• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Server down [Server Certificate/Apache Settings]

Dukemaster

Regular Pleskian
Hi,
I'm very sorry to ask again. But it seems to have to do with my resolved problem from yesterday.
After solving the problem last night I saw in ssllabs.com that my domains have already 1+ but inconsistent server configuration.
Today I installed the new initramfs updates and rebooted server, after this server down, only access over serial console.
Please watch the error.log
I have to say that last night by checking all server settings after domains running again/no errors in troubleshooter I think I made a mistake. I first changed apache setting event to prefork (the template reconfig yesterday must have changed it) and accepted the config. BUT then I read in Plesk docus that default setting is event (worker) and I directly changed it back to event/worker.
It will be the last time to ask you about my mistakes, because I'll never change such important settings in future. But the problem is perhaps the certificate and not the MPM general setting!
server certificate does NOT include an ID which matches the server name
Please, could You help me saving the server, don't want to reinitialize it, cause he is running well for half an year.
Code:
[Fri Mar 31 12:59:15.552055 2017] [suexec:notice] [pid 2111:tid 140126620252032] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Fri Mar 31 12:59:15.588233 2017] [auth_digest:notice] [pid 2112:tid 140126620252032] AH01757: generating secret for digest authentication ...
[Fri Mar 31 12:59:15.622653 2017] [:notice] [pid 2112:tid 140126620252032] mod_python: Creating 8 session mutexes based on 6 max processes and 25 max threads.
[Fri Mar 31 12:59:15.622671 2017] [:notice] [pid 2112:tid 140126620252032] mod_python: using mutex_directory /tmp
[Fri Mar 31 12:59:15.661877 2017] [ssl:warn] [pid 2112:tid 140126620252032] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Fri Mar 31 12:59:15.662176 2017] [ssl:warn] [pid 2112:tid 140126620252032] AH01909: default-2001_8d8_IPv6:443:0 server certificate does NOT include an ID which matches the server name
[Fri Mar 31 12:59:15.662461 2017] [ssl:warn] [pid 2112:tid 140126620252032] AH01909: default-IPv4:443:0 server certificate does NOT include an ID which matches the server name
[Fri Mar 31 12:59:15.665921 2017] [mpm_event:notice] [pid 2112:tid 140126620252032] AH00489: Apache/2.4.10 (Ubuntu) mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.7.6 OpenSSL/1.0.1f mod_perl/2.0.8 Perl/v5.18.2 configured -- resuming normal operations
[Fri Mar 31 12:59:15.665948 2017] [core:notice] [pid 2112:tid 140126620252032] AH00094: Command line: '/usr/sbin/apache2'

Lots of greets
 
Last edited:
Thanks @UFHH01 for help, I read all threads, but only one leads to an answer of You that helped me a little further.
Boostrapper doesn't work in my case. But this /usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Now I run
# plesk repair all
got the following messages, think it has to do with changing IPv6 yesterday, new one, then deleted it and used the old one.
I also took the DNS standard config for all domains, I made several changes.
Please help me, I don't know how to make repair the IP and hostname. I need a little more help as usual.
Repairing web server configuration for all domains. This aspect
can be used with individual domains ("plesk repair web
example.com"), and on the server level ("plesk repair web") ..... [2017-03-31 20:47:06] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/httpdmng' '--reconfigure-all'] with exit code [1]
Curl failed: Couldn't resolve host name
[FAILED]
- httpdmng failed: Curl failed: Couldn't resolve host name
Curl failed: Couldn't resolve host name
Execution failed.
Command: httpdmng
Arguments: Array
(
[0] => --reconfigure-server
[1] => -no-restart
)

Details: [2017-03-31 20:47:06] ERR [util_exec] proc_close()
failed ['/opt/psa/admin/bin/nginx-config' '-t'] with exit code
[1]
Curl failed: Couldn't resolve host name
[2017-03-31 20:47:06] ERR [util_exec] proc_close() failed
['/opt/psa/admin/bin/nginx-config' '-t'] with exit code [1]
Curl failed: Couldn't resolve host name
[2017-03-31 20:47:06] ERR [panel] Apache config
(14909860260.22733900) generation failed: Template_Exception:
nginx: [emerg] bind() to XXX.XXX.XXX.XXX:80 failed (99: Cannot
assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed

file:
/opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
Curl failed: Couldn't resolve host name
nginx: [emerg] bind() to XXX.XXX.XXX.XXX:80 failed (99: Cannot
assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed

