chkservd question and SSL certs deletion question

[enginama]

2 questions in one here.

So first of all I had to change my hostname and servername due to some conflicts.

So as I did I needed to remove the SSL keys/certs which I went through and it left 2 entry's for 'nobody' in my ssl host manager ... I've done a find via ssh to do a manual delete for those files and they don't exist.
Secondly chkservd is still doing a GET check for that old FQDN.

I'm trying to find out how to remove the cert/keys entry from the storage manager to clean up and how to remove the old fqdn from chkservd. I've looked in httpd.conf and I see the FQDN in there as a virtual server ... but as I have read deleting it from http.conf won't remove it as their are include files that re-add it.
Not sure what include files are adding in the SSL key/cert references and what include files are adding in the virtual host that doesn't exist in cpanel anymore.

Thanks

Enginama

 

[cPanelMichael]

Hello

Try looking for instances of the old hostname in the following directory:

/var/cpanel/userdata/nobody

You can remove the old entries, and then rebuild the Apache configuration file via:

/scripts/rebuildhttpdconf

You can ensure the new hostname is used for the service SSL certificates via:

"WHM Home » Service Configuration » Manage Service SSL Certificates"

If you are attempting to find older certificate files, ensure you also search for this format when using "find" or "locate":

host_example_com

Some certificate data is stored with underscores instead of periods.

Thank you.

 

[enginama]

OK did that ... found the ssl files.
After rebuilding httpd.conf got error messages
Missing IP, Servername, port, user, owner , group for <Domain Name>

must be an include file which still has that FQDN in it loading it into httpd.conf

 

[enginama]

Main and main.cache in nobody both have references to this FQDN .
But they also hold the new FQDN server name.
main
has :
addon domains: {}
main_domain: <old FQDN>
parked_domains: {}
sub domains:
<old fqdn hostname>
<another old fqdn hostname>
<another old fqdn hostname>
<New FQDN hostname>

 

[cPanelMichael]

You can remove the old entries and ensure the new hostname is configured in these files. Note that you can remove the "cache" files completely and they will regenerate with the updated changes.

Thank you.

 

[enginama]

OK that fixed the chkservd GET issues.

The nobody SSL key/cert is still showing in the storage manager but only file in /var/cpanel/userdata/nobody is 'main'

I did a " find / 'd3739*' " and a " find / '*d3739*' which d3739 is the first 5 chars of the key showing in ssl storage manager, but nothing was found.

Anywhere else it could be ... did a server reboot as well to see if it would remove them after reboot and that didn't work ... so they must stikll be somewhere else.

 

[cPanelMichael]

You should see a red "X" symbol next to the certificate that allows you to remove it.

Thank you.

 

[enginama]

Nope no delete option, see attached

 

[cPanelMichael]

The "Apache's Installed SSL Resources" section is documented at:

Apache's Installed SSL Resources

You can try searching /usr/local/apache/conf/httpd.conf for these resources. You may also want to try rebuilding the Apache configuration file via:

/scripts/rebuildhttpdconf

Thank you.

 

[enginama]

Did the rebuild, the SSL file's are gone as cpanel reports no key exists when clicking on magnifying glass.
Not sure how to get cpanel to report the existence correctly.

 

[cPanelMichael]

It's difficult to guide you on the exact resolution on this particular issue without access to the server to see the behavior. Feel free to open a support ticket if you want us to take a closer look:

Submit A Ticket

You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[enginama]

Ticket no. : 4303741

 

[enginama]

To assist if anyone else comes across this thread :

References to the certificate were still listed in your server's /var/cpanel/ssl/installed/ssl.db and /var/cpanel/ssl/installed/ssl.db.cache files. I moved these to /root and verified that the certificate no longer shows in Home »SSL/TLS »SSL Storage Manager, which now reports, "No SSL certificates are installed in Apache’s configuration."