cabundle missing

[mrcbrown]

I just finished moving a set of servers and a very odd thing is happening, cabundles are just randomly (or so it seems) disappearing and breaking Apache.

I had the Let's Encrypt for cPanel plugin which had provisioned for customers previously was installed, but even it's CA was missing - I've uninstalled the Let's Encrypt Plugin for now, one less thing in the mess.

Any suggestions on getting CA's back so I am not hit with random outages as AutoSSL or Apache kicks over?

 

[mrcbrown]

Just got a note that Apache is down again, and cabundle folders are missing bundles again!

restartsrv_httpd[596]: SSLCACertificateFile: file '/var/cpanel/ssl/installed/cabundles/cPanel_Inc__681917bfb43af6b642178607e0b36ccc_1747526399.cabundle' does not exist or is empty

I can re-create these from a valid CA, however, they simply get cleared again when AutoSSL or something finishing running. :-(

 

[24x7server]

Hi,

I think you may have to rebuild the http conf... You can follow the below link, in which the same thing has been discussed.
Lets encrypt issues

 

[mrcbrown]

Hi,

I think you may have to rebuild the http conf... You can follow the below link, in which the same thing has been discussed.
Lets encrypt issues

Sadly that's a no go because httpd conf is broken, and since that file is not anywhere - nor any other CAbundle, its no go.

 

[24x7server]

Hi,

Try removing the SSL certificate installed on the hostname and services once and renew it through AutoSSL. Check if it rebuilds it..

 

[mrcbrown]

Hi,

Try removing the SSL certificate installed on the hostname and services once and renew it through AutoSSL. Check if it rebuilds it..

I tried that then it'd hit another one from the old server which had an SSL as well. I did get a solution that seems to of held thus far and I was going to post it which is:

I went to the old server, copied the cabundle folder including the symbolic links and brought them over, didn't have a crash since the addition, but I'll post tomorrow if it has any issues - if so I can provide the cabundle tgz if anyone needs it with a similar issue.

 

[cPanelMichael]

Hello,

Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look to see why the AutoSSL feature isn't automatically installing new certificates for the domain names on the system.

Thank you.

 

[mrcbrown]

Hello,

Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look to see why the AutoSSL feature isn't automatically installing new certificates for the domain names on the system.

Thank you.

I think I fixed it by simply copying the CA Bundle folder from another cPanel server, just odd the migrated accounts didn't restore the bundles for the various certificates. I'd be happy to include the tgz I made - but maybe make a /scripts/fixbundles and rebuild the require CA bundles. If I can provide anything though to review please let me know! I can open a ticket if you think this transfer version has a bug related to the bundles.

 

[cPanelMichael]

Hello,

We have an internal case open (CPANEL-2478) that would add functionality to include the CABundle as part of the data that's packaged for an account. There's no time frame on when this functionality will be added, but I'll monitor the case and update this thread with new information as it becomes available.

Thank you.

 

[cPanelMichael]

Hello,

To update, the internal case was closed as it was not reproducible as of cPanel version 68.0.26.

Thank you.