Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL/SSL problem

Discussion in 'Security' started by Fatal3rr0r, Feb 1, 2018.

Tags:
  1. Fatal3rr0r

    Fatal3rr0r Registered

    Joined:
    Feb 1, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Milano
    cPanel Access Level:
    Root Administrator
    Hi all,
    we have a big problem on autossl/ssl.
    On every renew the crt & key files are only stored in the user's home folder and we have to manually copy them to /var/cpanel/ssl/installed/certs & /var/cpanel/ssl/installed/keys.
    Then we need to add in /var/cpanel/userdata/USER/SITE_SSL:

    sslcacertificatefile: pathtocabundle
    sslcertificatefile: pathtocrt
    sslcertificatekeyfile: pathtokey

    Any hint?

    Thanks in advance
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you elaborate on the issue you are facing that's leading you to manually configure the certificate in that manner? You should not have to do that manually. Note the following modification to how SSL data is stored as of cPanel version 68:

    68 Release Notes - Version 68 Documentation - cPanel Documentation

    Thank you.
     
  3. Fatal3rr0r

    Fatal3rr0r Registered

    Joined:
    Feb 1, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Milano
    cPanel Access Level:
    Root Administrator
    We have Cpanel 68.0.28 and i forgot to say that we have nginx 1.10.2 installed too!
    We're not using custom ssl templates.

    Initially, customers warned us about the SSL problem on their site... and i found that rebuilding all nginx vhost will give me an hint about vhosts with ssl problems.

    The problem currently presents with Let's Encrypt certificates in autossl.
    Everything on the user's cpanel UI seems ok... the new certificate is installed correctly.
    The certificate is automatically installed in the user's folder (/home/USER/ssl/certs/) but is not copied to the cpanel folder (/var/cpanel/ssl/installed/certs) and the same applies to the key.

    When nginx tries to rebuild vhost on that user this is what happens:

    Generating nginx HTTP configuration file for ***SITE*** on ... /usr/local/nginx/conf/vhost.d/***SITE***.conf
    Traceback (most recent call last):
    File "/scripts/nginxctl", line 3, in <module>
    import cpnginx
    File "/usr/local/cpanel/scripts/cpnginx/__init__.py", line 1, in <module>
    import nginx
    File "/usr/local/cpanel/scripts/cpnginx/nginx.py", line 5, in <module>
    choice.options()
    File "/usr/local/cpanel/scripts/cpnginx/choice.py", line 100, in options
    core.rebuilduservhost(cpuser)
    File "/usr/local/cpanel/scripts/cpnginx/core.py", line 327, in rebuilduservhost
    vhostdata_ssl = vhost.build_vhost(userdata[domain],havessl,havedip,firewall,settings)
    File "/usr/local/cpanel/scripts/cpnginx/vhost.py", line 370, in build_vhost
    build_ssl_cert(userdata[0])
    File "/usr/local/cpanel/scripts/cpnginx/vhost.py", line 160, in build_ssl_cert
    with open(cert)as certfile:
    UnboundLocalError: local variable 'cert' referenced before assignment

    This is from the cpanel's error_log:

    [2018-01-14 21:05:05 +0100] info [uapi] Script hook returned an invalid response:
    [2018-01-14 21:05:05 +0100] info [uapi] script: /usr/local/cpanel/scripts/cpnginx/hooks/rmssldom.py
    [2018-01-14 21:05:05 +0100] info [uapi] response: Generating nginx HTTPESC[0m configuration file for ***SITE*** on ... /usr/local/nginx/conf/vhost.d/***SITE***.conf
    1
    [2018-01-14 21:05:05 +0100] info [uapi] -- End Garbage output --
    [2018-01-14 21:06:02 +0100] info [queueprocd] AutoSSL::CertificateInstalled Notification => ***EMAIL*** via EMAIL [eventimportance => High (1)]
    [2018-01-14 21:06:41 +0100] info [uapi] STDERR output from hook: /usr/local/cpanel/scripts/cpnginx/hooks/ssldom.py
    [2018-01-14 21:06:41 +0100] info [uapi] Traceback (most recent call last):
    File "/usr/local/cpanel/scripts/nginxctl", line 3, in <module>
    import cpnginx
    File "/usr/local/cpanel/scripts/cpnginx/__init__.py", line 1, in <module>
    import nginx
    File "/usr/local/cpanel/scripts/cpnginx/nginx.py", line 5, in <module>
    choice.options()
    File "/usr/local/cpanel/scripts/cpnginx/choice.py", line 94, in options
    core.rebuildvhost(rvhdom)
    File "/usr/local/cpanel/scripts/cpnginx/core.py", line 291, in rebuildvhost
    vhostdata_ssl = vhost.build_vhost(userdata[domain],havessl,havedip,firewall,settings)
    File "/usr/local/cpanel/scripts/cpnginx/vhost.py", line 370, in build_vhost
    build_ssl_cert(userdata[0])
    File "/usr/local/cpanel/scripts/cpnginx/vhost.py", line 160, in build_ssl_cert
    with open(cert)as certfile:
    UnboundLocalError: local variable 'cert' referenced before assignment
    Traceback (most recent call last):
    File "/usr/local/cpanel/scripts/cpnginx/hooks/ssldom.py", line 56, in <module>
    main()
    File "/usr/local/cpanel/scripts/cpnginx/hooks/ssldom.py", line 52, in main
    out=backport.check_output(cmd,shell=True)
    File "/usr/local/cpanel/scripts/cpnginx/hooks/backport.py", line 18, in check_output
    raise error
    subprocess.CalledProcessError: Command '/usr/local/cpanel/scripts/nginxctl rebuildvhost ***SITE***' returned non-zero exit status 1

    Adding the three lines to the files manually resolves the problem... but I hope you help me to fix it in someway...

    Thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page