The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL certificates need to be re-installed regularly

Discussion in 'General Discussion' started by oshs, Oct 24, 2006.

  1. oshs

    oshs Well-Known Member
    PartnerNOC

    Joined:
    Sep 5, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Okay this is really irritating me now! Every so often on a number of Cpanel servers, https domains stop working altogether. The only solution is to re-install the certificates for one account via WHM >> Web SSL/TLS >> Install a SSL Certificate and Setup the Domain and then they all come back online.

    This is not related to the stunnel problem, and all certificates are commercial valid ones. Also all accounts have their RSA keys and CRTs correctly setup within their Cpanel and under the relevant /usr/share/ssl/ directories.

    Anyone know why this keeps re-occurring and how to stop it?!

    Regards,
    Suhail.
     
  2. oshs

    oshs Well-Known Member
    PartnerNOC

    Joined:
    Sep 5, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Anyone? This is a really irritating recurring problem!
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Your best option is to open a support ticket when that happens so we can see what is occuring and resolve it.
     
  4. SpringChicken

    SpringChicken Member

    Joined:
    Dec 16, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Thank you suhail !

    I had the same issue. followed multiple threads and fixes for stunnel, even cpanel upgrades with no luck. reinstalled one certificate through whm and they all came back.
     
  5. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    Odd, I've never experienced this and we've got over 100 active SSL sites.... The only thing I can think of is if ipaliases has stopped on the server ( /sbin/service ipaliases restart should fix it if so: I've noticed sometimes that if a server is rebooted it only restarts ipaliases 90% of the time)
     
  6. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me

    Are you saying the certs are actually getting deleted or that you just can't access the sites with https://? If the latter is the case, do the following commands from shell:
    service httpd stop
    service httpd startssl

    And your ssl sites should start working again. As to the cause, is your httpd being stopped and started by some script or process? A normal "service httpd start" won't start the ssl service.
     
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    "service httpd start" starts SSL sites on a cpanel server. I just did one here and checked.
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Not always. Trust me.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I should qualify my original post by saying that was on Centos - two different versions. So I'd be confident it would start SSL on all Centos hosts. And if it doesn't, for heaven's sake get in there and fix it so it does!!
     
  10. oshs

    oshs Well-Known Member
    PartnerNOC

    Joined:
    Sep 5, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Hi Casey,

    Well that worked!

    # service httpd startssl

    restarts the SSL sites, whilst

    # service httpd start

    does not start SSL sites.

    So the questions is, that when new entries are added to httpd.conf, which scripts restarts Apache as this should be modified?

    Server is also runnning SIM to restart Apache if it is unavailable, so perhaps I need to change something in its config.

    Regards,
    Suhail.
     
  11. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    service httpd start only works for ssl when apache is running normally. If it crashes you need to run startssl. If I'm not mistaken, chkservd will restart apache with ssl, so I would just turn off that function in SIM.
     
  12. oshs

    oshs Well-Known Member
    PartnerNOC

    Joined:
    Sep 5, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Ah yes that makes sense!

    I'll give it a go and see how it works.

    Thanks!
    Suhail.
     
Loading...

Share This Page