Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cabundle missing

Discussion in 'Security' started by mrcbrown, Sep 30, 2017.

Tags:
  1. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    100
    Likes Received:
    1
    Trophy Points:
    168
    I just finished moving a set of servers and a very odd thing is happening, cabundles are just randomly (or so it seems) disappearing and breaking Apache.

    I had the Let's Encrypt for cPanel plugin which had provisioned for customers previously was installed, but even it's CA was missing - I've uninstalled the Let's Encrypt Plugin for now, one less thing in the mess.

    Any suggestions on getting CA's back so I am not hit with random outages as AutoSSL or Apache kicks over?
     
  2. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    100
    Likes Received:
    1
    Trophy Points:
    168
    Just got a note that Apache is down again, and cabundle folders are missing bundles again!

    Code:
    restartsrv_httpd[596]: SSLCACertificateFile: file '/var/cpanel/ssl/installed/cabundles/cPanel_Inc__681917bfb43af6b642178607e0b36ccc_1747526399.cabundle' does not exist or is empty
    I can re-create these from a valid CA, however, they simply get cleared again when AutoSSL or something finishing running. :-(
     
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,484
    Likes Received:
    60
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    I think you may have to rebuild the http conf... You can follow the below link, in which the same thing has been discussed.
    Lets encrypt issues
     
  4. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    100
    Likes Received:
    1
    Trophy Points:
    168
    Sadly that's a no go because httpd conf is broken, and since that file is not anywhere - nor any other CAbundle, its no go.
     
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,484
    Likes Received:
    60
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    Try removing the SSL certificate installed on the hostname and services once and renew it through AutoSSL. Check if it rebuilds it..
     
  6. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    100
    Likes Received:
    1
    Trophy Points:
    168
    I tried that then it'd hit another one from the old server which had an SSL as well. I did get a solution that seems to of held thus far and I was going to post it which is:

    I went to the old server, copied the cabundle folder including the symbolic links and brought them over, didn't have a crash since the addition, but I'll post tomorrow if it has any issues - if so I can provide the cabundle tgz if anyone needs it with a similar issue.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look to see why the AutoSSL feature isn't automatically installing new certificates for the domain names on the system.

    Thank you.
     
  8. mrcbrown

    mrcbrown Well-Known Member

    Joined:
    Jun 5, 2003
    Messages:
    100
    Likes Received:
    1
    Trophy Points:
    168
    I think I fixed it by simply copying the CA Bundle folder from another cPanel server, just odd the migrated accounts didn't restore the bundles for the various certificates. I'd be happy to include the tgz I made - but maybe make a /scripts/fixbundles :-D and rebuild the require CA bundles. If I can provide anything though to review please let me know! I can open a ticket if you think this transfer version has a bug related to the bundles.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    We have an internal case open (CPANEL-2478) that would add functionality to include the CABundle as part of the data that's packaged for an account. There's no time frame on when this functionality will be added, but I'll monitor the case and update this thread with new information as it becomes available.

    Thank you.
     
Loading...

Share This Page