Broke GUI Access

I’m very much a noob… I set up FreePBX 17 on a VPS running Debian 12. I’ve been accessing it via the IP Address. I decided to get a Lets Encrypt certificate, meaning I’d need to link my server to a domain. I purchased a domain, pointed the domain’s A record at the server IP, then I changed the server hostname to the domain name. Maybe this is where I went wrong? (technically, I changed the server host name BEFORE setting up DNS on my domain). Now I can’t access my server through either the domain or the IP address. I wonder if the issue is that I activated (registered) my server before changing the host name? I just get a forbidden error, or a site took too long to respond error.

Edit: I changed the hostname BACK in the command line, and that wasn’t the issue, because it’s still not loading.

Can you get ssh access, possibly through your VPS console?
If you can, you can try stopping the fail2ban service and trying to connect again.

I ran into a similar issue were I tried to setup a Lets Encrypt cert, then couldn’t access the GUI. In my case, for some reason fail2ban was basically blocking every connection for some reason. Once I was able to get back into the GUI, I was able to add an exception for my IP address.

I am just giving this in case it helps you. I never was able to fully explain what went wrong in my situation.

1 Like

I figured it out… I changed the admin port to 8080 so that I could enable Let’s Encrypt. I hadn’t finished the let’s encrypt stuff though, so I needed to add port 8080 in my address bar to access the GUI.

1 Like

But thank you so much for the input!

You are most welcome!

Well, the issue you outlined literally just happened to me. I couldn’t access the GUI until I disabled Fail2Ban (It even blocked my SSH access, I had to use the VPS provider’s terminal screen). How did you add the exception within Fail2Ban?

1 Like

@hamish I should have taken better notes, but I will write here what I remember.

First of all, I edited fail2ban’s config files directly. I learned that FreePBX will overwrite these files, so I had to look for another solution.

I then stopped the fail2ban service, which allowed me to access the GUI. I used the GUI to add the exception for my local IP address. When I clicked reload, it regenerated the config files and I was then able to to start fail2ban again.

This image is from the Intrustion Detection settings. Select trusted zone, then enter your IP or IP range into the custom whitelist field. When you press enter, it should add that IP to the whitelist.
In my instance, this resulted in the same IP being listed twice, but my custom entry was what allowed me to access the GUI.

@kgupta I think this is a bug. Trying to add a certificate shouldn’t cause fail2ban to lock us out.

Hi @petmar Are you using firewall v17.0.1.30 version ?

Commit details - Commits · FreePBX/firewall · GitHub

If yes and still seeing the issue, then could you please open issue in Github with steps to reproduce the issue in-house.

Regards
Kapil

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.