Would be nice if you can help.
Greets
 
Last edited:
Hi Dukemaster,

did you actually READ your error messages?
nginx: [emerg] bind() to 123.123.123.123:80 failed (99: Cannot
assign requested address)
Sorry to ask that, but WHAT did you change and WHERE?
Pls. use external sites, to check your IP(s), as for example: => Reverse DNS Lookup for 123.123.123.123


You have to go to the IP - management ( HOME > Tools & Settings > IP Addresses ) and pls. check EVERY IP to be an existent IP, routet to your server.
Pls. use as well "ifconfig" over the command line, to investigate the current setup of your network.

Afterwards, pls. make sure, that ALL domains are associated with the correct IP.
 
Sorry to say that. 123.123... is a synonyme/placeholder for my real IP.
Second thing is that I have no access to Plesk or Shell.
My only chance to solve the problem is over serial console like today afternoon.
Last try was "plesk repair all" with the result what I posted here. My IPv4 and IPv6 are not the real ones here in postings. Never.
Don't want to publish it to the world when I have big problems with the system.
Sorry, but I'm sad and disappointed.
There must be a way to fix the problem with hostname and IPs. Spent the whole day in senseless support threads, all with other problems like mine.
perhaps I have a problem with false or zero ids in database. I read a thread from You, @UFHH01, in old plesk board where you gave friendly help to someone with a similar problem. I get here only fragments of help. Shall I reinitial the server because of this problem which could be not a big one. If I do this I won't update to 17.5.3 again.
The following is what I tried with little success, but not solving the main problem:
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all with one error
/usr/local/psa/bootstrapper/pp17.5.3-bootstrapper/bootstrapper.sh repair (no file/direct. found)
plesk repair all resulted with only one error around SSL certificate,
Cert isn't together with IP and hostname
I didn't copied the results with error this time, too tired after 18 hours investigating, tomorrow I will post the errors
Perhaps you have a good idea which leads to success, Thanks

Deep real problem the IPs:
Curl failed: Couldn't resolve host name
[2017-03-31 20:47:06] ERR [panel] Apache config
(14909860260.22733900) generation failed: Template_Exception:
nginx: [emerg] bind() to XXX.XXX.XXX.XXX:80 failed (99: Cannot
assign requested address
)
nginx: configuration file /etc/nginx/nginx.conf test failed

file:
/opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
Curl failed: Couldn't resolve host name
nginx: [emerg] bind() to XXX.XXX.XXX.XXX:80 failed (99: Cannot
assign requested address
)
nginx: configuration file /etc/nginx/nginx.conf test failed
 

Attachments

  • xxx-1.jpg
    xxx-1.jpg
    249.1 KB · Views: 7
Last edited:
Hi Dukemaster,

we really would love to help you, but when you don't provide enough informations, it is hard to "guess" root causes...you don't even provide informations about your operating system... :(

At the moment you seem to have a firewall issue, because none of your services seem to be reachable over the configured ports ( as shown in your pic ).
Did you at least tried to reboot the server? If "yes", did you try to investigate possible issues/errors/problems from your logs at "/var/log" ?


Shall I reinitial the server because of this problem
Well... personally, I never give up in case of issues/errors/problems... I try to investigate their root causes and don't solve issues/errors/problems, by re-installing a server.

which could be not a big one.
I can't confirm, if the issues/errors/problems are "big" or "small"... at the moment, I would just guess a firewall misconfiguration, or a Fail2Ban - ban for your server IPs, or even localhost... just like I stated before... it's just a GUESS.

/usr/local/psa/bootstrapper/pp17.5.3-bootstrapper/bootstrapper.sh repair (no file/direct. found)
Since Plesk 12.5, there is the "Plesk repair utility" - you might not need the direct call of "bootstrapper.sh" anymore.

plesk repair all resulted with only one error around SSL certificate,
Cert isn't together with IP and hostname
Pls. consider to INFORM us about the correct and full error - message as seen in your log - file(s) and IF you desire to anonymize IP(s) or domain(s), consider to use STANDART anonymisations to avoid misleading investigations ( i.e: IP = XXX.XXX.XXX.XXX ).
 
