I’m having some issues with the latest version on linode server, Google domain. installed and reinstalled multiple times, wondering if there is an issue with latest code?
Is it possible to install a previous version?
here are my setup steps that fail
I have provisioned a new server through Linode, one of the $5 jobs. I have in the past successfully setup MIAB on a few Digital Ocean boxes without issues (versions .23 and .24). Now I am having issues with the DNS server I think on the latest install. Perhaps something I did, however I think there is an issue with the latest release.
Setup steps I used, and repeated to ensure completeness.:
- Purchase Domain name (MY-NEW-SITE.com) through Google Domains and
- Purchase and deploy 1G Ram server with Linode. Distrobution selected is "Ubuntu 14.04 LTS"
2.a) Update softwareapt-get update && apt-get upgrade -y
2.b) Edit SSH config, giving local key to server for remote accessnano /etc/ssh/sshd_config
2.b.1) change root access allowed and password allowed to no
2.b.2)service ssh restart
2.c) Check for connectivity with new config and reboot - Configure DNS on domains.Google.com
1.a) Add GLUE records (Registered Hosts in Google domains) for NS1.box.MY-NEW-SITE.com and NS2.box.MY-NEW-SITE.com
1.b) Select “Use Custom Name Servers” in google DNS and enter new NS1 and NS2 details
1.c) Add a “Custom Resource Record” for A, AAAA, and CNAME pointing to IP address of new Linode Server, both IPv6 and IPv4, and adding www to CNAME - Run configuration of MIAB first round, (It takes about 3 times)
4.a) get to zpush install and fails on hash check.
4.a.1) get corect hash from command line
4.a.2) Edit mailinabox/setup/zpush.sh changing the expected hash variable underTARGETHASH=
4.a.2.a) Calculated hash was66b1613faef61590836682ff1a43d559827fe08b
4.b) re-run installer script getting further along, but erroring out again. bunch of HTML prints to the command line
4.c) run again and things seem to work, short of the SSL cert error provisioning - Load https://BOX.MY-NEW-SITE.com/admin
4.a) System status check fails on :
4.a.1) Nameserver glue records are incorrect. They currently report addresses of [Not Set]/[Not Set]
4.a.2) This domain must resolve to your box’s IP address, in public DNS but it currently resolves to [Not Set] / [Not Set]
4.a.3) The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s control panel to set the nameservers
4.a.4) The TLS (SSL) certificate for this domain is currently self-signed - Running the mailinabox/tests/test_dns.py with MY-NEW-SITE.com and my linode IP Address
5.a) Please run the Mail-in-a-Box setup script on box.qrlbox.com again.
It seems my box is not serving DNS correctly. using the dig command for “MY-NEW-SITE.COM and BOX.MY-NEW-SITE.COM” I get the correct ip address from google domain settings.
When i check with pingability.com/zoneinfo I see a lot of errors,
MY-NEW-SITE.COM does not have an IP Address (A) record
There is no 'www' subdomain for MY-NEW-SITE.COM
None of the name servers had an SOA record, randomly selecting ns1.BOX.MY-NEW-SITE.COM as the master name server.
There are no MX (or A records for that matter) for MY-NEW-SITE.COM
Hello just_a_warning,
Here is a few things to check before anyone else chimes in.
-
Check to see if Apache was installed. 4b and 4c can be related to Apache2 getting install on the system by one of the packages now having a dependency on Apache. The HTML errors leads me to think that might be the issue there. (apt-get remove apache2*) Then rerun the installer again to ensure the required web server gets installed correctly on the correct ports.
-
When did you add your Glue records to your registrar? This can take up to 48 hours for the DNS to get updated everywhere.
Sounds like you have installed MiaB a number of times, so you know your way around it. Lets hit the above ideas, and then go from there. If you want me to check to see what I get from DNS on your domain, send me a PM if you want to keep the domain private. I can test it from a number of different locations to see if this is just a propagation issue, or something else.
Thanks!
Chess
Thanks for the reply. I didn’t think that apache would be an issue on a new distro, however dependencies. I’ll look and see if it was installed. Now that you have me thinking of it I remember seeing a line spit out from the installer that stated it was un-installing apache. Will dig and let you know if I need further help.
I setup the glue records with the registrar Saturday, so they should have propagated by now I would imagine.
Seems the installer tries to check from Apache, and remove it, but is unable to in the current version. The is some long threads that a number of us have been on that discusses this. See the below thread.
