Borked MIAB upgrade

Wherewolf · July 25, 2020, 11:14pm

Went thru the upgrade process after updating my Ubuntu 18.04 server. Now nginx isn’t starting and I checked thru the forums looking for similar issues but don’t see much.

python3 management/status_checks.py
says:

python3: can’t open file ‘management/status_checks.py’: [Errno 2] No such file or directory
netops@box:~$ sudo python3 /home/netops/mailinabox/management/status_checks.py
Traceback (most recent call last):
File “/home/netops/mailinabox/management/status_checks.py”, line 12, in
import psutil
ModuleNotFoundError: No module named ‘psutil’

nginx -t says:

nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/ssl_certificate.pem”
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/ssl_certificate.pem”
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/ssl_certificate.pem”
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/box.atf.linfield.edu-20200929-aafab098.pem”
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/ssl_certificate.pem”
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/ssl_certificate.pem”
nginx: [warn] “ssl_stapling” ignored, host not found in OCSP responder “ocsp.int-x3.letsencrypt.org” in the certificate “/home/user-data/ssl/ssl_certificate.pem”
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

I’ve rerun the update script several times with reboots in between…I’m stuck…Can anyone point me in the right direction?

Wherewolf · July 26, 2020, 12:49am

As near as I can tell, the issue has to do with the DNS resolver 127.0.0.1#53 not being able to resolve ocsp.int-x3.letsencrypt.org -
further testing with nslookup tells me using 127.0.0.1#53 as the MIAB dns resolver can’t resolve anything! what the hell? this all worked fine prior to upgrade…

alento · July 26, 2020, 1:00am

Meaning specifically what? From which version of MiaB did you upgrade?

alento · July 26, 2020, 1:06am

So let’s try running the status checks the proper way … @Wherewolf

sudo /home/netops/mailinabox/management/status_checks.py

and once we see what the status checks have to say we can go on to the next step.

Wherewolf · July 26, 2020, 1:18am

Sorry - it was a couple of versions back (.42 .43 - sorry I wasn’t really paying attention! I know! pathetic!) anyway, I think I’ve found the issue - and it had to do with BIND9 named.conf.options - the fowarders I was using got commented out with slashes somehow during the upgrade - this box is locked down on a private network, so the box’s resolver needs to forward / talk to a secured DNS server on the same segment that is allowed to do DNS resolution. I think I have everything working now - just documenting it here in case someone else needs the info. I will need to remember to check next time I upgrade - it’s never been an issue before - but things do change…

Wherewolf · July 26, 2020, 1:21am

I want to say thanks for reaching out and trying to help me @alento - I appreciate you responding so quickly!