SSL certificates need to be re-installed regularly

oshs

Well-Known Member
PartnerNOC
Sep 5, 2004
146
0
166
Hi,

Okay this is really irritating me now! Every so often on a number of Cpanel servers, https domains stop working altogether. The only solution is to re-install the certificates for one account via WHM >> Web SSL/TLS >> Install a SSL Certificate and Setup the Domain and then they all come back online.

This is not related to the stunnel problem, and all certificates are commercial valid ones. Also all accounts have their RSA keys and CRTs correctly setup within their Cpanel and under the relevant /usr/share/ssl/ directories.

Anyone know why this keeps re-occurring and how to stop it?!

Regards,
Suhail.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
77
308
cPanel Access Level
Root Administrator
Your best option is to open a support ticket when that happens so we can see what is occuring and resolve it.
 

SpringChicken

Member
Dec 16, 2003
18
0
151
Thank you suhail !

I had the same issue. followed multiple threads and fixes for stunnel, even cpanel upgrades with no luck. reinstalled one certificate through whm and they all came back.
 

richy

Well-Known Member
Jun 30, 2003
276
1
168
Odd, I've never experienced this and we've got over 100 active SSL sites.... The only thing I can think of is if ipaliases has stopped on the server ( /sbin/service ipaliases restart should fix it if so: I've noticed sometimes that if a server is rebooted it only restarts ipaliases 90% of the time)
 

casey

Well-Known Member
Jan 17, 2003
2,303
0
191
Hi,

Okay this is really irritating me now! Every so often on a number of Cpanel servers, https domains stop working altogether. The only solution is to re-install the certificates for one account via WHM >> Web SSL/TLS >> Install a SSL Certificate and Setup the Domain and then they all come back online.

This is not related to the stunnel problem, and all certificates are commercial valid ones. Also all accounts have their RSA keys and CRTs correctly setup within their Cpanel and under the relevant /usr/share/ssl/ directories.

Anyone know why this keeps re-occurring and how to stop it?!

Regards,
Suhail.

Are you saying the certs are actually getting deleted or that you just can't access the sites with https://? If the latter is the case, do the following commands from shell:
service httpd stop
service httpd startssl

And your ssl sites should start working again. As to the cause, is your httpd being stopped and started by some script or process? A normal "service httpd start" won't start the ssl service.
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
Not always. Trust me.
I should qualify my original post by saying that was on Centos - two different versions. So I'd be confident it would start SSL on all Centos hosts. And if it doesn't, for heaven's sake get in there and fix it so it does!!
 

oshs

Well-Known Member
PartnerNOC
Sep 5, 2004
146
0
166
Hi Casey,

Well that worked!

# service httpd startssl

restarts the SSL sites, whilst

# service httpd start

does not start SSL sites.

So the questions is, that when new entries are added to httpd.conf, which scripts restarts Apache as this should be modified?

Server is also runnning SIM to restart Apache if it is unavailable, so perhaps I need to change something in its config.

Regards,
Suhail.
 

casey

Well-Known Member
Jan 17, 2003
2,303
0
191
service httpd start only works for ssl when apache is running normally. If it crashes you need to run startssl. If I'm not mistaken, chkservd will restart apache with ssl, so I would just turn off that function in SIM.