Want more timely Centmin Mod News Updates?
Become a Member

PHP-FPM Downgrade from php 8.2.x to 7.3.x failed

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by pamamolf, Mar 12, 2026.

  1. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Hi,

    I got a new server (Alma Linux 9,7) and installed Centminmod 140.00 beta01 without any issues using the installer for php 8.2.

    The site that i will use on this server needs the php 7.3.x version. I know EOL and shouldn't but until it is updated and support higher versions i have to use this version.

    When i used the option 5 to install the latest version 7.3.33 i got at the end:



    Code:
    make: *** [Makefile:752: ext/openssl/openssl.lo] Error 1
    make: *** Waiting for unfinished jobs....
    
    real    0m6.791s
    user    0m25.287s
    sys     0m6.246s
    
    Thu Mar 12 12:58:05 PM CET 2026
    Error: 2, PHP make failed (140.00beta01.b294)

    My persistent config:

    Code:
    NSD_INSTALL='n'
    NGINX_SUB='n'
    NGINX_ADDITION='n'
    NGINX_IMAGEFILTER='n'
    NGINX_HTTPCONCAT='n'
    NGINX_PAGESPEED='n'
    NGINX_DYNAMICTLS='y'
    NGINX_HPACK='y'
    NGINX_SSL_CACHE='y'
    CLOUDFLARE_ZLIB='n'
    PHP_PGO='n'
    PHP_TUNING='n'
    PHP_OVERWRITECONF='n'
    AUTOTUNE_CLIENTMAXBODY='n'
    REDIS_SERVER_INSTALL='y'
    LETSENCRYPT_DETECT='y'
    ACME_DEFAULT_CA='letsencrypt'
    DUALCERTS='y'
    SELFSIGNEDSSL_ECDSA='y'
    DEVTOOLSETTEN='y'
    MENUEXIT_ALWAYS_YUMCHECK='y'
    DISABLE_IPVSIX='n'
    ENABLEMOTD='n'
    MYSQLADMIN_SHELL='y'
    SET_DEFAULT_MYSQLCHARSET='utf8mb4'
    SELFSIGNEDSSL_ECDSA='y'
    PHPFINFO='y'
    PHP_OVERWRITECONF='n'
    PYTHON_INSTALL_ALTERNATIVES='y'
    I am attaching the related log file as: centminmod_140.00beta01.b294_120326-125600_php_upgrade.zip

    It seems that it has an issue with openssl.... ?

    Any help please?

    Thanks in advance !
     

    Attached Files:

  2. eva2000

    eva2000 Administrator Staff Member

    59,120
    12,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,138
    Local Time:
    4:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Yeah won't work, EL9 min PHP version is PHP 7.4 unfortunately as PHP 7.3 or older don't support EL9's OpenSSL 3.x and not available PHP <=7.3 patches for EL9. If you need to use PHP 7.4, use EL8 os like AlmaLinux 8
     
  3. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Thanks for your reply !

    Is it possible if i use Alma Linux 8 when i use system updates to get the latest Openssl unsupported version and break php 7.3.x ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    59,120
    12,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,138
    Local Time:
    4:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    EL8 uses OpenSSL 1.1.1 branch only never OpenSSL 3.x so no chance of that happening
     
  5. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    As this server is a secondary as clone of another server i added the same domain using the option of using a custom ssl certificate.

    What's the best approach to use on this secondary server the Let's Encrypt certificate that i would like to use?

    1) Can i copy any files from the main server to the secondary server?
    2) Use somehow a way to get the certificate without changing the DNS A record?
    3) When needed for this serve to be used to just install the certificate when changing the Dns A record?

    It should be auto renew without the Dns A record too.

    Thanks in advance !
     
  6. eva2000

    eva2000 Administrator Staff Member

    59,120
    12,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,138
    Local Time:
    4:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
  7. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Yes i am using Cloudlfare and my DNS A record points to main server and i am looking for a way to get the certificate to my second server.

    Thanks !
     
  8. eva2000

    eva2000 Administrator Staff Member

    59,120
    12,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,138
    Local Time:
    4:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Cloudflare DNS API method should work then as it validates using TXT DNS record not DNS A/AAAA records
     
  9. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    Great !

    One last question about the Dkim generation.

    As i use the same hostname if i generate the Dkim keys they may have the same dns record prefix?

    Then i will not be able to add them as DNS records as the same ones will exist from the main server?

    Thanks in advance !
     
  10. eva2000

    eva2000 Administrator Staff Member

    59,120
    12,506
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,138
    Local Time:
    4:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Yes, running opendkim.sh independently on two servers with the same domain generates two different private keys. Since DNS only holds one public key per DKIM selector (e.g., default2026._domainkey.yourdomain.com), one server's signatures will fail verification.

