Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

whmapi1 command and cPanel ssl showing different

Discussion in 'cPanel Developers' started by syslint, Nov 1, 2017.

Tags:
  1. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,
    We have see this issue in a number of cpanel servers running cpanel version 11.66.0.29 .

    Issue : The whmapi command for ssl fetch is not showing the correct cab,cert and key data , which the userdata file show the correct . See a sample below,
    Code:
    [root@ ~]#   /usr/sbin/whmapi1 fetchsslinfo domain=foo.com
    ---
    data:
      cab: ''
      crt: "-----BEGIN CERTIFICATE-----\nMIID5T  Here show the crt Os0=\n-----END CERTIFICATE-----"
      crt_origin: root
      domain: foo.com
      ip: 195.154.150.150
      key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBA Here show the key ldNquX21alQ==\n-----END RSA PRIVATE KEY-----"
      key_origin: root
      searched_users:
        - root
        - foo
      user: foo
    metadata:
      command: fetchsslinfo
      reason: OK
      result: 1
      version: 1
    [root@ ~]#
    [root@ ~]# grep ssl /var/cpanel/userdata/foo/foo.com_SSL
    ssl: 1
    sslcacertificatefile: /var/cpanel/ssl/installed/cabundles/cPanel_Inc__681917bfb43af6b642178607e0b36ccc_1747526399.cabundle
    sslcertificatefile: /var/cpanel/ssl/installed/certs/foo_com_d96d6_0fd5f_1517356799_a1518802651388e6fd31d3c05a898509.crt
    sslcertificatekeyfile: /var/cpanel/ssl/installed/keys/d96d6_0fd5f_41c7db227a6a43b836f8fd4bb8001ff7.key
    [root@server33 ~]#
    
    
    I think the whmapi command must show the correct contents of all these files. Some how it is now showing the cab files data. If this is the case , then I think it is a bug in whmapi system . If not correct me.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Have you installed any third-party web server applications such as Nginx on this server?

    Thank you.
     
  3. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi,

    Yes , we have nginx. But that is not the problem. Whether nginix exist or not, why the whmapi command show wrong' informations.?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,509
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  5. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Ticket is #9036521

    We also found , those domains having issue showing multiple ssl cache files. May be your whmapi is reading from the wrong file
    Code:
    
    -rwxr-x--x 1 root root 3369 Aug 21 16:04 /var/cpanel/ssl/installed/certs/foo.com_aea55_f8dc5_1534878225_e08196c40a524ecab2cb06f96f9cee87.crt.cache*
    -rw-r--r-- 1 root mail 1963 Nov 11 09:53 /var/cpanel/ssl/installed/certs/foo.com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt
    -rwxr-x--x 1 root root 4936 Nov 11 09:53 /var/cpanel/ssl/installed/certs/foo.com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt.cache*
    -rwxr-x--x 1 root root 4463 Nov 11 09:36 /var/cpanel/ssl/installed/certs/foo.com_b0b82_9b71b_1518220799_3cf941af0e9dd4db12ee7dc67a6209fd.crt.cache*
    -rwxr-x--x 1 root root 4985 Nov 10 04:48 /var/cpanel/ssl/installed/certs/foo.com_b4384_3c547_1511222399_ba1b35a51932e0baf7f266c2432da9c3.crt.cache*
    
    Only of the cache file is correct others are invalid.
     
  6. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    May be this will help
    1) Apache use the cert file /var/cpanel/ssl/installed/certs/foo_com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt => This is the correct file. It is same as in /var/cpanel/ssl/apache_tls/foo.com/combined , but
    2) whmapi command is reading from the file /var/cpanel/ssl/system/certs/foo_com_af340_86233_1540752034_017c06e605deffd8c162a0d5c64e01fd.crt , which is the wrong certificate,

    Why whmapi is reading from the wrong file ? I think it is a bug
     
  7. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    The command "/usr/sbin/whmapi1 fetchsslinfo " is full of bugs, right now three issues

    1) Show wrong certificates while apache show the correct one
    2) Don't show CAB
    3) Show nothing even if the domain have ssl

    These three issues are facing a number of servers randomly. It is probably with reading the cached data or wrong files . You should make both apache and whmapi1 read from the same files.
     
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,468
    Likes Received:
    21
    Trophy Points:
    148
    cPanel Access Level:
    DataCenter Provider
  9. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,468
    Likes Received:
    21
    Trophy Points:
    148
    cPanel Access Level:
    DataCenter Provider
  10. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    That wrong description on the document page really made a conflict. So I think which don't have an api to retrieve the current ssl certificate of a single domains. Instead it have an api to get all certificates.
    whmapi1 fetchsslinfo => Only retrieve previously installed ssl certificates and it won't show the current installed ssl certificates ( still the documentation says "This function retrieves certificate information." )

    We get rid of this api call to solve the app issue.

    Thank you very much Nick :)
     
Loading...

Share This Page