Dovecot unable to restart after SSL Certificate reset

Arvy

Well-Known Member
Oct 3, 2006
136
10
168
Brazil
cPanel Access Level
Root Administrator
Twitter
Hello,

my self-signed certificate would expire in 15 days. So, I reset it using WHM.

Ok for FTP. Ok for Exim. Ok for Cpanel.

When I did the reset for Dovecot, the service stopped to work! I tryed to restart the service in WHM, no result. Received 2 email messages from Service Monitor (unable to restart). My blood pressure was touching the moon (that's my main server!). So, after crying for some minutes, I decided to reset the certificate again. Magically everything returned to normal!

Ok, now I'm fine. But, WHY this happened? Created a wrong certificate? Certificated files locked or something? The SSL reset changes something in the configuration files? Means, this procedure would crash something?

Just for information, there's a way to "force a reinstall" if everything goes wrong someday?

Thank you!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

You can review /var/log/maillog for the time of the failure to see there are any specific error messages associated with dovecot's inability to start. There's no way to force an installation of the SSL certificate, other than by installing a new one as you did.

Thank you.
 

Arvy

Well-Known Member
Oct 3, 2006
136
10
168
Brazil
cPanel Access Level
Root Administrator
Twitter
Hello Michael,

that's the problem, there's no error! :(

Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill)

This was the last one.

Aug 15 00:29:16 server dovecot: master: Dovecot v2.2.16 starting up for imap, pop3 (core dumps disabled)

After reset (second time) the certificate...

Why there's no log? :(
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill)
Was the process killed manually, or do you have any third-party applications such as LFD installed that could have killed the process?

Thank you.
 

Arvy

Well-Known Member
Oct 3, 2006
136
10
168
Brazil
cPanel Access Level
Root Administrator
Twitter
Hello Michael,

no, the server is 100% cPanel, no customizations in the main services. Everything related to Exim/Dovecot/Apache/PureFTP/Bind is done using WHM only. I'm not absolutely sure, but I think that the same problem ocurred last year in another server too (my secondary hosting server).

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Are you able to reproduce the issue when resetting the SSL certificate again? Are you using the latest version of cPanel available on your build tier?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

Arvy

Well-Known Member
Oct 3, 2006
136
10
168
Brazil
cPanel Access Level
Root Administrator
Twitter
Hello Michael,

it's a bugzilla or something, or you need to access the machine? If it's a bugzilla, no problem, I can help to provide more info, but if you need to access the machine, we can't because the server has some sites that we have a confidential agreement with some clients.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

It's possible this is related to a bug with how Dovecot restarts as opposed to the SSL certificate, as I have been unable to reproduce the issue on a test server:

Fixed case FB-185937: Fix restartsrv_dovecot to use the main pid.

Could you verify if the issue persists on cPanel version 11.50.1.1 (currently only available on the "Current" build tier)?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

I'm just following up on this thread. Were you able to reproduce the issue on the additional server?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
I'm happy to see the issue is no longer occurring. Thank you for updating us with the outcome.
 

Arvy

Well-Known Member
Oct 3, 2006
136
10
168
Brazil
cPanel Access Level
Root Administrator
Twitter
Hello Michael,

just a note: the certificate expired and the server auto-renewed it. But today I realized that Pure-FTP was still running with the old certificate. I had to restart the service to use the new certificate. Means, it changed ok, but didn't restart the FTP service to load the new certificate.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.