A strange one with letsencrypt.

10 posts / 0 new
Last post
#1 Wed, 09/07/2016 - 09:31

A strange one with letsencrypt.

Had to move one virtual server from one server to another.

Of course it wouldn't work with the certificates, since the certs were made on a different machine, so i thought i could create new ones, after uncommenting those two lines, which specify where the certificate is located.

Then i created certs with LE, and everything went through. The certs are where they have to be.

BUT: When i open the website in a browser, it presents me a php file for download. Which is not what i want it to. Other virtualservers with their websites are running correctly. Interesting enough, when i restarted apache after editing config file, it failed claiming the suexec directive would be bad. So i commented that one and apache came up again, and the website too.

I have now restored the website around 15 times, always the same. As soon as i create let's encrypt certs, the website is not accessible anymore.

Anything to check, any idea? please?

thanks and best

Wed, 09/07/2016 - 09:45


When doing a migration, the SSL certs should actually work, as both the private and public keys are part of the migration process.

Do you happen to know what the suexec error you were getting was?

Also, what's showing up in $HOME/logs/error_log?


Wed, 09/07/2016 - 10:10

Hi Eric,

i don't have suexec on that server, so it claims invalid command :-) Action configtest failed.

i commented it out, and apache started working.

in home error logs it says: mod_fcgi can't get data from http client and offers the php file for download.

I've seen a lot, but not that one. As long as i do not create the LE certs with virtualmin and as long as i do NOT copy the newly created certs into virtual server root directory, the http page is working. the https page klaims that it is a self signed certificate, which isnt, and therefore i am stuck. I need to get this https page running, and don't know how. Whatever i tried, it went into this error. I also deactivated ssl website in virtual min and activated it again, gave the same results.

I am sort of confused... Best

On the old server i had this setting with one cert file for all domains, which are located in the according folder within /etc/letsencrypt and the SSL directives within apache conf file are pointing there. So i commented out them as well and uncommented those two lines where the ssl keys are located in virtual server root directory, above public html.

Wed, 09/07/2016 - 10:42

Btw, i have a small problem connected with that one:

I have a backup of the old server, dating yesterday midnight, now i have to move them over to a new server, but the old one doesn't start anymore. I can use the filesystem, with a workaround. So could i grab the var/Ilib/mysql folder of a database where someone put quite some work into it and move it over to the new server, given, that i first restore the backup from midnight yesterday, then shutdown mysql, copy the folder into /var/lib/mysql and restart mysql. Would that work or what other chances would i have to get the current data on the new server, if at all?

Wed, 09/07/2016 - 10:54


Woah, everyone should have suexec! That comes with Apache.

What distro/version is it that you're using there?

And sure, so long as MySQL is stopped on both the source and destination server, you can always copy /var/lib/mysql from one server to another.

It could potentially cause some (fixable) issues if you're using different MySQL versions, but that shouldn't be too hard to correct if it ends up being an issue.


Wed, 09/07/2016 - 11:13

this one hasn't and it has a software installed, which wouldn't run correctly with suexec activated. Any idea, how i can fix this fcgid thing? And btw, do i need a cloudmin install on a virtualmin server in order for cloudmin management server being able to see that webmin is up?

Thanks and best

Wed, 09/07/2016 - 14:03


You do not need to install Cloudmin on servers it's going to manage, only Webmin needs to be there.

FCGID may be failing due to suexec not being present, though it's tough to say for sure as it's not producing a good error message.

What happens if you change it to use CGI rather than FCGID, does that help (or at least produce a better error message)?

Also, what is the output of this command:

dpkg -l 'apache2-suexec*'
Wed, 09/07/2016 - 14:41

the output is:

root@server04 ~ # dpkg -l 'apache2-suexec'
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
un  apache2-suexec <none>       <none>       (no description available)

will try with cgi instead of fcgi and post results.

Wed, 09/07/2016 - 15:02

Well, it won't let me since there is no suexec, but i cannot install suexec there, because it interferes with other software. So i will have to move it again to another server, which would be the one, where virtualmin won't run (see other post with Debian 8.5)

Thu, 09/08/2016 - 00:59

So, if you read the post in the other thread, you saw, that i had to rebuilt that one one more time, and now everything isw orking, with suexec and with certificate from let's encrypt and no downloading of php files. Sometimes you have to be brave, dive in the water and see, what lies underneath. I haven't slept much for two days now, but if everything is working now, i am glad.

Thanks for help! Best

Topic locked