URGENT: All sites offline

jdn1976

Verified User
Joined
Mar 30, 2020
Messages
107
Hello, my sites are all down. I need some help.
I disable the CSF and do not work.
I am not able to access do DA as admin. When I type: http:ip:2222 do not open DA
I do have access to SSH.

Please any help?

Just to add when I type ping and the main domain of the server shows the message
Temporary failure in name resolution
 
Why disable CSF? Nobody has problems with this.

Anway, login to SSH and check with this command:
Code:
iptables -L
if the firewall is indeed disabled, you should have INPUT, FORWARD and OUTPUT all open.
If not, then something of a firewall is still running and might cause the problems with CSF and Directadmin not reachable.

IF you have them all open, then try this:
Code:
systemctl status directadmin

or do
Code:
service directadmin restart
and see if it starts or throws errors.

By the way, I presume you wrote a typo, because it;s not http:ip:2222 but http://ip:2222 or http://domain.com:2222 however this will not work when DA is not running, hence you can try the commands I just wrote to see if it will start.
 
Why disable CSF? Nobody has problems with this.

Anway, login to SSH and check with this command:
Code:
iptables -L
if the firewall is indeed disabled, you should have INPUT, FORWARD and OUTPUT all open.
If not, then something of a firewall is still running and might cause the problems with CSF and Directadmin not reachable.

IF you have them all open, then try this:
Code:
systemctl status directadmin

or do
Code:
service directadmin restart
and see if it starts or throws errors.

By the way, I presume you wrote a typo, because it;s not http:ip:2222 but http://ip:2222 or http://domain.com:2222 however this will not work when DA is not running, hence you can try the commands I just wrote to see if it will start.

Is not the firewall and DA is running (but i do not have access to DA using ip:2222)

systemctl status directadmin
● directadmin.service - DirectAdmin Web Control Panel
Loaded: loaded (/etc/systemd/system/directadmin.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-04-20 23:52:06 -03; 19min ago
Docs: http://www.directadmin.com
Process: 794 ExecStart=/usr/local/directadmin/directadmin d (code=exited, status=0/SUCCESS)
Main PID: 800 (directadmin)
CGroup: /system.slice/directadmin.service
├─ 800 /usr/local/directadmin/directadmin d
├─1199 /usr/local/directadmin/directadmin d
├─1200 /usr/local/directadmin/directadmin d
├─1201 /usr/local/directadmin/directadmin d
├─1203 /usr/local/directadmin/directadmin d
├─1204 /usr/local/directadmin/directadmin d
├─1205 /usr/local/directadmin/directadmin d
├─1206 /usr/local/directadmin/directadmin d
├─1207 /usr/local/directadmin/directadmin d
├─2799 /usr/local/directadmin/directadmin d
└─2808 /usr/local/directadmin/directadmin d


for example all the sites shows like this:

and if I give a ping:
ping siteselojas.com.br
ping: siteselojas.com.br: Temporary failure in name resolution

httpd is up, mysql is up.
I think it is probably named?
I already rebooted but do not solve.
 
Is your OS Centos8?
Do you have multiple ip's on your server? Then you could try http:another-server-ip:2222

Recently I had a couple of times similar trouble.
 
Is your OS Centos8?
Do you have multiple ip's on your server? Then you could try http:another-server-ip:2222

Recently I had a couple of times similar trouble.

Is Centos 7 i do have another IP on server. But do not open DA or websites.
when I type http://serverip:2222 redirect to SSL and server hostname
 
Is Centos 7 i do have another IP on server. But do not open DA or websites.
when I type http://serverip:2222 redirect to SSL and server hostname
That is most likely just fine. Communications are still encrypted, it is just that the browser cannot vouch for the SSL since you are using the IP to access rather than a domain/hostname (as SSLs are not issued for IPs, just domains). You can proceed on past the SSL warning to access DirectAdmin. If you use your hostname in place of the IP, do you still see the SSL warning?
 
I am not able to access do DA as admin. When I type: http:ip:2222 do not open DA

Anyone else think that accessing DA by IP address is not good idea (cause it is not safe) or it's just me?
 
Anyone else think that accessing DA by IP address is not good idea (cause it is not safe) or it's just me?
It doesn't make any difference if you can also use SSL to make a connection via the ip. But the domain name (or hostname) is easier to remember too, especially if you have or get more servers.

You state there is a redirection to the hostname. Why not temporarily disable this redirection?
You can remove it from directadmin.conf and restart DA and see if you are able to login then?

I think it is probably named?
I have a bit of doubts about that, because that would not create troubles for accessing http://serverip:2222 you should be able to reach that even when named is not running.

Rember to frstly do wat scriptkitty said and see if you can find the error if present.
 
Hi!

Looking at https://intodns.com/siteselojas.com.br, it looks like the DNS zone file for the domain may not be loading at the server, or Named is failing.

