mrcbrown

Well-Known Member
Jun 5, 2003
100
1
168
I just finished moving a set of servers and a very odd thing is happening, cabundles are just randomly (or so it seems) disappearing and breaking Apache.

I had the Let's Encrypt for cPanel plugin which had provisioned for customers previously was installed, but even it's CA was missing - I've uninstalled the Let's Encrypt Plugin for now, one less thing in the mess.

Any suggestions on getting CA's back so I am not hit with random outages as AutoSSL or Apache kicks over?
 

mrcbrown

Well-Known Member
Jun 5, 2003
100
1
168
Just got a note that Apache is down again, and cabundle folders are missing bundles again!

Code:
restartsrv_httpd[596]: SSLCACertificateFile: file '/var/cpanel/ssl/installed/cabundles/cPanel_Inc__681917bfb43af6b642178607e0b36ccc_1747526399.cabundle' does not exist or is empty
I can re-create these from a valid CA, however, they simply get cleared again when AutoSSL or something finishing running. :-(
 

mrcbrown

Well-Known Member
Jun 5, 2003
100
1
168
Hi,

Try removing the SSL certificate installed on the hostname and services once and renew it through AutoSSL. Check if it rebuilds it..
I tried that then it'd hit another one from the old server which had an SSL as well. I did get a solution that seems to of held thus far and I was going to post it which is:

I went to the old server, copied the cabundle folder including the symbolic links and brought them over, didn't have a crash since the addition, but I'll post tomorrow if it has any issues - if so I can provide the cabundle tgz if anyone needs it with a similar issue.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look to see why the AutoSSL feature isn't automatically installing new certificates for the domain names on the system.

Thank you.
 

mrcbrown

Well-Known Member
Jun 5, 2003
100
1
168
Hello,

Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look to see why the AutoSSL feature isn't automatically installing new certificates for the domain names on the system.

Thank you.
I think I fixed it by simply copying the CA Bundle folder from another cPanel server, just odd the migrated accounts didn't restore the bundles for the various certificates. I'd be happy to include the tgz I made - but maybe make a /scripts/fixbundles :-D and rebuild the require CA bundles. If I can provide anything though to review please let me know! I can open a ticket if you think this transfer version has a bug related to the bundles.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

We have an internal case open (CPANEL-2478) that would add functionality to include the CABundle as part of the data that's packaged for an account. There's no time frame on when this functionality will be added, but I'll monitor the case and update this thread with new information as it becomes available.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

To update, the internal case was closed as it was not reproducible as of cPanel version 68.0.26.

Thank you.