TheHolbi

When upgrading from 10.1, 10.2, 10.3 to 10.11 to find the proper MariaDB repo you can use this service: curl -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version="mariadb-10.11" Description: Link: https://mariadb.com/kb/en/mariadb/mariadb-package-repository-setup-and-usage/

CSF replacement tested in old Centos 7, AlmaLinux 8.10 and AlmaLinux 9.6The CSF project is continuing as Open Source project, the website is here: https://docs.configserver.dev/ Github: https://github.com/Aetherinox/csf-firewall And as it was suggested in article https://www.jaspreet.net/2025/09/06/3180/how-to-fix-csf-firewall-error-oops-unable-to-download-no-host-option-provided/ you have to update the content of /etc/csf/downloadserver Comment out (or delete) the old content of the file and set the new line of download server: download.configserver.dev Restart CSF and from the GUI of CWP update Firewall. The result will be appear in the screen, and the CFS/LFD will update to the current version: Status: csf: v15.01 (CentOS Web Panel) Or, you can use the solution suggested by @Starburst above.

I did an experiment with Remi based multi PHP. Here is the install script: #!/usr/bin/env bash set -euo pipefail # --- 0. Repos dnf install -y epel-release dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm # --- 1. Which PHP SCL version do you want to install VERSIONS=("php83" "php84") # If only 8.4 needs, let: ("php84") # Base PHP exts (for both PHP versions) BASE_PKGS=( php-fpm php-cli php-common php-opcache php-mysqlnd php-mbstring php-zip php-bcmath php-process php-exif php-calendar php-tidy php-curl php-iconv php-gmp php-pspell php-gd php-xml php-xsl php-soap php-intl php-imap php-sockets php-sodium php-gettext php-bz2 ) # PECL add-ons (Usually used with CWP Pro ) PECL_PKGS=( php-pecl-imagick-im7 php-pecl-memcache php-pecl-redis php-pecl-apcu php-pecl-mcrypt # you may remove it, if no need ) # System libs for GD (webp/avif/jpeg/freetype) and imagick running dnf install -y libavif libwebp libjpeg-turbo freetype ImageMagick aspell aspell-en # --- 2. Install the selected SCL PHP for V in "${VERSIONS[@]}"; do SAFE_PREFIX="${V/83/83}" # for example: V e.g. "php84" echo "===> Installing: ${V} (Remi SCL)" dnf --enablerepo=remi-safe install -y \ $(printf '%s ' "${BASE_PKGS[@]/#/$(echo $V)-}") \ $(printf '%s ' "${PECL_PKGS[@]/#/$(echo $V)-}") done # --- 3. Service start (itt most a 8.4-et engedélyezzük) systemctl daemon-reload systemctl enable php84-php-fpm systemctl restart php84-php-fpm systemctl enable php83-php-fpm systemctl restart php83-php-fpm echo "=== Ready: Remi SCL PHP 8.3, 8.4 installed."The place of php-fpm pool is: `nano /etc/opt/remi/php84/php-fpm.d/%username%.conf` where the %username% is the account name as usually in CWP Pro. php-fpm pool template with manual setup: [%username%] listen = /var/opt/remi/php84/run/php-fpm/%backend%.sock listen.owner = "%username%" listen.group = nobody listen.mode = 0660 user = "%username%" group = "%username%" pm = ondemand pm.max_children = 4 pm.max_requests = 4000 pm.process_idle_timeout = 15s rlimit_files = 131072 rlimit_core = unlimited catch_workers_output = yes env[HOSTNAME] = $HOSTNAME env[TMP] = %home%/%username%/tmp env[TMPDIR] = %home%/%username%/tmp env[TEMP] = %home%/%username%/tmp env[PATH] = /opt/remi/php84/root/usr/bin:/usr/local/bin:/usr/bin:/binIf you use PHP 8.3 change version and set path accordingly. Change in generated Vhost template manually: <FilesMatch \.php$> SetHandler "proxy:unix:/var/opt/remi/php84/run/php-fpm/%username%.sock|fcgi://localhost" </FilesMatch>The only drawback is that we cannot use the excellent GUI features of CWP Pro this way, but everything runs flawlessly, and this PHP (both 8.3 and 8.4) integrates the correct version of OpenSSL 3.x. @Starburst You can try it. @Sandeep B. How we can integrate it into GUI ?

