Dovecot unable to restart after SSL Certificate reset

[Arvy]

Hello,

my self-signed certificate would expire in 15 days. So, I reset it using WHM.

Ok for FTP. Ok for Exim. Ok for Cpanel.

When I did the reset for Dovecot, the service stopped to work! I tryed to restart the service in WHM, no result. Received 2 email messages from Service Monitor (unable to restart). My blood pressure was touching the moon (that's my main server!). So, after crying for some minutes, I decided to reset the certificate again. Magically everything returned to normal!

Ok, now I'm fine. But, WHY this happened? Created a wrong certificate? Certificated files locked or something? The SSL reset changes something in the configuration files? Means, this procedure would crash something?

Just for information, there's a way to "force a reinstall" if everything goes wrong someday?

Thank you!

 

[cPanelMichael]

Hello

You can review /var/log/maillog for the time of the failure to see there are any specific error messages associated with dovecot's inability to start. There's no way to force an installation of the SSL certificate, other than by installing a new one as you did.

Thank you.

 

[Arvy]

Hello Michael,

that's the problem, there's no error!

Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill)

This was the last one.

Aug 15 00:29:16 server dovecot: master: Dovecot v2.2.16 starting up for imap, pop3 (core dumps disabled)

After reset (second time) the certificate...

Why there's no log?

 

[cPanelMichael]

Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill)

Was the process killed manually, or do you have any third-party applications such as LFD installed that could have killed the process?

Thank you.

 

[Arvy]

Hello Michael,

no, the server is 100% cPanel, no customizations in the main services. Everything related to Exim/Dovecot/Apache/PureFTP/Bind is done using WHM only. I'm not absolutely sure, but I think that the same problem ocurred last year in another server too (my secondary hosting server).

Thank you.

 

[cPanelMichael]

Are you able to reproduce the issue when resetting the SSL certificate again? Are you using the latest version of cPanel available on your build tier?

Thank you.

 

[Arvy]

Hello Michael,

yes, everytime I reset the certificate, I need to do this twice, because in the first try Dovecot doesn't start.

Yes: 11.50.0 (build 29)

Thanks

 

[cPanelMichael]

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[Arvy]

Hello Michael,

it's a bugzilla or something, or you need to access the machine? If it's a bugzilla, no problem, I can help to provide more info, but if you need to access the machine, we can't because the server has some sites that we have a confidential agreement with some clients.

 

[cPanelMichael]

Hello

It's possible this is related to a bug with how Dovecot restarts as opposed to the SSL certificate, as I have been unable to reproduce the issue on a test server:

Fixed case FB-185937: Fix restartsrv_dovecot to use the main pid.

Could you verify if the issue persists on cPanel version 11.50.1.1 (currently only available on the "Current" build tier)?

Thank you.

 

[Arvy]

Hello Michael,

thank you! In the next weeks I'll regenerate the certificates for another server that the same problem occurred last year. I'll post the results here.

Thanks.

 

[cPanelMichael]

Hello

I'm just following up on this thread. Were you able to reproduce the issue on the additional server?

Thank you.

 

[Arvy]

Michael! Sorry for the loooooooooooooooog delay to answer! I really forgot.

No problem detected with the second server. The certificate was updated and dovecot restarted ok. I think the problem is solved.

Thanks!

 

[cPanelMichael]

I'm happy to see the issue is no longer occurring. Thank you for updating us with the outcome.

 

[Arvy]

Hello Michael,

just a note: the certificate expired and the server auto-renewed it. But today I realized that Pure-FTP was still running with the old certificate. I had to restart the service to use the new certificate. Means, it changed ok, but didn't restart the FTP service to load the new certificate.

 

[cPanelMichael]

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.