The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Dovecot unable to restart after SSL Certificate reset

Discussion in 'E-mail Discussions' started by Arvy, Aug 14, 2015.

  1. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    my self-signed certificate would expire in 15 days. So, I reset it using WHM.

    Ok for FTP. Ok for Exim. Ok for Cpanel.

    When I did the reset for Dovecot, the service stopped to work! I tryed to restart the service in WHM, no result. Received 2 email messages from Service Monitor (unable to restart). My blood pressure was touching the moon (that's my main server!). So, after crying for some minutes, I decided to reset the certificate again. Magically everything returned to normal!

    Ok, now I'm fine. But, WHY this happened? Created a wrong certificate? Certificated files locked or something? The SSL reset changes something in the configuration files? Means, this procedure would crash something?

    Just for information, there's a way to "force a reinstall" if everything goes wrong someday?

    Thank you!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can review /var/log/maillog for the time of the failure to see there are any specific error messages associated with dovecot's inability to start. There's no way to force an installation of the SSL certificate, other than by installing a new one as you did.

    Thank you.
     
  3. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael,

    that's the problem, there's no error! :(

    Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill)

    This was the last one.

    Aug 15 00:29:16 server dovecot: master: Dovecot v2.2.16 starting up for imap, pop3 (core dumps disabled)

    After reset (second time) the certificate...

    Why there's no log? :(
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Was the process killed manually, or do you have any third-party applications such as LFD installed that could have killed the process?

    Thank you.
     
  5. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael,

    no, the server is 100% cPanel, no customizations in the main services. Everything related to Exim/Dovecot/Apache/PureFTP/Bind is done using WHM only. I'm not absolutely sure, but I think that the same problem ocurred last year in another server too (my secondary hosting server).

    Thank you.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are you able to reproduce the issue when resetting the SSL certificate again? Are you using the latest version of cPanel available on your build tier?

    Thank you.
     
  7. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael,

    yes, everytime I reset the certificate, I need to do this twice, because in the first try Dovecot doesn't start.

    Yes: 11.50.0 (build 29)

    Thanks
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael,

    it's a bugzilla or something, or you need to access the machine? If it's a bugzilla, no problem, I can help to provide more info, but if you need to access the machine, we can't because the server has some sites that we have a confidential agreement with some clients.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's possible this is related to a bug with how Dovecot restarts as opposed to the SSL certificate, as I have been unable to reproduce the issue on a test server:

    Fixed case FB-185937: Fix restartsrv_dovecot to use the main pid.

    Could you verify if the issue persists on cPanel version 11.50.1.1 (currently only available on the "Current" build tier)?

    Thank you.
     
  11. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael,

    thank you! In the next weeks I'll regenerate the certificates for another server that the same problem occurred last year. I'll post the results here.

    Thanks.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  13. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Michael! Sorry for the loooooooooooooooog delay to answer! I really forgot.

    No problem detected with the second server. The certificate was updated and dovecot restarted ok. I think the problem is solved.

    Thanks!
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  15. Arvy

    Arvy Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    92
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael,

    just a note: the certificate expired and the server auto-renewed it. But today I realized that Pure-FTP was still running with the old certificate. I had to restart the service to use the new certificate. Means, it changed ok, but didn't restart the FTP service to load the new certificate.
     
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page