The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Cert Install Fails

Discussion in 'General Discussion' started by bjeup, Jul 17, 2009.

  1. bjeup

    bjeup Member

    Joined:
    Jun 16, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I'm trying to install an SSL certificate, but the install seems to fail and Apache segfaults. It appears that Apache does not like something about the certificate I'm trying to install. The question is, what?

    I made sure the private key had no password associated with it.

    Upon installing I get this from cPanel -

    Code:
    Your SSL certificate failed to install on your site.
    Error from ssl wrapper: Waiting for httpd to restart..............finished. httpd (/usr/local/apache/bin/httpd -k start -DSSL) running as root with PID 31983 httpd (/usr/local/apache/bin/httpd -k start -DSSL) running as root with PID 31989 httpd started ok Certificate verification passed
    
    The CRT for the domain ubccu.org could not be installed. Apache produced the following errors:
    
    
    Finished Install Process.. Unknown error
    
    In the Apache error log I see -

    Code:
    [Fri Jul 17 11:03:23 2009] [notice] caught SIGTERM, shutting down
    [Fri Jul 17 11:03:26 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Fri Jul 17 11:03:26 2009] [notice] ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/) configured.
    [Fri Jul 17 11:03:28 2009] [notice] Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9 configured -- resuming normal operations
    
    In the messages log I see -

    Code:
    ul 17 10:47:06 hst-webhost-e1 kernel: httpd[30838]: segfault at 0000000000000000 rip 0000003fb147a0d2 rsp 00007ffff96cb848 error 6
    Jul 17 10:48:26 hst-webhost-e1 kernel: httpd[30940]: segfault at 0000000000000000 rip 0000003fb147a0d2 rsp 00007fffc51eb368 error 6
    Jul 17 10:51:42 hst-webhost-e1 kernel: httpd[31248]: segfault at 0000000000000000 rip 0000003fb147a0d2 rsp 00007fff594625e8 error 6
    
     
  2. logicsupport

    logicsupport Well-Known Member

    Joined:
    Jun 5, 2007
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    ssl port should be open

    Hi,

    Try restarting apache .

    Make sure that SSL port is open

    Run netstat -lnp and look for port 443

    Also try

    /usr/local/apache/bin/apachectl stop (to bring httpd down)


    /usr/local/apache/bin/apachectl startssl (to start httpd with SSL)


    Hope this helps .
     
  3. bjeup

    bjeup Member

    Joined:
    Jun 16, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for the suggestions.

    Port 443 is definitely open as I'm hosting two other clients on this box, both of which SSL is working fine. I did double check though via netstat and I do see it listening.

    I'll have to attempt restarting Apache after hours so it doesn't affect the other two clients.

    The strange part about all of this is that I know the certificate and key are valid as they were previously used on another box without any issue. I've never seen Apache crash like this when trying to utilize an SSL vhost.
     
  4. bjeup

    bjeup Member

    Joined:
    Jun 16, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Well, I'm not real sure what the deal was, but I did manage to get this working. In the Apache config directory there were several 'httpd.conf.installssl." files. I removed these. Then installed the certificate for the domain from the WHM. It restarted Apache and now all is well.

    I still have no idea what caused the issues mentioned above. If anyone has any thoughts please share them in the event someone else runs into this issue.
     
  5. Legin76

    Legin76 Well-Known Member

    Joined:
    Dec 11, 2007
    Messages:
    151
    Likes Received:
    1
    Trophy Points:
    18
    Were there more than one certificate on the same IP? If one of those files referred to a different cert it would cause an error but usually it just defaults to the first certificate it loads.
     
Loading...

Share This Page