Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: Smitro on June 19, 2010, 08:30:09 AM
-
Help, I've bugged this.
Someone notified me that my Certificate was out of date (acctually out by 1 year) and I hadn't noticed. So I thought I better fix this.
To fix this I tried the following.
rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
signal-event post-upgrade
signal-event reboot
Taken From: http://wiki.contribs.org/Certificates_Concepts
Unfortunatly mind did not generate a new SSL. My Web server didn't come back up. So now I don't have "http" and "https" serving from this server, but I can access mail and SSH.
Help. How do I fix this? Why didn't it generate a new Cert?
-
Ok, I've found this in the messages log:
Jun 19 16:41:18 box1 esmith::event[3004]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: Program fragment delivered error <<Could not open crt file: No such file or directory at /etc/e-smith/templates///home/e-smith/ssl.pem/40crt line 15.>> at template line 1
Jun 19 16:41:18 box1 esmith::event[3004]: ERROR: Template processing failed for //home/e-smith/ssl.pem/box1.mailoz.com.pem: 1 fragment generated errors
Jun 19 16:41:18 box1 esmith::event[3004]: at /etc/e-smith/events/actions/generic_template_expand line 56
There is a file at:
/etc/e-smith/templates/home/e-smith/ssl.pem/40crt
Should there be?
-
Smitro
There is a file at:
/etc/e-smith/templates/home/e-smith/ssl.pem/40crt
Should there be?
Yes
...My Web server didn't come back up. So now I don't have "http" and "https" serving from this serve...
Check services are enabled and running, what do the following say ?
config show httpd-e-smith
config show httpd-admin
sv s /service/httpd-e-smith
sv s /service/httpd-admin
Re:
rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
Did you change servername.domain.com.xxx to match the name of your server and domain ?
What does this command show
config show modSSL
What do these commands show
ls -al /home/e-smith/ssl.crt
ls -al /home/e-smith/ssl.key
ls -al /home/e-smith/ssl.pem
Also look in /etc/e-smith/templates-custom/home/e-smith/
for any custom templates re ssl, and I would suggest to move those to /tmp or delete those, and then run the
rm and signal-event commands again.
PS You can give your new self signed certificate a longer validity to save this hassle every year, follow these steps
http://wiki.contribs.org/Certificates_Concepts#Expiration_time_of_the_self_signed_certificate
If the abovementioned initial troubleshooting steps do not identify the issue, you should lodge a bug report
-
Help, I've bugged this.
Do you mean "I've opened a bug report"? I can't find a report of this problem in the bug tracker. Please provide a reference here - what is the bug report number?
-
Someone notified me that my Certificate was out of date (acctually out by 1 year)
Smitro, have you reported details of this problem via the bug tracker?
-
Sorry, Charlie, havn't had a chance yet, stuck with my head in a few projects. I managed to pull these files from backup in order to get my server running for now, but I definatly would like to resolve this, so I will report it as a bug.
btw - when I said I'd "bugged" this, it was a typo, I'd "Buggered" it (aka Stuffed it!).