The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL for WHM reset?

Discussion in 'General Discussion' started by dezignguy, Dec 3, 2004.

  1. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    A Reboot Reset my WHM SSL Cert???

    Annoying thing just happened... WHM (secure) pops up with a generic 'cannot connect / connection refused / cannot find server or dns error' etc depending on the browser. I had just rebooting into the new redhat kernel. Checked the obvious stuff, no it's not the firewall, restarted cpanel. It's something to do with the SSL cert for WHM. Because I can access WHM just fine on the insecure port. My secure mail is also giving me problems, etc. So I'm positive it's something to do with the cert.

    Now, I actually did have similar problems a while back... with a cpanel self-generated certificate. However, I was able to regenerate a self-signed certificate and it was fine after that (except for giving me a 30 day cert ;-P - bug in cpanel) But shortly after I wound up buying a signed third party cert and installed that. It's been working fine for months... several reboots. And now something goes screwy with it. The Apache httpd.conf is fine - no errors. I checked the domain.cert and the domain.key files that apache loads for that domain. They seem to match my cert exactly. So I decided I just had to reinstall the certificate. So I reinstalled it through the whm page... the first link under SSL, intended solely for cpanel's certificate. No worky. Apache has been restarted. Stunnel has been restarted. And I should mention that my other SSL domains work fine... it's just the main server domain.

    I've rather run out of ideas to try... anyone have anything else?
    I'm about to upgrade cpanel to the latest release (instead of the latest stable) in hopes that it might fix the issue... however, I don't remember seeing anything about SSL mention in the changelog - and I keep a fairly close eye on it. So I'm not too hopeful.
     
    #1 dezignguy, Dec 3, 2004
    Last edited: Dec 3, 2004
  2. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    OK.. I can't figure it out...

    I've completely removed the server host name domain's server.domain.com.certs and all its server.domain.com.key files. Then I reinstalled the signed third party cert through WHM (non secure - blarg). So it's the only cert for that domain. The domain works fine for the normal SSL port - 443. The certificate is fine too. BUt it doesn't work at all for the secure 2087 port. "Conneciton Refused" It's not a network or firewall issue... I get the same behavior connecting from a webbrowser on the local machine as well. It must be CPANEL that is the problem... or one of cpanel's managed programs, like Stunnel.

    Just to be sure, I booted back into my old redhat kernel. Still no luck. I've checked a few log files and they seem to be fine. No errors. At least for SSL, and othe rsystems in general.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I have seen issues with this if you're using a chained-certificate. Does your registered cert use a ca-bundle? If so, I think that if you use it for WHM access you have to manually add the cabundle in yourself. Could be wrong and would have to check myself, but it's an idea. If you don't use a ca-bundle with it, that's obviously not it ;)
     
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Nope. It's not a chained certificate. And it worked for months without a CA bundle installed with it.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you do a the following is WHM even running up on port 2087:

    netstat -lpn | grep 2087
     
  6. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    actually, i suppose it's not running. I see no indication that it is. At least not on the secure port. It's running on the non-secure port. A restart of cpanel, and of the server itself doesn't change anything.
     
  7. bwalla

    bwalla Member
    PartnerNOC

    Joined:
    Aug 20, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dallas, TX
    Secure port is working, redirects are not. Getting the 'cannot connect / connection refused / cannot find server or dns error' when using /cpanel /whm or /webmail (not good because no secure webmail) Any others having similar issue?
     
  8. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    What cpanel version are you running? Have you checked that your redirects exist in the httpd.conf? Have you restarted cpanel?


    Still no resolution for my issue... I want my datacenter to bump it up to Cpanel support soon.
     
  9. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Ahh ok... Here's some more light shed on the issue... it actually seems to be a cgi/suexec issue.

    I get these lines in the suexec log whenever I try to load securewhm:

    Code:
    [2004-12-06 02:29:31]: info: (target/actual) uid: (apache/apache) gid: (apache/apache) cmd: whmredirect.cgi
    [2004-12-06 02:29:31]: crit: cannot run as forbidden uid (48/whmredirect.cgi)
    I just rebuilt apache (/scripts/easyapache) and have already updated cpanel to the latest Release (160). Still doesn't work.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I wonder if you've got the wrong ownership on the file. Here's mine (there are a few of those or similar scripts):

    Code:
    [B]locate whmredirect.cgi | xargs ls -la[/B]
    -rwxr-xr-x    1 root     wheel         214 Aug 18 23:07 /usr/local/cpanel/base/swhmredirect.cgi
    -rwxr-xr-x    1 root     wheel        1157 Aug 18 23:07 /usr/local/cpanel/base/whmredirect.cgi
    -rwxr-xr-x    1 root     wheel         538 Nov 25 10:12 /usr/local/cpanel/cgi-sys/swhmredirect.cgi
    -rwxr-xr-x    1 root     wheel        1322 Nov 25 10:12 /usr/local/cpanel/cgi-sys/whmredirect.cgi
    
     
  11. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Yep, that's what I was thinking at first... but I checked the permissions and ownership and they looked good.

    Code:
    locate whmredirect.cgi | xargs ls -la
    -rwxr-xr-x    1 root     wheel         214 Oct  2  2002 /usr/local/cpanel/base/swhmredirect.cgi
    -rwxr-xr-x    1 root     wheel        1157 Feb  3  2004 /usr/local/cpanel/base/whmredirect.cgi
    -rwxr-xr-x    1 root     wheel         538 Dec  3 03:38 /usr/local/cpanel/cgi-sys/swhmredirect.cgi
    -rwxr-xr-x    1 root     wheel        1322 Dec  3 03:38 /usr/local/cpanel/cgi-sys/whmredirect.cgi
     
  12. Pda0

    Pda0 Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    I verified I had the same error today, on my release-160 cpanel.

    The problem resides in that for some reason the secure whm redirect cgi doesnt have an appropiate variable set (Don't ask me why this changed in latest releases)

    Fix:----------

    cd /usr/local/cpanel/cgi-sys
    cp swhmredirect.cgi swhmredirect.cgi.orig
    vi swhmredirect.cgi
    AFTER
    use Sys::Hostname qw(hostname);
    ADD
    my $rdhost = $ENV{'HTTP_HOST'};

    --------------

    Worked for me

    .pd
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  14. cPanelBilly

    cPanelBilly Guest

    bug has been replicated
    patch has been verified and sent to devel
     
  15. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Excellent... however, my issues seem to be a bit more complicated. I'm still having issues with stunnel.

    Here's what the tech helping me said:

    I've just done a /scripts/upcp --force, but that hasn't helped anything. I'm not sure how to reinstall cpanel's stunnel. It seems to be running this: stunnel 4.04 on i386-redhat-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003
     
Loading...

Share This Page