Code:
grep -i kill /var/log/messages
grep -i "not loaded due to errors" /var/log/messages
service named status

Your tips for your commands:

grep -i kill /var/log/messages
Apr 20 00:00:06 servidor systemd: lfd.service: main process exited, code=killed, status=9/KILL
Apr 20 20:29:43 servidor NetworkManager[571]: <info> [1587425383.2071] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Apr 20 20:29:43 servidor NetworkManager[571]: <info> [1587425383.2072] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Apr 20 20:59:54 servidor systemd: lfd.service: main process exited, code=killed, status=9/KILL
Apr 20 23:40:43 servidor NetworkManager[574]: <info> [1587436843.4685] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Apr 20 23:40:43 servidor NetworkManager[574]: <info> [1587436843.4696] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Apr 20 23:52:02 servidor NetworkManager[553]: <info> [1587437522.0604] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Apr 20 23:52:02 servidor NetworkManager[553]: <info> [1587437522.0607] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
Apr 21 00:00:07 servidor systemd: lfd.service: main process exited, code=killed, status=9/KILL
Apr 21 07:55:47 servidor NetworkManager[560]: <info> [1587466547.5879] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
Apr 21 07:55:47 servidor NetworkManager[560]: <info> [1587466547.5880] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file


grep -i "not loaded due to errors" /var/log/messages
this one do not show anything


status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/etc/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-04-21 07:56:17 -03; 1h 3min ago
Process: 1246 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 2282 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2263 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 2292 (named)
CGroup: /system.slice/named.service
└─2292 /usr/sbin/named -u named -c /etc/named.conf
Apr 21 08:56:27 (i hide here server hostmame) named[2292]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Apr 21 08:56:37 (i hide here server hostmame) named[2292]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Apr 21 08:56:37 (i hide here server hostmame) named[2292]: resolver priming query complete
Hint: Some lines were ellipsized, use -l to show in full.
 
How that can be accomplished? Via self - signed certificate on server?
Yep, that is one way. Next time you load https://IP:2222 in the browser, click the warning/padlock icon for more information and follow the prompts to see exactly what SSL it uses for that connection.
 
Yep, that is one way. Next time you load https://IP:2222 in the browser, click the warning/padlock icon for more information and follow the prompts to see exactly what SSL it uses for that connection.

First - I dont use IP to access DA, so I won't make any changes now to look at padlock. Second - how can it use SSL if you don't setup one? Third - who would setup legit SSL for an IP address, I mean in fast and affordable way?
 
First - I dont use IP to access DA, so I won't make any changes now to look at padlock. Second - how can it use SSL if you don't setup one? Third - who would setup legit SSL for an IP address, I mean in fast and affordable way?
Hosting providers may set this up by default with a self-signed SSL as a security precaution. You wouldn't want a brand new box with a insecure ip-based login that you would use to log into the box to declare a hostname and then install the hostname SSL in the first place (many have yet to point thier nameservers at the registrar at this point, or they aren't resolving yet and thus must use the IP-based login). I know I'd prefer https://ip:2222 over http://hostname:2222 because my login would be encrypted. Of course, https://hostname:2222 is even better for customers since they do not need to bypass warnings.

I personally prefer to connect via IP so that I know exactly what origin server I am communicating with, thus I know that no MITM is attempting to trick me. Also, DNS propagation doesn't interfere with migrations I'm doing and cause me to log into and perform work on the wrong server (customers like to name the new server the same hostname as the old server).

Most services would just use the SSL installed regardless of how they were accessed (because they are configured to use the hostname SSL via the hostname SSL path in their respective service configuration files), in order to encrypt the transmitted data, but a browser won't label it as secure if the name you enter in the browser doesn't match the SSL Common Name.
 
Hosting providers may set this up by default with a self-signed SSL as a security precaution.

They may.

I personally prefer to connect via IP so that I know exactly what origin server I am communicating with, thus I know that no MITM is attempting to trick me.

Oh that MITM, it's always behind the corner waiting for you.. I would easily mix up all these IP numbers much more easily and yet padlock warnings. True chaos. But it's your way, it's ok. I'm an advanced user at most ;)

Most services would just use the SSL installed regardless of how they were accessed (because they are configured to use the hostname SSL via the hostname SSL path in their respective service configuration files), in order to encrypt the transmitted data, but a browser won't label it as secure if the name you enter in the browser doesn't match the SSL Common Name.

SSL using invalid certificate is still safe. Or not? May that be MITM tricking you?
 
Hello, my sites are all down. I need some help.
I disable the CSF and do not work.
I am not able to access do DA as admin. When I type: http:ip:2222 do not open DA
I do have access to SSH.

Please any help?

Just to add when I type ping and the main domain of the server shows the message
Temporary failure in name resolution

Did you solve the problem?
 
I wanted to switch to DA, but it seems that a few cents more are worth to stay with CP and get a peace of mind.

I am switching from CP to DA... but I losing my faith on DA. Yesterday was working fine, and then at yesterday night from nothing just stop open the websites. I do not know if it was an O.S. update or DA update.
 
Back
Top