server will not start after upgrade

Hi there

Never experienced anything like this before.

I have just updated a Virtualmin server and it has failed to restart.

There were four services down - that will not start.

Apache2 Dovecot Usermin Webmin

Webmin error is : Failed to start LSB: web-based administration interface for Unix systems.

Usermin error is : Failed to start LSB: web-based account administration interface for Unix systems.

Both with status=2

Apache mentioned an old site listed in sites enabled - I removed the offending sites conf file and apache2 now starts

My website are now live but

systemctl --failed
  UNIT            LOAD   ACTIVE SUB    DESCRIPTION
● dovecot.service loaded failed failed Dovecot IMAP/POP3 email server
● usermin.service loaded failed failed LSB: web-based account administration interface for Unix systems
● webmin.service  loaded failed failed LSB: web-based administration interface for Unix systems

Any help would be appreciated.

Kind Regards Brad

Status: 
Active

Comments

Hi there

I would like to add that I performed the upgrade via ssh on this server and not from within the Webmin admin panel.

I also see this error listed

perl[21450]: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root

Kind Regards Brad

Hi there

On further investigation it seemed that Apache gave the solution to this issue

The issues were all caused by a single domain - who's Lets Encrypt SSL cert had failed to renew.

I had to comment out the domains ipcert from /webmin/miniserv.conf file

This allowed Webmin to start and I was able to remove the offending domain which allowed Dovecot to start - which also had an issue with the domains SSL

Kind Regards

Brad

Ilia's picture
Submitted by Ilia on Thu, 08/13/2020 - 11:39

Hi,

Thanks for contacting us! I must say, this is an odd issue.

I had to comment out the domains ipcert from /webmin/miniserv.conf file

What those lines looked like?

The issues were all caused by a single domain - who's Lets Encrypt SSL cert had failed to renew.

I recently had few domains failed Let's Encrypt renewal on my production server but nothing like this happened.

Could you please provide any more detailed steps on reproducing the issue you're reporting?

Hi Ilia

Hope you are well

It was the two lines for the domain

ipcert & ipkey - identical to all other domain lines listing the domain and path to ssl.cert and ssl.key

Now I am not sure if it was just a failed cert - I have had a run through Virtualmin and also noticed a domain that was disabled was now active - the domain that caused the issue might have been disabled (it was not in use - so it could have been)

This is just a small server and after getting a couple of warnings from our monitoring service I checked the server ( running 6.09 ) Dovecot was showing failed - an issue that was ongoing and now fixed in version 6.11 right..

So I just ran apt-get update and than apt-get upgrade after the upgrade I rebooted the server

This could have just been an update that went wrong ...

It has highlighted a vital point though - Webmin should have a fail safe procedure in place to stop an incorrect path or missing virtual server certificate from stopping Webmin from starting..

Sorry I cannot offer any more information on this - the offending domain has been deleted and my server is working as expected.

Kind regards

Brad

Ilia's picture
Submitted by Ilia on Thu, 08/13/2020 - 13:45

Assigned: Unassigned »

It has highlighted a vital point though - Webmin should have a fail safe procedure in place to stop an incorrect path or missing virtual server certificate

That is a good point. We will discuss it with Jamie. It should be easily doable.

I've checked in a fix to not totally fail in the case where the per-IP cert file is missing.