Directadmin is not responding on port 2222, but the service is running.

Fred.

Verified User
Joined
Sep 5, 2009
Messages
220
Hi,

Chrome tells me
Code:
This webpage is not available

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I'm not sure what's going on here.

I Found this in the logs
Code:
2015:05:18-18:04:48: Can't connect to ssl!
2015:05:18-18:04:48: -> A failure in the SSL library occurred, usually a protocol error.
2015:05:18-18:04:48: -> error:00000001:lib(0):func(0):reason(1)

I found this page and checked everything. And that seems to be ok.
http://help.directadmin.com/item.php?id=75

1 .Directadmin is running
2. Port 2222 is open
3. ethernet_dev is set correct
4. The license seems ok, I did a manual update. http://help.directadmin.com/item.php?id=30
5. IP is not blacklisted
6. It was working before so the binaries should be ok.

Is this an IPv6 Problem? (this server doesn't have an IPv6 adress)
Code:
[root@server01 directadmin]# ./directadmin o
Compiled on 'CentOS 7.0 64-Bit'
Compile time: May  3 2015 at 05:48:45
Compiled with IPv6
[root@server01 directadmin]# netstat -lnp | grep 2222
tcp6       0      0 :::2222                 :::*                    LISTEN      119620/directadmin

It also gives me this Bind error, but Bind seems to run fine.
Code:
[root@server01 scripts]# cd /usr/local/directadmin
[root@server01 directadmin]# ./directadmin b2000
Debug mode. Level 2000

Bind Error: Make sure there aren't any copies running in the background
Address already in use

If DirectAdmin is running, but you cannot connect to port 2222, check this guide:
http://help.directadmin.com/item.php?id=75

I ran yum update the day before and I know it updated OpenSSL...

Is there anything else I can check?
 
If I do
Code:
netstat -tulpn | grep :2222
It only lists tcp6
Is this normal? I only have a IPv4 address. But I might get IPv6 in the future.

Code:
[root@server01 directadmin]# netstat -tulpn | grep :2222
tcp6       0      0 :::2222                 :::*                    LISTEN      86379/directadmin
 
I added
Code:
bind_address=0.0.0.0
to directadmin.conf and restarted directadmin.

Still the same problem, DA is not listening on IPv4 :confused:
 
Ok, I got it working again, but I don't know what the problem was. Maybe a had a space or something bad in directadmin.conf?

After editing directadmin.conf several times it suddenly worked. Now my directadmin.conf looks exactly the same like when it was not working. So it must have been something stupid like a space or something.

Or can a change in ciphers triggered something so it works now?
I changed ciphers and it worked, and then I changed back to my safe ciphers and of course restarted da and it still works.

I tried to simulate the problem, but now it's always working.

Thanks Alex, it was not a browser problem. I tried that.

All good now. :)
 
This problem is back! :( :confused:

The only thing I did in the last week was adding "check_referer=1" to directadmin.conf
When I remove it it doesn't solve the problem. :(
 
Post here results:

df -h ?
df -i ?
ps aux | grep directadmin ?
lsof -i:2222 ?
 
Code:
[root@server01 ~]# df -h
Bestandssysteem Grootte Gebruikt Besch Geb% Aangekoppeld op
/dev/sdb2          9,5G     233M  8,8G   3% /
devtmpfs           7,7G        0  7,7G   0% /dev
tmpfs              7,8G        0  7,8G   0% /dev/shm
tmpfs              7,8G     785M  7,0G  10% /run
tmpfs              7,8G        0  7,8G   0% /sys/fs/cgroup
/dev/sdb3          9,5G     3,4G  5,6G  38% /usr
none               2,0G        0  2,0G   0% /tmp
/dev/sdb1           20G     2,7G   16G  15% /var
none               2,0G        0  2,0G   0% /var/tmp
/dev/sdb7          690G      14G  642G   3% /home
/dev/sda1          230G      86G  133G  40% /backup

[root@server01 ~]# df -i
Bestandssysteem  I-nodes  IGebr    IVrij IGeb% Aangekoppeld op
/dev/sdb2         640848   3000   637848    1% /
devtmpfs         2017397    493  2016904    1% /dev
tmpfs            2019448      1  2019447    1% /dev/shm
tmpfs            2019448    807  2018641    1% /run
tmpfs            2019448     13  2019435    1% /sys/fs/cgroup
/dev/sdb3         640848  66309   574539   11% /usr
none             2019448     29  2019419    1% /tmp
/dev/sdb1        1281120  11713  1269407    1% /var
none             2019448     29  2019419    1% /var/tmp
/dev/sdb7       45924352 118942 45805410    1% /home
/dev/sda1       15269888   5310 15264578    1% /backup

[root@server01 ~]# ps aux | grep directadmin
root       1846  0.0  0.0  19776   204 ?        Ss   feb14   3:36 /usr/local/directadmin/da-popb4smtp
nobody    91329  0.0  0.0  62432  2916 ?        Ss   21:46   0:00 /usr/local/directadmin/directadmin d
nobody    91338  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91339  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91344  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91345  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91346  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91347  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91348  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91349  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91350  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
nobody    91351  0.0  0.0  62432  1180 ?        S    21:47   0:00 /usr/local/directadmin/directadmin d
root      98067  0.0  0.0 112664   964 pts/0    S+   22:41   0:00 grep --color=auto directadmin

[root@server01 ~]# lsof -i:2222
COMMAND     PID   USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
directadm 91329 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91338 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91339 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91344 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91345 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91346 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91347 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91348 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91349 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91350 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
directadm 91351 nobody    3u  IPv6 159987141      0t0  TCP *:EtherNet/IP-1 (LISTEN)
 
From here all seems to be fine. Selinux disabled?
Do you see any packets from your IP with tcpdump​ if to sniff 2222 port?
 
From here all seems to be fine. Selinux disabled?
Do you see any packets from your IP with tcpdump​ if to sniff 2222 port?

Selinux is disabled.
Yes, I see the packets coming in on port 2222 with tcpdump.

232 packets captured
233 packets received by filter
0 packets dropped by kernel
 
Alex,

What do you prefer to use as ciphers?
I would like to have safe ciphers, I'm the only one that's logging in into DA and always with the last version of chrome. I don't need compatibility I need security.

Now I have

Code:
ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES$
I believe this was recommended by Mozilla as Modern ciphers.

And that was working for months.
 
Is your issue related to SSL ciphers you set? What if you set the defaults:

Code:
ssl_cipher=HIGH:!aNULL:!MD5

?

http://help.directadmin.com/item.php?id=571
 
I got it working again with

Code:
ssl_cipher=HIGH:!aNULL:!MD5

But now Crome complaining
Your connection is encrypted using an obsolete cipher suite
 
Is your issue related to SSL ciphers you set? What if you set the defaults:

Code:
ssl_cipher=HIGH:!aNULL:!MD5

?

http://help.directadmin.com/item.php?id=571

Yes, it was. I just found that. Thanks for that. :)
It seems not possible to change these in directadmin.conf?
I changed them in Nginx without any problems.
 
As a temporary solution you might want to proxy requests to directadmin via nginx/apache, and set ssl ciphers there.
 
Back
Top