    I just updated 132.00stable, 140.00beta01 and 141.00beta01 to support a workaround outlined below, so run cmupdate first.

    The conflict depends on whether you’re referring to the server’s main hostname or a hosted site domain (vhostname). opendkim.sh handles these as two separate cases. Running it independently on both servers generates different private keys. Since DNS only holds one public key per DKIM selector (e.g., default2026._domainkey.yourdomain.com), one server’s signatures will fail verification.

    Scenario 1 — Same server main hostname on both servers

    This applies when both servers share the same FQDN (e.g., server.example.com), which opendkim.sh auto-detects via hostname -f. Running addons/opendkim.sh without arguments triggers this path.

    Option A — Share the same DKIM private key (recommended for standby/failover clones)

    Run opendkim.sh on the secondary first to set up the service and populate KeyTable/SigningTable/TrustedHosts, then replace its generated keys with the primary’s keys:
    Code (Text):
    # On secondary: run opendkim.sh first to install and configure everything
    cd /usr/local/src/centminmod
    addons/opendkim.sh
    
    # Stop opendkim on secondary before replacing keys
    systemctl stop opendkim
    
    # On primary: rsync keys to secondary (overwrites secondary's generated keys)
    rsync -avz --no-perms --no-owner --no-group \
      /etc/opendkim/keys/server.example.com/ \
      root@secondary-ip:/etc/opendkim/keys/server.example.com/
    
    # On secondary: fix ownership and restart
    chown -R opendkim: /etc/opendkim/keys/server.example.com/
    systemctl start opendkim

    One DNS TXT record covers both servers. The public key is in /etc/opendkim/keys/server.example.com/default2026.txt on the primary server.

    Option B — Use a unique selector on the secondary server

    Code (Text):
    # On secondary: generate with a custom selector suffix
    cd /usr/local/src/centminmod
    SELECTOR="default2026sec" addons/opendkim.sh
    
    # Verify secondary config
    addons/opendkim.sh check
    
    # Verify DNS record propagated for the secondary selector
    dig +short default2026sec._domainkey.server.example.com TXT

    With Option B, two DNS TXT records are required: default2026._domainkey (primary) and default2026sec._domainkey (secondary).

    Scenario 2 — Same hosted site domain (vhostname) on both servers

    This applies when both servers host the same domain (e.g., mysite.com) and you pass it as an argument. Running addons/opendkim.sh mysite.com triggers this path.

    Option A — Share the same DKIM private key (recommended for standby/failover clones)

    Code (Text):
    # On secondary: run opendkim.sh for the vhostname first
    cd /usr/local/src/centminmod
    addons/opendkim.sh mysite.com
    
    # Stop opendkim on secondary before replacing keys
    systemctl stop opendkim
    
    # On primary: rsync vhostname keys to secondary
    rsync -avz --no-perms --no-owner --no-group \
      /etc/opendkim/keys/mysite.com/ \
      root@secondary-ip:/etc/opendkim/keys/mysite.com/
    
    # On secondary: fix ownership and restart
    chown -R opendkim: /etc/opendkim/keys/mysite.com/
    systemctl start opendkim

    Option B — Use a unique selector on the secondary server

    Code (Text):
    # On secondary: generate with a custom selector suffix
    SELECTOR="default2026sec" addons/opendkim.sh mysite.com
    
    # Verify DNS record for secondary selector
    dig +short default2026sec._domainkey.mysite.com TXT


    Which option to choose:

    Setup Recommended
    • Standby/failover — only one server sends email at a time Option A (share key via rsync)
    • Active-active HA — both servers send email simultaneously Option B (unique selector per server)
    Verify DKIM configuration on either server:

    Code (Text):
    cd /usr/local/src/centminmod
    addons/opendkim.sh check
    
    # Verify DNS TXT record is live (main hostname)
    dig +short default2026._domainkey.server.example.com TXT
    
    # Verify DNS TXT record is live (vhostname)
    dig +short default2026._domainkey.mysite.com TXT
     
  11. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    I will test on my second server the option:

    Code:
    SELECTOR="default2026sec" addons/opendkim.sh mysite.com
    SELECTOR="default2026sec" addons/opendkim.sh server.mysite.com
    
    Thanks !!!!
     
  12. pamamolf

    pamamolf Well-Known Member

    4,125
    429
    83
    May 31, 2014
    Ratings:
    +841
    Local Time:
    9:21 AM
    Nginx-1.29.x
    MariaDB 10.6.x
    All seems to be ok.

    I just notice that when i executed for my domain first i got the Dkim entry for the hostname server.mydomain.com too.

    In the past if i remember correctly i was run it once for each case.