SSL certificates need to be re-installed regularly

[oshs]

Hi,

Okay this is really irritating me now! Every so often on a number of Cpanel servers, https domains stop working altogether. The only solution is to re-install the certificates for one account via WHM >> Web SSL/TLS >> Install a SSL Certificate and Setup the Domain and then they all come back online.

This is not related to the stunnel problem, and all certificates are commercial valid ones. Also all accounts have their RSA keys and CRTs correctly setup within their Cpanel and under the relevant /usr/share/ssl/ directories.

Anyone know why this keeps re-occurring and how to stop it?!

Regards,
Suhail.

 

[oshs]

Anyone? This is a really irritating recurring problem!

 

[cPanelKenneth]

Your best option is to open a support ticket when that happens so we can see what is occuring and resolve it.

 

[SpringChicken]

Thank you suhail !

I had the same issue. followed multiple threads and fixes for stunnel, even cpanel upgrades with no luck. reinstalled one certificate through whm and they all came back.

 

[richy]

Odd, I've never experienced this and we've got over 100 active SSL sites.... The only thing I can think of is if ipaliases has stopped on the server ( /sbin/service ipaliases restart should fix it if so: I've noticed sometimes that if a server is rebooted it only restarts ipaliases 90% of the time)

 

[casey]

Hi,

Okay this is really irritating me now! Every so often on a number of Cpanel servers, https domains stop working altogether. The only solution is to re-install the certificates for one account via WHM >> Web SSL/TLS >> Install a SSL Certificate and Setup the Domain and then they all come back online.

This is not related to the stunnel problem, and all certificates are commercial valid ones. Also all accounts have their RSA keys and CRTs correctly setup within their Cpanel and under the relevant /usr/share/ssl/ directories.

Anyone know why this keeps re-occurring and how to stop it?!

Regards,
Suhail.

Are you saying the certs are actually getting deleted or that you just can't access the sites with https://? If the latter is the case, do the following commands from shell:
service httpd stop
service httpd startssl

And your ssl sites should start working again. As to the cause, is your httpd being stopped and started by some script or process? A normal "service httpd start" won't start the ssl service.

 

[brianoz]

A normal "service httpd start" won't start the ssl service.

"service httpd start" starts SSL sites on a cpanel server. I just did one here and checked.

 

[casey]

"service httpd start" starts SSL sites on a cpanel server. I just did one here and checked.

Not always. Trust me.

 

[brianoz]

Not always. Trust me.

I should qualify my original post by saying that was on Centos - two different versions. So I'd be confident it would start SSL on all Centos hosts. And if it doesn't, for heaven's sake get in there and fix it so it does!!

 

[oshs]

Hi Casey,

Well that worked!

# service httpd startssl

restarts the SSL sites, whilst

# service httpd start

does not start SSL sites.

So the questions is, that when new entries are added to httpd.conf, which scripts restarts Apache as this should be modified?

Server is also runnning SIM to restart Apache if it is unavailable, so perhaps I need to change something in its config.

Regards,
Suhail.

 

[casey]

service httpd start only works for ssl when apache is running normally. If it crashes you need to run startssl. If I'm not mistaken, chkservd will restart apache with ssl, so I would just turn off that function in SIM.

 

[oshs]

Ah yes that makes sense!

I'll give it a go and see how it works.

Thanks!
Suhail.