Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: jameswilson on April 10, 2017, 11:31:06 AM
-
This morning people have been reporting they cant send email.
Thunderbird is reporting an unknown error
When connecting to server manager i get the SEC_ERROR_REVOKED_CERTIFICATE error and cannot connect I assume this is the issue.
Ive performed a reboot too
I assume i need to regenerate the certificate but i cant find the command to do this?
James
-
well.. did you log in as root and check your logs?
are you using letsencrypt? any other paid SSL cert? standard/self signed one?
-
No just using the self signed cert
rm /home/e-smith/ssl.{crt,key,pem}/*
config delprop modSSL CommonName
config delprop modSSL crt
config delprop modSSL key
signal-event post-upgrade
signal-event reboot
I found the above in the manual but now apache wont start
Syntax error on line 133 of /etc/httpd/conf/httpd.conf:
SSLCertificateChainFile: file '/home/e-smith/ssl.crt/GlobalSign.crt' does not exist or is empty
-
Thinking about it this server used to have a commercial certificate for an ecom site i used to host on it. But this was moved onto paid hosting some 4 years ago.
-
is GlobalSign your domain? I don't think so
crt file should look like FQDN.crt
are you sure you're not using any kind of customization?
-
Thinking about it this server used to have a commercial certificate for an ecom site i used to host on it. But this was moved onto paid hosting some 4 years ago.
mid air collision :-)
well,
config show modSSL
and
/sbin/e-smith/audittools/templates
-
no I think they provided the ssl cert. It was originally done on a sme 7 server years ago.
I have restored that crt file from a backup and apache is now working. But
config show modSSL
modSSL=service
CertificateChainFile=/home/e-smith/ssl.crt/GlobalSign.crt
SSLCACertificateFile=/home/e-smith/ssl.crt/evcert11/gs-root.pem
SSLCertificateChainFile=/home/e-smith/ssl.crt/evcert11/intermediate.pem
SSLCertificateFile=/home/e-smith/ssl.crt/evcert11/smebox.securitywarehouse.crt
SSSLCACertificateFile=/home/e-smith/ssl.crt/evcert11/gs-root.pem
TCPPort=443
access=public
cafile=/home/e-smith/ssl.pem/smebox.securitywarehouse.co.uk.pem
status=enabled
[root@smebox ssl.crt]#
[root@smebox ssl.crt]# /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/modules.conf/10i2c: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/95AddType00PHP2ibays: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80zabbix: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/50DirectoryIndex00: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/93phpBB: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/85SogoAccess: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/php.ini/90EacceleratorSettings: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/php.ini/70DynamixExtension90Eaccelerator: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/sysctl.conf/kernel.shm: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/clamd.conf/25OLE2BlockMacros: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/php5.ini/70DateTime: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/home/e-smith/ssl.crt: MANUALLY_ADDED, OVERRIDE
-
so you're definitely using a 3rd part cert, not the self signed one..
I'd take a look at
/etc/e-smith/templates-custom/home/e-smith/ssl.crt: MANUALLY_ADDED, OVERRIDE
if you just want to use your self signed cert:
config delete modSSL
/etc/e-smith/events/actions/initialize-default-databases
signal-event post-upgrade
signal-event reboot
if you need a valid cert, take a look at letsencrypt
-
Brilliant Thanks
-
if you need a valid cert, take a look at letsencrypt
Indeed. https://wiki.contribs.org/Letsencrypt