Topic: Tried to Regenerate the SSL now we can't access http at all

[dws4wdr]

WE removed the www host from our server and attempted to renew our ssl (self assigned). now we have no access to any http. my httpd-e-smith say down but no errors. Any Ideas what to do? Also this has broke our Imap connections.

[mmccarn]

Did you renew your ssl according to the instructions here: http://wiki.contribs.org/SME_Server:Documentation:FAQ#Server-Manager

Or using some other method?

[cactus]

WE removed the www host from our server and attempted to renew our ssl (self assigned). now we have no access to any http. my httpd-e-smith say down but no errors. Any Ideas what to do? Also this has broke our Imap connections.

Are there any clues in the log files? Check /var/log/messages and /var/log/httpd/error_log.

[dws4wdr]

I just tried the wiki. Still no http access. In the admin console I get access denied. Also we are not able to make any imap connections to the server. I can view files and folders via \\servername\

sv restart /service/httpd-e-smith
ok: run: /service/httpd-e-smith: (pid 6038) 0s, normally down

[dws4wdr]

Also,
The /home/e-smith/ssl.crt/ is empty I thought it should regenerate after signal-event domain-modify; signal-event reboot ?

[mmccarn]

You may want to re-create the 'www' entry (but you shouldn't need to).

you may have to completely close and reopen your browser (all windows!) to clear out any locally cached information (just guessing).

If your earlier attempt to renew your certificate wasn't according to the notes I posted earlier you may well need to 'un do' those changes...

[dws4wdr]

sv status /service/httpd-e-smith
down:

?

[dws4wdr]

Admin Error Log..

[Mon Oct 08 08:55:59 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 08:55:59 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 08:55:59 2007] [notice] Digest: done
[Mon Oct 08 08:55:59 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 08:59:17 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 09:02:17 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 09:02:17 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 09:02:17 2007] [notice] Digest: done
[Mon Oct 08 09:02:17 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 09:57:02 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 09:57:03 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 09:57:03 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 09:57:03 2007] [notice] Digest: done
[Mon Oct 08 09:57:03 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 10:03:33 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 10:03:33 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 10:03:33 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 10:03:33 2007] [notice] Digest: done
[Mon Oct 08 10:03:34 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 10:26:01 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 10:27:50 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 10:27:50 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 10:27:50 2007] [notice] Digest: done
[Mon Oct 08 10:27:51 2007] [notice] Apache configured -- resuming normal operations


Error Log


[Mon Oct 08 06:56:17 2007] [warn] RSA server certificate CommonName (CN) `www.ezwilson.com' does NOT match server name!?
[Mon Oct 08 06:56:17 2007] [warn] RSA server certificate CommonName (CN) `www.ezwilson.com' does NOT match server name!?
[Mon Oct 08 06:56:17 2007] [warn] RSA server certificate CommonName (CN) `www.ezwilson.com' does NOT match server name!?
[Mon Oct 08 06:56:17 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 07:04:07 2007] [notice] caught SIGTERM, shutting down

[cactus]

Admin Error Log..

[Mon Oct 08 08:55:59 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 08:55:59 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 08:55:59 2007] [notice] Digest: done
[Mon Oct 08 08:55:59 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 08:59:17 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 09:02:17 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 09:02:17 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 09:02:17 2007] [notice] Digest: done
[Mon Oct 08 09:02:17 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 09:57:02 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 09:57:03 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 09:57:03 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 09:57:03 2007] [notice] Digest: done
[Mon Oct 08 09:57:03 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 10:03:33 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 10:03:33 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 10:03:33 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 10:03:33 2007] [notice] Digest: done
[Mon Oct 08 10:03:34 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 10:26:01 2007] [notice] caught SIGTERM, shutting down
[Mon Oct 08 10:27:50 2007] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Oct 08 10:27:50 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Oct 08 10:27:50 2007] [notice] Digest: done
[Mon Oct 08 10:27:51 2007] [notice] Apache configured -- resuming normal operations


Error Log


[Mon Oct 08 06:56:17 2007] [warn] RSA server certificate CommonName (CN) `www.ezwilson.com' does NOT match server name!?
[Mon Oct 08 06:56:17 2007] [warn] RSA server certificate CommonName (CN) `www.ezwilson.com' does NOT match server name!?
[Mon Oct 08 06:56:17 2007] [warn] RSA server certificate CommonName (CN) `www.ezwilson.com' does NOT match server name!?
[Mon Oct 08 06:56:17 2007] [notice] Apache configured -- resuming normal operations
[Mon Oct 08 07:04:07 2007] [notice] caught SIGTERM, shutting down

Are those the ones generated at the time you made your new certificate? Please post them as well...

[mmccarn]

I found a note in this bug http://bugs.contribs.org/show_bug.cgi?id=2257 suggesting

Code: [Select]

expand-template /home/e-smith/ssl.pem/pem
(It looks like this is run by signal-event domain-modify...)

You could run this command manually and see if it generates any errors.

It looks like this template is going to use DomainName, SystemName and modSSL:crt from the configuration database - if there are problems with any of these hopefully running the 'expand-template' manually will tell you so.

Otherwise, I'll ask again - what *did* you do to 'renew the certificate' on your server?

[dws4wdr]

Initially I ran the updates this morning from server-manager. Rebooted then removed the "www" hostname and deleted the 2 crt files. I know now that was the wrong way. Rebooted again

[dws4wdr]

Managed to get a little further..
I -->
[root@mail e-smith]# expand-template /home/e-smith/ssl.key/key
[root@mail e-smith]# expand-template /home/e-smith/ssl.crt/crt
[root@mail e-smith]# expand-template /home/e-smith/ssl.pem/pem

 the files are now located in the proper folders but still no http access

[mmccarn]

It sounds like you should open a bug http://bugs.contribs.org/enter_bug.cgi

[dws4wdr]

<<-----Fixed!---->
Shad L. Lords found my problem.
------------------------------------------

[Quoting]
Someone messed up your configuration.

config delprop modSSL crt
config delprop modSSL key
rm -f /home/e-smith/ssl.*/*
signal-event post-upgrade
reboot

Check the history and determine when the crt and key properties were set.  That
is what has messed up the server.