We could also use the PHP packages described in https://blog.remirepo.net/ . Remi's PHP versions are automatically updated, its have everything wee need for AlmaLinux 9.x, we just need to configure the PHP-FPM service and coordinate it with the CWP Apache and NGINX vhost templates. And this can be done even without the GUI. I use a similar setup on my development system under Ubuntu with the multi-php repo there.

🔍 Issue Summary (CSF v15.00):csf and lfd are both properly installed and running: systemctl status csf → active (exited) systemctl status lfd → active (running) Manual commands such as csf -e, csf -r work as expected lfd.log confirms proper startup, log watching, and IP tracking However, the CSF firewall still shows as "Disabled" on the CWP Admin interface. ✅ What Works Correctly (on another server):On a similar environment (CWP Pro + AlmaLinux 9.x), the CSF firewall is correctly shown as active in the CWP interface when using csf v14.24 (CentOS Web Panel) All functionality and UI detection works fine with that version

The CSF project is abandoned, and newly installed CWP Pro already has several issues during installation. Here is the topic: https://www.jaspreet.net/2025/09/06/3180/how-to-fix-csf-firewall-error-oops-unable-to-download-no-host-option-provided/ @Sandeep B. Do you have any idea how to replace CSF in CWP Pro servers?

Hi @Sandeep B. Updated PHP and PHP 8.4 would be very desirable. Is there anything we can do to help make this happen? For example, I manage more than 15 CWP Pro licenses on different servers, and most of them - the owners - are urging me to upgrade.

If you can build PHP 5.6 from scratch including OpenSSL v.1.1, in this case you can use AlmaLinux 9.x also. For a server I had to get PHP 5.6 running on AlmaLinux 9, but OpenSSL is not included in this PHP version yet. I had to keep a few outdated systems alive for a while. But, the CWP for AlamLinux 8 can run PHP 5.6 also.

This is the SMTP debug, from a WordPress SMTP Plugin, where the PHP is connecting to OpenSSL 1.1, instead of the OpenSSL 3.2.2: Versions: WordPress: 6.7.2 WordPress MS: No PHP: 8.2.27 WP Mail SMTP: 4.4.0 Params: Mailer: smtp Constants: No ErrorInfo: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server Host: vps.example.com Port: 465 SMTPSecure: ssl SMTPAutoTLS: bool(false) SMTPAuth: bool(true) Server: OpenSSL: OpenSSL 1.1.1t 7 Feb 2023 Debug: Email Source: WP Mail SMTP Mailer: Other SMTP SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server SMTP Debug: 2025-03-09 20:58:34 Connection: opening to ssl://vps.example.com:465, timeout=30, options=array() 2025-03-09 20:58:34 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/home/user/public_html/wp-includes/PHPMailer/SMTP.php line 412] 2025-03-09 20:58:34 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [/home/user/public_html/wp-includes/PHPMailer/SMTP.php line 412] 2025-03-09 20:58:34 Connection failed. Error #2: stream_socket_client(): Unable to connect to ssl://vps.example.com:465 (Unknown error) [/home/user/public_html/wp-includes/PHPMailer/SMTP.php line 412] 2025-03-09 20:58:34 SMTP ERROR: Failed to connect to server: (0) SMTP Error: Could not connect to SMTP host. Failed to connect to server

So, we need change the PHP build script to include the right OpenSSL library (e.g. 3.2.2 for the AlmaLinux 9.5), or we need to move the OpenSSL 3.x to location /usr/local/opensslso/ instead of the v.1.1. The CWP uses PHP 7.x for admin-panel function so, the OpenSSL v.1.1 is not removable. @Sandeep B. What is your opinion?