The belief is that an updated package now has a dependency on Apache2, and installs it after the check. The check also does not seem to see Apache2 even when you rerun the install scripts. Only a manual removal of Apache2 gets rid of it. The development team of MiaB is aware of the issue and is working to try to fix this in a future release.
Oddly enough, I re-logged into the box and it seems everything is satisfied. I have green checks all around on the system status page. Perhaps I just needed to wait for DNS to get all setteled. I find it strange that on some installs DNS updates in real time, other times it takes ages.
I also wonder if the DNSSEC settings were adding into some confusion? I had added it to the registrar immediately after setup waiting for DNS to clear. I removed this setting from Googles DNS entries for the domain.
I did not find apache2* installed in any capacity on the system. apt-get remove apache2* gave a long list of not installed apache2 packages and shared libs. I did find the old kernal images were still kicking around from the last upgrade, so I apt-get autoremove 'd them and rebooted. Everything came up good again at least from the status page.
I will install SSL certs and see if doing nothing but posting here my problem, has fixed my problem. 
Really depends on the TTL on the domain. I set mine pretty low (30 mins) as this helps when you are going to move to a different IP, etc. New domains, that is a whole different ball of wax. Even with a low TTL, I still find it takes about 2 hours for my home internet connection to pick up the new IP when I change it.
Either way, glad you are all up and running!
Ok, more issues, not out of the woods yet.
When I provision the lets Encrypt ssl cert I get an error,
Something unexpected went wrong: The HTTP Validation challenge forwww.BOX.MY-NEW-SITE.COMfailed: DNS problem: SERVFAIL looking up CAA for www.BOX.MY-NEW-SITE.COM
from the log this looks the most interesting:
Validation file is not present --- a file must be installed on the web server.
What file must be installed on the server that is not found? wrong location its looking in?
So this record should point to letsencrypt.org?
Ok, So a CAA file limits which cert authorities can publish a cert for your domain.
I found this site to generate a CAA record https://sslmate.com/caa/ and have entered what it says. I setup a CAA record for each MY-NEW-SITE.com and BOX.MY-NEW-SITE.COM
First try through failed. Next step is to setup DNSSEC again and see if that helps. At this point I’m throwing darts in a dark room. What Gives?
I haven’t had this much issues installing MIAB, wtf lol
back to my initial question, Is is possible to install a previous version without so many bugs?
I’m not an expert on installing old version, but I suspect you can pull the old version from here.
I see all of the old releases there, but I think we should try to get the latest installed. Can you send me a picture of the TSL/SSL page on this MiaB? I’d like to see what it is showing you.
Hmmm well I was able to get back to this install after dinner here and found the issue has popped up again. Something is not working properly.
Nameserver glue records are incorrect [Not Set]/[Not Set].
This domain must resolve to your box's IP address
The nameservers set on this domain are incorrect. They are currently [Not Set].
I might try and reinstall ubuntu 14.04 again. Is there any way the latest updates have broken something?
Is there any special port configuration needed?
Ports allowed
ufw status
22 ALLOW Anywhere 53 ALLOW Anywhere 25/tcp ALLOW Anywhere 587 ALLOW Anywhere 993 ALLOW Anywhere 995 ALLOW Anywhere 4190/tcp ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 53 (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) 587 (v6) ALLOW Anywhere (v6) 993 (v6) ALLOW Anywhere (v6) 995 (v6) ALLOW Anywhere (v6) 4190/tcp (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Ok, well, we need to see if the DNS is resolving correctly from outside. I know you want to keep the domain out of the forums, but if you send me a PM with the domain name I can test it to see what I am getting for an IP and if it is even resolving correctly.
These are all correct. I did not bother with IPv6 on my install at the moment, but that looks correct too.
Oh, and we need to confirm with your VPS vendor is these ports are open to the VPS. I suspect they are if they gave you a static IP, but it would not hurt to confirm. We will need to do a port scan against the VPS to see if these are open.[quote=“just_a_warning, post:12, topic:2768”]
Nameserver glue records are incorrect [Not Set]/[Not Set].
[/quote]
This is the key here to solve everything. We need to confirm what your register has for NS records for this domain.
Well, I decided to go another direction for the email services needed here. I will check back on a later version and see if things have been worked out.
Thanks for the help on this issue @cwilkins! Very much appreciated.
I burned my Linode down and abandoned MIAB for now. I hope adoption of ubuntu 16.04 comes smoothly and provides needed improvements.
This glue record is done at your registrar, not on your box.
@just_a_warning I would contact your registrar, also note: it can take up to 48 HOURS for glue records to propagate properly and thus some services will not be available until then.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.