Conflict with malware.expert

I use a subscription for modsecurity rules malware.expert
On my ubuntu 16.04 server its flawless
On ubuntu 18.04 I had to comment out line 38
restart apache
run certbot
remove the comment out
restart apache
and everything was ok
this is the 1st time i have run into this
any ideas???
below is from my apache error log
when i ran certbot only it threw all kinds of errors to terminal

Blockquote

sudo certbot --preferred-challenges http -d .org -d .org -d mail..org

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error in checking parameter list: AH00526: Syntax error on line 38 of /etc/modsecurity/modsecurity.conf:

Failed to download: "Commercial ModSecurity Rules - Malware Expert" error: Couldn't resolve host name

Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

Blockquote

modsecurity fail while downloading rules.malware.expert due to DNS error. did you check your dns?

yes once i commented out and restarted installed and restarted all the rules downloaded fine
my concern is why is letsencrypt looking at that line and kicking it

I think it’s because modsecurity is an apache mod (libapache2-modsecurity), so it called while parsing apache conf?

the crazy thing is on my other server ubuntu 16.04 which is set up the same way in the conf files there in no issue at all

it’s DNS failer - most likely config error on DNS part.
does sudo apt update works?

yes but my dns is run thru noip.com

i have static ips but im not ready to host my own dns until i get another backup server

This is seemingly a problem with your server’s own ability to resolve DNS hostnames, not a problem with DNS records that are pointed at your server. You can try curl https://rules.malware.expert/download.php?rules=generic on the server for comparison. It will likely fail too for the same reason.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.