Hi @UFHH01
I think I've found a hint to the problem.
etc/hosts gives the following output:

127.0.0.1 domain1.onlinehome-server.info sXXXX11 localhost.localdomain localhost
XXX.IPv4.XXX.XXX domain1.onlinehome-server.info sXXXXX11
XXX.IPv4.XXX.XXX domain2.online.de

IMPORTANT: Domain1 is the normal Server-DOMAIN as usual.
But a few days ago, I realized after 9 years using 1and1 server that there is a hidden SYSTEM-Domain (domain2) in Control Center. Nothing in 1and1 docu about this.
I decided to test it on server and created a normal subscription for it like for all other domains and also certificate with letsencrypt.
If I'm correct I also wanted to test it for standard domain of ip-adress, perhaps also to use it to secure Plesk Panel.
This didn't worked, so I made everything to standard, which means no standard domain for IPv4 and IPv6 and standard Plesk Certificate from server pool.
Then I deleted the domain's subscription.

Apache2.jpg
Here are also the full apache2 error.log and the result of making "plesk repair all" with "Yes" to all options.
Hope it helps to come a little closer to a solution.:)
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] bind() to XXX.IPv4.XXX.XXX:80 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed
~# /usr/local/psa/admin/bin/nginxmng -e
[2017-04-01 17:18:45] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/nginx_control' '--start'] with exit code [1]
Curl failed: Couldn't resolve host name
Curl failed: Couldn't resolve host name
Can not start proxy server: /opt/psa/admin/sbin/nginx-config execution failed:
nginx: [emerg] bind() to XXX.IPv4.XXX.XXX:80 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed
 

Attachments

  • error.log.txt
    16.3 KB · Views: 2
  • Plesk Repair All Result.txt
    12.8 KB · Views: 5
Last edited:
reboot under serial-history-1.jpg reboot under serial-history-2.jpg
In my trash I found the content of /etc/nginx/plesk.conf.d/server.conf file of the problem two days ago. Perhaps it leads to an answer.
Greets
 

Attachments

  • Main Error - Duplicate SSL.txt
    3.1 KB · Views: 7
Last edited:
Hi Dukemaster,

due to issues/errors/problems with APPARMOR, pls. consider to use:
Code:
/etc/init.d/apparmor stop
/etc/init.d/apparmor teardown
update-rc.d -f apparmor remove
... which might not already solve your root cause, but you are going to eliminate one of your issues. ;)

Afterwards, pls. use again the "Plesk repair utility" with the command:

plesk repair all -y -v

and investigate possible issues/errors/problems in the corresponding log - file "repair-XXX.log" at "/var/log/plesk".
Consider as well to reboot your server again and afterwards, pls. use again the commands:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
and
plesk repair all -y -v

Again, you should investigate possible issues/errors/problems in the corresponding "repair-XXX.log".
 
Thanks first @UFHH01 for great help.

There is no repair log (1.Screenshot)

By starting reboot, there are only these failed at:
Kill all remaining processes = Failed
Starting Read required files in advance = Failed
Starting configure network device = Failed
Starting configure network device = Failed
Starting configure virtual network devices = Failed

(2. Screenshot) shows the last 2 steps you told me to do:
Interesting is The domain -v was not found
Is it perhaps the system domain which (new!) subsription I deleted few days ago?
in etc/hosts
this domain is already inside, but not as a subscription on server, I used this domain also as a test for standard domain and certificate for plesk?
Is this the reason for my problems?
etc/hosts:
127.0.0.1 standardhost(rootdomain).onlinehome-server.info standardhost(rootdomain) localhost.localdomain localhost
XXX.IPv4.XXX.XXX standardhost(rootdomain).onlinehome-server.info standardhost(rootdomain)
XXX.IPv4.XXX.XXX system-domain.online.de

Greets
repair_log-1.jpg after reboot-1.jpg
 
Last edited:
Could be the subnet mask of the Ipv4 the same as Ipv6 on eth0?
How can we check if the IP is correctly inside Ipv4/255.255.0.0 or 255.255.255.255?
That everything is alright. And if they are primary for DNS Server?
 