Output of command (PHP 8.2): php -i | grep "OpenSSL" SSL Version => OpenSSL/3.2.2 OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1t 7 Feb 2023 OpenSSL Header Version => OpenSSL 1.1.1t 7 Feb 2023 Native OpenSSL support => enabled Output of command (PHP-FPM 8.3): /opt/alt/php-fpm83/usr/bin/php -i | grep "OpenSSL" SSL Version => OpenSSL/3.2.2 OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.1.1t 7 Feb 2023 OpenSSL Header Version => OpenSSL 1.1.1t 7 Feb 2023 Native OpenSSL support => enabled php -i | grep "Configure Command" Configure Command => './configure' '--with-config-file-path=/usr/local/php' '--enable-cgi' '--with-config-file-scan-dir=/usr/local/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-gmp' '--with-pspell' '--enable-gd' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-avif' '--with-zlib-dir=/usr' '--with-xpm' '--with-openssl' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--with-kerberos' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-imap' '--with-imap-ssl' '--with-password-argon2' 'PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig' /opt/alt/php-fpm83/usr/bin/php -i | grep "Configure Command" Configure Command => './configure' '--prefix=/opt/alt/php-fpm83/usr' '--with-config-file-path=/opt/alt/php-fpm83/usr/php' '--with-config-file-scan-dir=/opt/alt/php-fpm83/usr/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-iconv' '--with-gmp' '--with-pspell' '--enable-gd' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-avif' '--with-zlib-dir=/usr' '--with-xpm' '--with-openssl' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--with-kerberos' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-imap' '--with-imap-ssl' '--enable-fpm' '--enable-opcache' '--with-password-argon2' 'PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig' The PHP is configured to use OpenSSL from: 🔴 PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig This means PHP is still linked to OpenSSL 1.1.1t instead of OpenSSL 3.2.2. @Sandeep B. Do you have any suggestion to correct it as fast as possible? May all CWP in AlmaLinux 9 have this issue.

Resolved:The solution of TLSv1.3 in AlmaLinux 9.5 with CWP Pro was reinstall hostname certificates (for all services) in the Change Hostname menu with 4096 size key. After then all issue was resolved, and the TLSv1.3 check was pass in both way, from terminal and from browser also. Of course in all templates and Nginx config files was changed the setting to ssl_protocols TLSv1.2 TLSv1.3;

The output of command: `update-crypto-policies --show` is “DEFAULT“ In addition I tried to set in AlmaLinux 9.5 the following settings: `sudo update-crypto-policies --set FUTURE` and it cause error on Nginx configuration: `2025/01/25 13:01:53 [emerg] 69470#69470: SSL_CTX_use_certificate("/etc/pki/tls/certs/hostname.bundle") failed (SSL: error:0A00018F:SSL routines::ee key too small)`

Yes, it would be good to extend this guide for http3 support and AlmaLinux 9.x support, with OpenSSL 3.x.

@Sandeep B. How to modify the sequence described in this post, if using AlmaLinux 9.5 with latest CWP and the OpenSSL version in the server is 3.2.2 ? The TLSv1.2 with HTTP\2 is running well, and all CWP Nginx templates was modified to use ssl_protocols TLSv1.2 TLSv1.3; but TLS v 1.3 failed on the tests at https://www.cdn77.com/tls-test and also failed with terminal tests like: openssl s_client -connect example.com:443 -tls1_3 -debug while openssl s_client -connect example.com:443 -tls1_2 -debug is OK. And no error messages in the nginx log. Do you have any suggestion or my missing some necessary component in AlmaLinux 9.x ? Any help or ideas will be appreciated. Thanks for advance.