl was disabled for all accounts in a suspicious way, you might want to doublecheck your directadmin.conf setting if ssl=1 (met kleine letters) is still present.
 
Ahyes, since ssl was disabled for all accounts in a suspicious way, you might want to doublecheck your directadmin.conf setting if ssl=1 (met kleine letters) is still present.
Thanks alot Richard! LE can connect without problems and ssl=1 is still in my directadmin.conf. I will check the script tomorrow.. (y)
 
SSLCACertificateFile=SSLCACertificateFile=.....

If it's how a line in the config file looks like, and it is not a copy-paste error, then you might start with clearing those files from such lines.


This line means SSL is disabled for a domain. And if you have a mess with lines in domains config file, then it might be the reason of such a behavior.
 
If it's how a line in the config file looks like, and it is not a copy-paste error, then you might start with clearing those files from such lines.



This line means SSL is disabled for a domain. And if you have a mess with lines in domains config file, then it might be the reason of such a behavior.
Thx, I appreciate your feedback guys!
These lines are completely gone. I can enable SSL and install a new certificate. After that only the 'ip=' line is still missing in domain.nl.conf and I get certificate name mismatch errors on the regarding websites.

So I definitely must have messed up something badly indeed:/
I have installed openssl and enabled http2 recently, so I think it has to do something with that.

Today I'm going to move all the users to my second server, so I can work on it without interuptions.
I have tested with 1 user yesterday and the user restore is working fine on the good server. I am able to setup a LE cert succesfully after migration and the domain.nl.conf file is looking fine and complete.

I will keep you updated. Suggestions are very welcome.
 
The steps you mentioned hardly could cause the issue with domains SSL certificates, unless you manually edited the domains config files.

After that only the 'ip=' line is still missing in domain.nl.conf and I get certificate name mismatch errors on the regarding websites.

If you have several IPs on the server, it might be the reason on why you have certificate name mismatch errors.

Today I'm going to move all the users to my second server, so I can work on it without interuptions.

You might try and re-create domains in Directadmin without moving them to a nother server. Directadmin allows to remove domains without loosing its content. Anyway make sure you've got backups to restore from before trying it.
 
Re-create domains in Directadmin works fine and the websites are working properly again after that. Only all other date like mail accounts are deleted then.

I found an invalid ip address in my ip manager (CMD_IP_MANAGER):
IP: 2a01:7c8:fffd:xxx:0:0:0:1 Status: Free Global: No Resellers, Users, nameserver: empty, netmask /48
When I try to delete it it says:
Details

2a01:7c8:fffd:xxx:0:0:0:1 could not be removed, you must free it first.

Invalid IP: 2a01:7c8:fffd:xxx:0:0:0:1
Could this causing my problems and is there any workaround to delete this ip savely?
In directadmin.conf I have: ipv6=0
Thanks!
 
Last edited:
Ah, yes, I should have mentioned it. I hope you did not lose your email data. Or you can easily recover it from backups.

Yes, you might need to remove IPv6 since you don't use it. And make sure it is removed from DNS then. As if you connect to the server over IPv6 then you might see the certificate name mismatch errors.
 
Back
Top