Koozali.org: home of the SME Server

Generage New Cert

Offline Smitro

  • *
  • 350
  • +0/-0
Generage New Cert
« on: June 19, 2010, 08:30:09 AM »
Help, I've bugged this.

Someone notified me that my Certificate was out of date (acctually out by 1 year) and I hadn't noticed. So I thought I better fix this.

To fix this I tried the following.
Code: [Select]
rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
signal-event post-upgrade
signal-event reboot
Taken From: http://wiki.contribs.org/Certificates_Concepts

Unfortunatly mind did not generate a new SSL. My Web server didn't come back up. So now I don't have "http" and "https" serving from this server, but I can access mail and SSH.

Help. How do I fix this? Why didn't it generate a new Cert?
.........

Offline Smitro

  • *
  • 350
  • +0/-0
Re: Generage New Cert
« Reply #1 on: June 19, 2010, 09:22:47 AM »
Ok, I've found this in the messages log:
Code: [Select]
Jun 19 16:41:18 box1 esmith::event[3004]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: Program fragment delivered error <<Could not open crt file: No such file or directory at /etc/e-smith/templates///home/e-smith/ssl.pem/40crt line 15.>> at template line 1
Jun 19 16:41:18 box1 esmith::event[3004]: ERROR: Template processing failed for //home/e-smith/ssl.pem/box1.mailoz.com.pem: 1 fragment generated errors
Jun 19 16:41:18 box1 esmith::event[3004]:  at /etc/e-smith/events/actions/generic_template_expand line 56

There is a file at:
/etc/e-smith/templates/home/e-smith/ssl.pem/40crt

Should there be?
.........

Offline janet

  • *****
  • 4,812
  • +0/-0
Re: Generage New Cert
« Reply #2 on: June 19, 2010, 03:22:47 PM »
Smitro

Quote
There is a file at:
/etc/e-smith/templates/home/e-smith/ssl.pem/40crt
Should there be?

Yes

Quote
...My Web server didn't come back up. So now I don't have "http" and "https" serving from this serve...

Check services are enabled and running, what do the following say ?
config show httpd-e-smith
config show httpd-admin
sv s /service/httpd-e-smith
sv s /service/httpd-admin


Re:
Quote
rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem

Did you change servername.domain.com.xxx to match the name of your server and domain ?

What does this command show
config show modSSL

What do these commands show
ls -al /home/e-smith/ssl.crt
ls -al /home/e-smith/ssl.key
ls -al /home/e-smith/ssl.pem

Also look in /etc/e-smith/templates-custom/home/e-smith/
for any custom templates re ssl, and I would suggest to move those to /tmp or delete those, and then run the
rm and signal-event commands again.

PS You can give your new self signed certificate a longer validity to save this hassle every year, follow these steps
http://wiki.contribs.org/Certificates_Concepts#Expiration_time_of_the_self_signed_certificate

If the abovementioned initial troubleshooting steps do not identify the issue, you should lodge a bug report
« Last Edit: June 20, 2010, 01:08:48 AM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Generage New Cert
« Reply #3 on: June 19, 2010, 04:57:47 PM »
Help, I've bugged this.

Do you mean "I've opened a bug report"? I can't find a report of this problem in the bug tracker. Please provide a reference here - what is the bug report number?

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Generage New Cert
« Reply #4 on: June 22, 2010, 03:00:16 PM »
Someone notified me that my Certificate was out of date (acctually out by 1 year)

Smitro, have you reported details of this problem via the bug tracker?

Offline Smitro

  • *
  • 350
  • +0/-0
Re: Generage New Cert
« Reply #5 on: June 22, 2010, 03:53:08 PM »
Sorry, Charlie, havn't had a chance yet, stuck with my head in a few projects. I managed to pull these files from backup in order to get my server running for now, but I definatly would like to resolve this, so I will report it as a bug.

btw - when I said I'd "bugged" this, it was a typo, I'd "Buggered" it (aka Stuffed it!).
.........