SOLVED [CPANEL-23772] Pure-FTPd Couldn't load the DH parameters file

Spirogg

Well-Known Member
Feb 21, 2018
69
13
8
chicago
cPanel Access Level
Root Administrator
hi, I just installed WHM/Cpanel on my server : Centos 7

when I go to Home >> Service Configuration >> FTP Server Selection

I selected Pure-FTPD and hit Save

then I got these errors in the logs below.

I get 2 errors I am not sure how to fix these issues?

Feb 21 03:02:14 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11108 which is not our child. We'll most likely not notice when it exits.

Feb 21 03:02:16 server.xxxxx.com pure-ftpd[11312]: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem

here is log
Code:
FTP Configuration
Installing new FTP server.
Disabling Chksrvd monitoring
Waiting for “tailwatchd” to restart ………waiting for “tailwatchd” to initialize ………finished.

Service Status
tailwatchd (tailwatchd) is running as root with PID 11108 (systemd+/proc check method).
tailwatchd (tailwatchd) running as root with PID 11108 (process table check method)
tailwatchd (tailwatchd) running as root with PID 11108 (process table check method)

Startup Log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: [Wed Feb 21 03:02:14 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11108 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Started tailwatchd.

Startup Log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: [Wed Feb 21 03:02:14 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11108 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Started tailwatchd.

tailwatchd restarted successfully.

Halting pure-ftpd

Disabling pure-ftpd in init system

Switching FTP server to pure-ftpd

Updating FTP related RPMs

Enabling pure-ftpd in init system
Waiting for “pureftpd” to start ……waiting for “pureftpd” to initialize ………finished.

Service Status
pure-ftpd (pure-ftpd (SERVER)) is running as root with PID 11312 (systemd+/proc check method).

Startup Log
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Started Pure-FTPd.
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Starting Pure-FTPd...
Feb 21 03:02:16 server.xxxxx.com pure-ftpd[11312]: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem

pureftpd started successfully.
Startup Log
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Started Pure-FTPd.
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Starting Pure-FTPd...
Feb 21 03:02:16 server.xxxxx.com pure-ftpd[11312]: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem

pureftpd started successfully.
1
Enabling chksrvd monitoring
Waiting for “tailwatchd” to restart ………waiting for “tailwatchd” to initialize ………finished.

Service Status
tailwatchd (tailwatchd) is running as root with PID 11337 (systemd+/proc check method).
tailwatchd (tailwatchd) running as root with PID 11337 (process table check method)
tailwatchd (tailwatchd) running as root with PID 11337 (process table check method)

Startup Log
Feb 21 03:02:17 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: [Wed Feb 21 03:02:18 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:18 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11337 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:18 server.xxxxx.com systemd[1]: Started tailwatchd.

Startup Log
Feb 21 03:02:17 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: [Wed Feb 21 03:02:18 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:18 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11337 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:18 server.xxxxx.com systemd[1]: Started tailwatchd.

tailwatchd restarted successfully.

FTP server conversion complete
Thanks if anyone can explain why its throwing these errors and how to fix them

Spiro
 
Last edited by a moderator:

Spirogg

Well-Known Member
Feb 21, 2018
69
13
8
chicago
cPanel Access Level
Root Administrator
Also when restarting FTP i get this error

Restarting FTP Server

Waiting for “pureftpd” to restart ………waiting for “pureftpd” to initialize ………finished.

Service Status
pure-ftpd (pure-ftpd (SERVER)) is running as root with PID 19769 (systemd+/proc check method).

Startup Log
Feb 21 03:29:51 server.xxxx.com systemd[1]: Started Pure-FTPd.
Feb 21 03:29:51 server.xxxx.com systemd[1]: Starting Pure-FTPd...
Feb 21 03:29:51 server.xxxx.com pure-ftpd[19769]: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem

Startup Log
Feb 21 03:29:51 server.xxxx.com systemd[1]: Started Pure-FTPd.
Feb 21 03:29:51 server.xxxx.com systemd[1]: Starting Pure-FTPd...
Feb 21 03:29:51 server.xxxx.com pure-ftpd[19769]: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem

pureftpd restarted successfully.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Couldn't load the DH parameters file
Hello,

1. Try running the following commands to see if it solves this issue (note this can take several minutes to complete):

Code:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
/scripts/restartsrv_pureftpd
2. As far as tailwatchd, the restart should have solved that issue. If not, please open a separate forums thread and include the output from the following command:

Code:
ps aux|grep tailwatch
Thank you.
 

Spirogg

Well-Known Member
Feb 21, 2018
69
13
8
chicago
cPanel Access Level
Root Administrator
hi ok thanks for this code

it solved the one issue
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
/scripts/restartsrv_pureftpd

i posted another thread for the other issue here

just incase someone else has this issue

Spiro
 
  • Like
Reactions: cPanelMichael

Spirogg

Well-Known Member
Feb 21, 2018
69
13
8
chicago
cPanel Access Level
Root Administrator
Hello,

1. Try running the following commands to see if it solves this issue:

Code:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
/scripts/restartsrv_pureftpd
2. As far as tailwatchd, the restart should have solved that issue. If not, please open a separate forums thread and include the output from the following command:

Code:
ps aux|grep tailwatch
Thank you.

Hello,

I have a quick Question would we have better security if we were to use

Code:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 4096
/scripts/restartsrv_pureftpd
or is there a reson why you suggest

Code:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
/scripts/restartsrv_pureftpd

just wondering, also why is this still an issue with a fresh install of cPanel ?can you guys fix this so we dont have to do this everytime we install cPanel ?


thanks so much in advance,

Spiro
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello @Spirogg,

2048 was recommended in order to suppress the warning message and generate the parameters as quickly as possible. However, in order to provide 128-bit security, which is the lower bound for adequate security, Diffie-Hellman parameters should be at least 3072 bits in size. I've updated my previous post to reflect this.

We stopped generating the Diffie-Hellman parameters at compile time in cPanel & WHM version 56 due to a lack of compatibility with Java version 8 (Java 8 doesn't support parameters larger than 2048 bits in size). Since it's been some time since that change was made, I've opened internal case CPANEL-23772 to explore suppressing this warning message when Pure-FTPd starts, or generating the Diffie-Hellman parameters at compile time again. I'll monitor this case and update this thread with more information as it becomes available.

Thank you.
 

Spirogg

Well-Known Member
Feb 21, 2018
69
13
8
chicago
cPanel Access Level
Root Administrator
@cPanelMichael Hi any word on this case ?
I've opened internal case CPANEL-23772 to explore suppressing this warning message when Pure-FTPd starts, or generating the Diffie-Hellman parameters at compile time again.


I still need to do the following in ssh
Code:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
/scripts/restartsrv_pureftpd

Thanks Spiro
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hi any word on this case ?
Hello :)

There's no update to report at this time, however the case is still open. Is this leading to any specific issues beyond the additional output that's visible when restarting Pure-FTPd?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
  • Love
Reactions: Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
69
13
8
chicago
cPanel Access Level
Root Administrator
Hello,

To update, the following case is scheduled for inclusion with cPanel & WHM Version 86:

• CPANEL-23772 - Create and ship 3072-bit DH parameters

You can monitor releases.cpanel.com for more information about cPanel & WHM Version 86 once it's closer to release. For information about our release process, see:


Thank you.
Hello there @cPanelMichael

thanks so much for the heads up and for getting them to get this working correctly :) much appreciated :)