Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: linuxhelp on November 12, 2009, 08:19:14 PM

Title: After Certificate renew httpd fails to start? (Solved)
Post by: linuxhelp on November 12, 2009, 08:19:14 PM

Hello

i made new server.key + server.crt and then signal-event domain-modify ; signal-event email-upate ;
/etc/init.d/httpd-e-smith restart;
why does httpd not start?? no Log for httpd/error_log
hmm...
do anyone knows help to renew the smeserver-certificate successful?

##Error##
[Thu Nov 12 20:38:12 2009] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock


Regards

Title: Re: After Certificate renew httpd fails to start?
Post by: CharlieBrady on November 12, 2009, 11:12:03 PM

Quote from: linuxhelp on November 12, 2009, 08:19:14 PM

i made new server.key + server.crt

Why did you do that?

Quote

##Error##
[Thu Nov 12 20:38:12 2009] [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock

A thorough search here, including the bug tracker, will find advice for you about that.

Title: Re: After Certificate renew httpd fails to start?
Post by: linuxhelp on November 12, 2009, 11:45:33 PM

Hello

the certificate was outdated this was the background of renew,
i removed older certs and solved it with http://wiki.contribs.org/Certificate/de
but i was not shure about this output:

config show modSSL:

modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    CommonName=linuxonlinehelp.dyndns.org
    TCPPort=443
    access=public
    crt=/home/e-smith/ssl.crt/mykey.crt  >>but here was crt?
    key=/home/e-smith/ssl.key/mykey.key  >>but here was key?
    status=enabled
 
is this by default?


after:

config setprop modSSL CommonName www.domain.com  <must this been set?
expand-template /home/e-smith/ssl.crt/crt
expand-template /home/e-smith/ssl.key/key
signal-event domain-modify
signal-event email-update
signal-event post-upgrade
signal-event reboot

now is

config show modSSL:
modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    TCPPort=443
    access=public
    status=enabled

without crt+key entry listed! was this the Bug??????

everything now ok..

Title: Re: After Certificate renew httpd fails to start?
Post by: CharlieBrady on November 13, 2009, 04:15:10 AM

Quote from: linuxhelp on November 12, 2009, 11:45:33 PM

the certificate was outdated this was the background of renew,

The built-in self-signed cert is replaced before it expires. Perhaps you were seeing:

http://bugs.contribs.org/show_bug.cgi?id=2257

Quote

i removed older certs and solved it with http://wiki.contribs.org/Certificate/de

I'm sorry, but I cannot read German.

Quote

modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    CommonName=linuxonlinehelp.dyndns.org
    TCPPort=443
    access=public
    crt=/home/e-smith/ssl.crt/mykey.crt  >>but here was crt?
    key=/home/e-smith/ssl.key/mykey.key  >>but here was key?
    status=enabled
 
is this by default?

No, the crt and key properties would only be set if you had done it via the command line. [Any member of the doc team should know that, or at least be able to discover that by searching here.]

after:

config setprop modSSL CommonName www.domain.com  <must this been set?
expand-template /home/e-smith/ssl.crt/crt
expand-template /home/e-smith/ssl.key/key
signal-event domain-modify
signal-event email-update
signal-event post-upgrade
signal-event reboot

now is

config show modSSL:
modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    TCPPort=443
    access=public
    status=enabled

without crt+key entry listed! was this the Bug??????
[/quote]

I don't see where you have done anything to delete the crt and key properties, so I don't think you've accurately stated what you did.

If you are going to do 'signal-event post-upgrade ; signal-event reboot' then there is no point in doing expand-template or signal-event xxx beforehand.

Quote

everything now ok..

Good. Please put [Solved] in the Subject of this thread.

Title: Re: After Certificate renew httpd fails to start? (Solved)
Post by: linuxhelp on November 13, 2009, 12:23:04 PM

Found error made by me long time ago..

http://wiki.contribs.org/Custom_CA_Certificate

Then save your CA certificate in a file named ~/cacert/{domain}.crt

    * Copy to final location

cp {domain}.crt /home/e-smith/ssl.crt/{domain}.crt
cp {domain}.key /home/e-smith/ssl.key/{domain}.key

    * Configure SME database

config setprop modSSL crt /home/e-smith/ssl.crt/{domain}.crt
config setprop modSSL key /home/e-smith/ssl.key/{domain}.key

    * and apply the changes

signal-event post-upgrade
signal-event reboot

this was it why my output of config show was modified..sorry i'm stupid

Title: Re: After Certificate renew httpd fails to start? (Solved)
Post by: CharlieBrady on November 13, 2009, 02:06:39 PM

Quote from: linuxhelp on November 13, 2009, 12:23:04 PM

this was it why my output of config show was modified..

That's also why you might have had a cert which expired, rather than have the built-in cert which is renewed when necessary.