I'm using cPanel/WHM 11.44.1 (build 23)
I've added a SSL certificate for use with cPanel/WHM/Webmail Service (used Manage Service SSL certificates). I've added an existing apache certificate from the menu.
The UI requested a restart but after that the cPanel/WHM web service didnt work.
I've checked the /usr/local/cpanel/logs/error_log file, and there was this:
I've cut this trace a bit, since the error message seems to be: "You do not control the IP address <MY IP> on this server". Now I certainly do control this IP address. This is a bogus warning since I certainly do control this IP address, and the same message is repeated in this file even in earlier dates where I didn't have the problem of cPanel/WHM web UI not working. Additionally, there were no new error messages in the file on subsequent access to 2087 port, and no requests logged in access_log in the same directory. Using 'service cpanel restart' revealed that stunnel was not starting, but no details about why. This confused me when diagnosing the error, and should be fixed separately.
I've managed to get the stunnel error by starting stunnel manually with
/usr/bin/stunnel /usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.run
Now, I'm not sure why the FIPS fingerprint doesn't match (I've only used the WHM UI) , and I've fixed the cPanel/WHM by either disabling stunnel by changing /var/cpanel/cpanel.config nativessl value to 1, or by disabling FIPS for stunnel with "fips=no".
I've added a SSL certificate for use with cPanel/WHM/Webmail Service (used Manage Service SSL certificates). I've added an existing apache certificate from the menu.
The UI requested a restart but after that the cPanel/WHM web service didnt work.
I've checked the /usr/local/cpanel/logs/error_log file, and there was this:
Code:
===
[2014-12-22 10:10:14 +0100] warn [cpanel] Cpanel::Wrap::send_cpwrapd_request The adminbin “ssl” in the “Cpanel” namespace call t
o function “FETCHINSTALLEDCERT” ended prematurely: The subprocess reported the “EIO” (5) error when it ended.: namespace=[Cpanel
] module=[ssl] function=[FETCHINSTALLEDCERT]: raw_response=[{"exit_code":1280,"action":"fetch","mode":"full","statusmsg":"You do not control the IP address <MY IP> on this server.","error":1,"timeout":0,"status":1,"version":"2.3"}] at /usr/local/cpanel/Cpanel/Wrap.pm line 121
Cpanel::Wrap::send_cpwrapd_request('module', 'ssl', 'no_cperror', 1, 'env', HASH(0x<cut>), 'data', HASH(0x<cut>?), 'f
unction', 'FETCHINSTALLEDCERT', 'action', 'fetch', 'namespace', 'Cpanel') called at /usr/local/cpanel/Cpanel/Wrap.pm line 58
Cpanel::Wrap::send_cpwrapd_request_no_cperror('namespace', 'Cpanel', 'module', 'ssl', 'function', 'FETCHINSTALLEDCERT',
'data', HASH(0x), 'action', 'fetch', 'env', HASH(0x<cut>)) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 298
Cpanel::AdminBin::_adminfetch('module', 'ssl', 'function', 'FETCHINSTALLEDCERT', 'format', 'storable', 'cache_check_file
s', '', 'cache', 0, 'args', ARRAY(0x<cut>), 'return_status', 1) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 224
Cpanel::AdminBin::fetch_adminbin_nocache_with_status('ssl', undef, 'FETCHINSTALLEDCERT', 'storable', HASH(0x488e990)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1273
====I've managed to get the stunnel error by starting stunnel manually with
/usr/bin/stunnel /usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.run
Code:
2014.12.22 11:24:34 LOG7[605:140395513423808]: Key file: /var/cpanel/ssl/cpanel/mycpanel.pem
2014.12.22 11:24:34 LOG7[605:140395513423808]: Private key loaded
2014.12.22 11:24:34 LOG7[605:140395513423808]: SSL context initialized for service whmhttps
2014.12.22 11:24:34 LOG7[605:140395513423808]: Certificate: /var/cpanel/ssl/cpanel/mycpanel.pem
2014.12.22 11:24:34 LOG7[605:140395513423808]: Certificate loaded
2014.12.22 11:24:34 LOG7[605:140395513423808]: Key file: /var/cpanel/ssl/cpanel/mycpanel.pem
2014.12.22 11:24:34 LOG7[605:140395513423808]: Private key loaded
2014.12.22 11:24:34 LOG7[605:140395513423808]: SSL context initialized for service webmailhttps
2014.12.22 11:24:34 LOG3[605:140395513423808]: FIPS_mode_set: 2D06C06E: error:2D06C06E:FIPS routines:FIPS_module_mode_set:fingerprint does not match
