The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Expired SSL Certificates, now locked out of WHM

Discussion in 'General Discussion' started by ajwong, Mar 5, 2013.

  1. ajwong

    ajwong Registered

    Joined:
    Mar 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    My server's SSL certs expired (I forgot to deal with it after the 30d notification).

    I received notifications that

    SSL certs were automatically generated for cpanel, exim, ftp, and dovecot
    "A new self-signed certificate was installed to replace it."

    However,

    Now, I am getting multiple ChkServd notifications about
    FAILED: cpsrvd
    FAILED: ftpd
    FAILED: imap

    I've restarted the cpanel server, to no effect
    I've restarted the virtual machine to no effect
    I continue to receive failure emails every 5-30min

    I currently do not have WHM or cpanel access.
    I have shell access.

    Is the new SSL certs generating this error? How can I manually install them via shell (since I can't use WHM website to manage them)

    Errors are listed below

    Service: cpsrvd
    Notification Type: failed
    Notification: cpsrvd failed @ Wed Mar 6 10:12:05 2013. A restart was attempted automagically.
    Service Check Method: [socket connect]
    Reason:
    Unable to connect to port 2086 on 127.0.0.1: Connection refused: Died at /usr/local/cpanel/Cpanel/TailWatch/ChkServd.pm line 753.
    Number of Restart Attempts: 31
    Startup Log:
    Waiting for cpsrvd,cpsrvd-ssl,whostmgrd,cpaneld,webmaild to shutdown ... not running.
    Starting cpsrvd.
    Waiting for (?-xism:^(?:stunnel$|stunnel-[0-9\.]+local)) to shutdown ... not running.
    Using Native SSL support (stunnel not needed)
    Memory Information:
    Used: 400MB
    Available: 603MB
    Installed: 1002MB
    Load Information: 0.18 0.11 0.04
    Uptime: 0 days, 2 hours, 23 seconds
    IOStat Information:
    avg-cpu: %user %nice %system %iowait %steal %idle
    1.97 0.12 0.67 1.08 0.00 96.15
    Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
    sda 8.24 149.74 162.71 1285062 1396362
    sda1 0.01 0.35 0.00 3044 18
    sda2 8.23 149.35 162.70 1281738 1396344
    dm-0 25.50 149.19 162.70 1280370 1396344
    dm-1 0.01 0.12 0.00 992 0
    ChkServd Version: 15.1




    Service: ftpd
    Notification Type: failed
    Notification: ftpd failed @ Wed Mar 6 07:51:19 2013. A restart was attempted automagically.
    Service Check Method: [check command]
    Number of Restart Attempts: 1
    Service Check Raw Output:
    pure-ftpd is not running
    Startup Log:
    Starting pure-config.pl: Running: /usr/sbin/pure-ftpd -O clf:/var/log/xferlog --daemonize -A -c50 -B -C8 -D -fftp -H -I15 -lextauth:/var/run/ftpd.sock -L10000:8 -m4 -s -U133:022 -u100 -Oxferlog:/usr/local/apache/domlogs/ftpxferlog -k99 -Z -Y1 -JHIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
    [ OK ]
    Starting pure-authd:
    Memory Information:
    Used: 365MB
    Available: 637MB
    Installed: 1002MB
    Load Information: 0.81 0.64 0.26
    Uptime: 0 days, 0 hours, 2 seconds
    IOStat Information:
    avg-cpu: %user %nice %system %iowait %steal %idle
    13.11 0.23 4.93 22.47 0.00 59.26
    Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
    sda 93.31 5215.54 438.22 780766 65602
    sda1 0.86 20.33 0.12 3044 18
    sda2 92.34 5193.33 438.10 777442 65584
    dm-0 242.87 5184.20 438.10 776074 65584
    dm-1 0.83 6.63 0.00 992 0
    ChkServd Version: 15.1


    Service: imap
    Notification Type: failed
    Notification: imap failed @ Wed Mar 6 08:52:40 2013. A restart was attempted automagically.
    Service Check Method: [socket connect]
    Reason:
    Timeout while trying to get data from service: Died at /usr/local/cpanel/Cpanel/TailWatch/ChkServd.pm line 783.
    Number of Restart Attempts: 12
    Syslog Messages:
    Mar 6 08:53:40 [SERVER] dovecot: pop3-login: Fatal: Can't load certificate file /etc/dovecot/ssl/dovecot.crt: The file doesn't contain a certificate.
    Mar 6 08:53:40 [SERVER] dovecot: dovecot: child 7051 (login) returned error 89 (Fatal failure)
    Mar 6 08:53:40 [SERVER] dovecot: pop3-login: Fatal: Can't load certificate file /etc/dovecot/ssl/dovecot.crt: The file doesn't contain a certificate.
    Mar 6 08:53:40 [SERVER] dovecot: imap-login: Fatal: Can't load certificate file /etc/dovecot/ssl/dovecot.crt: The file doesn't contain a certificate.
    Mar 6 08:53:40 [SERVER] dovecot: imap-login: Fatal: Can't load certificate file /etc/dovecot/ssl/dovecot.crt: The file doesn't contain a certificate.
    Memory Information:
    Used: 394MB
    Available: 607MB
    Installed: 1002MB
    Load Information: 0.02 0.02 0.00
    Uptime: 0 days, 1 hours, 3 seconds
    IOStat Information:
    avg-cpu: %user %nice %system %iowait %steal %idle
    1.93 0.14 0.71 1.98 0.00 95.24
    Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
    sda 10.91 312.06 149.95 1192358 572930
    sda1 0.03 0.80 0.00 3044 18
    sda2 10.87 311.19 149.94 1189034 572912
    dm-0 29.30 310.83 149.94 1187666 572912
    dm-1 0.03 0.26 0.00 992 0
    ChkServd Version: 15.1
     
  2. ajwong

    ajwong Registered

    Joined:
    Mar 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Viewing my /usr/local/cpanel/logs/error_log

    cpsrvd: Setting up native SSL support ... Could not load ssl libraries or certificate from /var/cpanel/ssl/cpanel/ at cpsrvd-ssl line 585.
    [2013-03-06 03:35:38 +1100] info [whostmgr2] Version file for addon "whm" type is no longer used.

    [2013-03-06 03:50:18 +1100] info [gather-update-logs] Assertions failed
     
  3. ajwong

    ajwong Registered

    Joined:
    Mar 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    /usr/local/cpanel/cpsrvd-ssl
    ==> cpsrvd 11.34.1.12 started
    ==> cpsrvd: preloaded ssl_write_all!
    ==> cpsrvd: loading security policy....Done
    ==> cpsrvd: Setting up native SSL support ... Could not load ssl libraries or certificate from /var/cpanel/ssl/cpanel/ at cpsrvd-ssl line 585.

    Can someone help me figure out how to generate a valid pem file to replace /var/cpanel/ssl/cpanel/cpanel.pem?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    197
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can backup and remove the existing certificate data for cPanel/WHM from the following directory:

    # /var/cpanel/ssl/cpanel/

    Then, regenerate a self-signed certificate via:

    # /usr/local/cpanel/bin/checkallsslcerts

    This should allow you access to Web Host Manager where you can reset or install certificates for the other services.

    Thank you.
     
Loading...

Share This Page