The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim.crt errors

Discussion in 'E-mail Discussions' started by simplybe, May 4, 2007.

  1. simplybe

    simplybe Well-Known Member

    Joined:
    Nov 29, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    Been seeing these in the exim logs since yesterday:

    2007-05-04 11:06:10 TLS error on connection from (xxncxxk) [90.xxx.xxx.xxx] (SSL_CTX_use_certificate_chain_file file=/etc/exim.crt): error:0200100D:system library:fopen:Permission denied

    Any ideas what the cause is.

    Thanks
     
  2. TSJasonH

    TSJasonH Active Member
    PartnerNOC

    Joined:
    Nov 25, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Chicago, IL
    I'm also now seeing this with the new exim 4.66 on some servers (rhel 3).
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    if you guys are using cp11 you will find a server certificates manager in the left menu of WHM under service configuration ..you will see "manage service certificates"

    Go into that sections and see if you can select the certificate again that you want to use for exim and basically re-install or re-link it but going through that process. look for errors when exim restarts.
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    RPM - you sure? looks more like a permissions error than anything else. Or did the update to v11 mux up the key when it moved it? I get no errors when exim restarts. No errors when doing /scripts/eximup --force except that it cannot write to the crt/key files. Yet the files are there and the links are in place... weird!
     
    #4 mctDarren, May 4, 2007
    Last edited: May 4, 2007
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Okay, just got this fixed. Check permissions on both your links in /etc (/etc/exim.key and /etc/exim.crt) and the ones in /var/cpanel/ssl/exim. Make sure they are owned by mailnull:mail. Restart courier-imap, cpanel and exim. See if that does it for you.

    ps - make sure your key files are only root read/write-able. You don't want that key getting out for any reason. ;)
     
  6. simplybe

    simplybe Well-Known Member

    Joined:
    Nov 29, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    just checked and those files are owned by root:root. Just chowned them, so will see if the errors stop.

    Thanks
     
  7. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Mine were like that as well. Change ownership and you should be good. :)
     
  8. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    absolutely a perms/ownership issue or a combination. I just fixed a box just using the SSL installer on exim. That's why I suggested that. It worked on a centos box.
     
  9. FC5_Slut

    FC5_Slut Member

    Joined:
    Sep 29, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Excellent Beta Testing Upgrades!

    Much Appreciated heh.
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Can't find anything that would set it to not be owned by mailnull:mail (Cpanel::SSLCerts takes care of this).


    If affected posting :

    ls -l /etc/exim.crt /etc/exim.key

    would be extremely helpful.

    In the mean time 11619+ will check to make sure they are correct at upcp time.
     
  11. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Cool thanks Nick. Does the upgrade to v11 simply move the files to the new directory and then symlink to them? Maybe they were root:root all along and worked that way in the past..?
     
  12. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    11.x moves them all in /var/cpanel/ssl/SERVICE_NAME_HERE/

    and symlinks them.
     
Loading...

Share This Page