exim.crt errors

**simplybe** · 05-04-2007 05:08 AM

Been seeing these in the exim logs since yesterday:

2007-05-04 11:06:10 TLS error on connection from (xxncxxk) [90.xxx.xxx.xxx] (SSL_CTX_use_certificate_chain_file file=/etc/exim.crt): error:0200100D:system library:fopen:Permission denied

Any ideas what the cause is.

Thanks

**TSJasonH** · 05-04-2007 05:32 AM

I'm also now seeing this with the new exim 4.66 on some servers (rhel 3).

**rpmws** · 05-04-2007 06:53 AM

if you guys are using cp11 you will find a server certificates manager in the left menu of WHM under service configuration ..you will see "manage service certificates"

Go into that sections and see if you can select the certificate again that you want to use for exim and basically re-install or re-link it but going through that process. look for errors when exim restarts.

**serversphere** · 05-04-2007 10:41 AM

RPM - you sure? looks more like a permissions error than anything else. Or did the update to v11 mux up the key when it moved it? I get no errors when exim restarts. No errors when doing /scripts/eximup --force except that it cannot write to the crt/key files. Yet the files are there and the links are in place... weird!

**serversphere** · 05-04-2007 11:35 AM

Okay, just got this fixed. Check permissions on both your links in /etc (/etc/exim.key and /etc/exim.crt) and the ones in /var/cpanel/ssl/exim. Make sure they are owned by mailnull:mail. Restart courier-imap, cpanel and exim. See if that does it for you.

ps - make sure your key files are only root read/write-able. You don't want that key getting out for any reason.

**simplybe** · 05-04-2007 12:39 PM

just checked and those files are owned by root:root. Just chowned them, so will see if the errors stop.

Thanks

**serversphere** · 05-04-2007 01:14 PM

Originally Posted by simplybe

just checked and those files are owned by root:root. Just chowned them, so will see if the errors stop.

Thanks

Mine were like that as well. Change ownership and you should be good.

**rpmws** · 05-04-2007 02:22 PM

Originally Posted by serversphere

RPM - you sure? looks more like a permissions error than anything else. Or did the update to v11 mux up the key when it moved it? I get no errors when exim restarts. No errors when doing /scripts/eximup --force except that it cannot write to the crt/key files. Yet the files are there and the links are in place... weird!

absolutely a perms/ownership issue or a combination. I just fixed a box just using the SSL installer on exim. That's why I suggested that. It worked on a centos box.

**FC5_Slut** · 05-04-2007 04:58 PM

Excellent Beta Testing Upgrades!

Much Appreciated heh.

**cpanelnick** · 05-04-2007 05:00 PM

Can't find anything that would set it to not be owned by mailnull:mail (Cpanel::SSLCerts takes care of this).

If affected posting :

ls -l /etc/exim.crt /etc/exim.key

would be extremely helpful.

In the mean time 11619+ will check to make sure they are correct at upcp time.

**serversphere** · 05-04-2007 05:57 PM

Cool thanks Nick. Does the upgrade to v11 simply move the files to the new directory and then symlink to them? Maybe they were root:root all along and worked that way in the past..?

**cpanelnick** · 05-04-2007 06:28 PM

Originally Posted by serversphere

Cool thanks Nick. Does the upgrade to v11 simply move the files to the new directory and then symlink to them? Maybe they were root:root all along and worked that way in the past..?

11.x moves them all in /var/cpanel/ssl/SERVICE_NAME_HERE/

and symlinks them.

LinkBack

Thread Tools

exim.crt errors

perl/Exim errors - Exim not starting

Exim errors with jailshell

exim.crt & key don't exist?

How can I restart exim so it refreshes the SSL exim.crt and .key?

How Can I updated /etc/exim.crt and /etc/exim.key?