Hi Dukemaster,

There is no repair log (1.Screenshot)
Pls. have another closer look at your "repair_log-1-jpg" - you can actually SEE the FOLDER "plesk", but you choosed to use the command "cd /plesk/", instead of the correct command "cd plesk" ( when you are already in "/var/log" ). Another option is to use the full path: => cd /var/log/plesk

You seem to have misconfigured your network ( somehow - and I can't investigate that just with your screenshots ).


If you consider to re-install you server ( which seems to me to be a faster solution, than investigating your current root cause(s) ! ), pls. consider to use a MAIN-DOMAIN for your first IPv4 and IPv6, which you mostly never drop. Consider as well, to modify/configure the complete Plesk Control Panel and it's components, before you start by adding additional domains, subdomains and alias domains. It is always a good idea to have a fully working Plesk Control Panel, with all possible IPv4 and IPv6 addresses, before you start to add and configure customers/additional domains and their content. ;) As you can see at the moment, you are not even aware about your own changes and modifications on your server, which makes it nearly impossible for people willing to help you, to investigate / guess a root cause for each of your several issues. :(
 
Hi @UFHH01
pls. consider to use a MAIN-DOMAIN for your first IPv4 and IPv6, which you mostly never drop
I absolutely aware of my changes. The problem is only that I made changes between the actual and last problem, and made it after a few minutes again back to standard. Then making DNS to standard. and so on...
Nothing more or less. Problem is I did too much changes in a short period without rebooting. event -> prefork -> event for expample.
normally I use the hostname for first IPv4 like in this case. I can also choose the 1and1 system-domain, or one of the 8 normal domains for my projects.
Which would be the best, please?
But I will try it once for the last chance.
 
Hi @UFHH01
Last repair log:
Code:
/var/log/plesk# tail repair-20170402-051409.log
[2017-04-02 05:14:10] .............. [OK]
[2017-04-02 05:14:10]
[2017-04-02 05:14:10] Checking for records with empty name field in the Configurations table
[2017-04-02 05:14:10] [OK]
[2017-04-02 05:14:10]
[2017-04-02 05:14:10] Checking for nginx ULIMIT value
[2017-04-02 05:14:10] ..................................... [OK]
[2017-04-02 05:14:10]
[2017-04-02 05:14:10] Checking for extra configurations in database not owned by any object
[2017-04-02 05:14:10] [OK]
next before
Code:
[2017-04-02 05:15:27]
[2017-04-02 05:15:27] Checking MySQL database servers
[2017-04-02 05:15:27] ..................................... [OK]
[2017-04-02 05:15:27]
[2017-04-02 05:15:27] Repair databases on available servers
[2017-04-02 05:15:27] ............................... [OK]
[2017-04-02 05:15:27]
[2017-04-02 05:15:27] Repair database users on available servers
[2017-04-02 05:15:27] .......................... [OK]
[2017-04-02 05:15:27] Error messages: 0; Warnings: 0; Errors resolved: 0
next before
Code:
[2017-04-02 05:13:03]
[2017-04-02 05:13:03] Reconfiguring the Plesk installation
[2017-04-02 05:13:03] Reconfiguring the Plesk installation ............................
[2017-04-02 05:13:03][OK]
next before
Code:
 tail repair-20170401-150420.log
[2017-04-01 15:04:21] .............. [OK]
[2017-04-01 15:04:21]
[2017-04-01 15:04:21] Checking for records with empty name field in the Configurations table
[2017-04-01 15:04:21] [OK]
[2017-04-01 15:04:21]
[2017-04-01 15:04:21] Checking for nginx ULIMIT value
[2017-04-01 15:04:21] ..................................... [OK]
[2017-04-01 15:04:21]
[2017-04-01 15:04:21] Checking for extra configurations in database not owned by any object
[2017-04-01 15:04:21] [OK]
next before
tail repair-20170401-150356.log
[2017-04-01 15:07:26]
[2017-04-01 15:07:26] Checking MySQL database servers
[2017-04-01 15:07:26] ..................................... [OK]
[2017-04-01 15:07:26]
[2017-04-01 15:07:26] Repair databases on available servers
[2017-04-01 15:07:26] ............................... [OK]
[2017-04-01 15:07:26]
[2017-04-01 15:07:26] Repair database users on available servers
[2017-04-01 15:07:26] .......................... [OK]
[2017-04-01 15:07:26] Error messages: 0; Warnings: 0; Errors resolved: 0
next before
Code:
[2017-04-01 15:03:13]
[2017-04-01 15:03:13] Reconfiguring the Plesk installation
[2017-04-01 15:03:13]
[2017-04-01 15:03:13] Reconfigure the Plesk installation? [Y/n]
[2017-04-01 15:03:17] Reconfiguring the Plesk installation ............................
[2017-04-01 15:03:55] [OK]

Looks too good to reinstall server, or?
Greets and thanks
 
Hi Dukemaster,

I recommend to use as "MAIN" domain the one, which resolves to your 1st IPv4. If you are able to change the rDNS - entry over the Control Panel from 1and1, I would use a rDNS - entry for a "MAIN" domain, which you ( mostly ) never delete, as long as you rent a server.

Example:
With most initial installation standarts, the 1st IPv4 from 1and1 would be configured as:

=> servername.onlinehome-server.info resolves to XXX.XXX.XXX.XXX

and the reverse DNS - setup will be setup as
=> XXX.XXX.XXX.XXX resolves to servername.onlinehome-server.info​

... but this is not very unique and not even usefull, when you have a unique domain, as for example "Dukemaster-is-the-Best.de". I would change the rDNS - entry for the 1st IPv4 over the Control Panel from 1and1! ) to "Dukemaster-is-the-best.de" and I would choose a unique servername as well, so that the hostname of the server should then be for example:

"BestServerEver01.Dukemaster-is-the-Best.de" should resolve to "XXX.XXX.XXX.XXX" and in reverse, the IPv4 would as well resolve back to "BestServerEver01.Dukemaster-is-the-Best.de"

... after your changes over the 1and1 - Control Panel. ;)
 
Last edited by a moderator:
Since two years I use host name domain sXXXXX.onlinehome-server.net for both Ipv4 and Ipv6 as reverse mapping.
In earlier years I had there one of my best/most used domains, like you adviced as better. In future I will do it "back to the roots/earlier years"
But in DNS Options there are two options for each domain first is 1and1 IP and the second, I used for ALL domains, is the IPv4 and Ipv6 of the server(Described as "Other IP").
Also the A/AAAA record is set correctly.
This configuration I use since 10 years 1and1 server and Plesk successful.
You described to make a subdomain, why this?
Subdomains I can create only on the server itself, exactly in Plesk.
I'm sure there is everything correct, exept the reverse mapping which is set to the hostname domain.
Thanks and Greets
 
Last edited:
Hi @UFHH01
One last question. I uploaded here the /etc/nginx/plesk.conf.d/server.conf
There is a double entry for IPv6 certificate. Is this the problem?
I just got the message from my helping hand another server admin, who has more knowledge as I do, that the server runs well, except one thing.
It is Nginx can't bind IPv6.
Nginx must be deactivated and then the conf. changed. But where and how?
After this I will install server new.
Thank you very, very much for your great help and advice.
Greets
 
Last edited:
Server is running, but only with apache. Nginx blown away through other configuration during the hour two days ago when I used a new IPv6. It leaded to worst case scenario.
Good friend of a community software manufactor helped me with great knowledge and repaired it.
Question: I made not only subscription backups, also server-backups. Is the nginx konfiguration in these backups contained, or are there only the configuration options
of Plesk Panel integrated.
THANKS for amazing help @UFHH01
 
THE ERROR - MY MISTAKE
/etc/network/interfaces was corrupted.
Normally I ever, ever used 255.255.255.255 but this time I tried / 64 (Spacebutton!!!!), Plesk told me my the mistake, and I changed it.
I made the correct change, but it was with no effect. Too late, the error was already unchangeable in configuration.
I really don't know how it came, but the file had the following content:
  1. # This file describes the network interfaces available on your system
  2. # and how to activate them. For more information, see interfaces(5).
  3. # The loopback network interface
  4. auto lo
  5. iface lo inet loopback
  6. # The primary network interface
  7. auto eth0
  8. iface eth0 inet dhcp
??????????????????

The following should be the correct configuration and also was set by a friend during repair of server today.
  1. address X:IPv6:X:X:X:X
  2. netmask 64
 
Last edited:
Back
Top