Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

whmapi1 command and cPanel ssl showing different

Discussion in 'cPanel Developers' started by syslint, Nov 1, 2017.

Tags:
  1. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,
    We have see this issue in a number of cpanel servers running cpanel version 11.66.0.29 .

    Issue : The whmapi command for ssl fetch is not showing the correct cab,cert and key data , which the userdata file show the correct . See a sample below,
    Code:
    [root@ ~]#   /usr/sbin/whmapi1 fetchsslinfo domain=foo.com
    ---
    data:
      cab: ''
      crt: "-----BEGIN CERTIFICATE-----\nMIID5T  Here show the crt Os0=\n-----END CERTIFICATE-----"
      crt_origin: root
      domain: foo.com
      ip: 195.154.150.150
      key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBA Here show the key ldNquX21alQ==\n-----END RSA PRIVATE KEY-----"
      key_origin: root
      searched_users:
        - root
        - foo
      user: foo
    metadata:
      command: fetchsslinfo
      reason: OK
      result: 1
      version: 1
    [root@ ~]#
    [root@ ~]# grep ssl /var/cpanel/userdata/foo/foo.com_SSL
    ssl: 1
    sslcacertificatefile: /var/cpanel/ssl/installed/cabundles/cPanel_Inc__681917bfb43af6b642178607e0b36ccc_1747526399.cabundle
    sslcertificatefile: /var/cpanel/ssl/installed/certs/foo_com_d96d6_0fd5f_1517356799_a1518802651388e6fd31d3c05a898509.crt
    sslcertificatekeyfile: /var/cpanel/ssl/installed/keys/d96d6_0fd5f_41c7db227a6a43b836f8fd4bb8001ff7.key
    [root@server33 ~]#
    
    
    I think the whmapi command must show the correct contents of all these files. Some how it is now showing the cab files data. If this is the case , then I think it is a bug in whmapi system . If not correct me.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,754
    Likes Received:
    1,886
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Have you installed any third-party web server applications such as Nginx on this server?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi,

    Yes , we have nginx. But that is not the problem. Whether nginix exist or not, why the whmapi command show wrong' informations.?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,754
    Likes Received:
    1,886
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Ticket is #9036521

    We also found , those domains having issue showing multiple ssl cache files. May be your whmapi is reading from the wrong file
    Code:
    
    -rwxr-x--x 1 root root 3369 Aug 21 16:04 /var/cpanel/ssl/installed/certs/foo.com_aea55_f8dc5_1534878225_e08196c40a524ecab2cb06f96f9cee87.crt.cache*
    -rw-r--r-- 1 root mail 1963 Nov 11 09:53 /var/cpanel/ssl/installed/certs/foo.com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt
    -rwxr-x--x 1 root root 4936 Nov 11 09:53 /var/cpanel/ssl/installed/certs/foo.com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt.cache*
    -rwxr-x--x 1 root root 4463 Nov 11 09:36 /var/cpanel/ssl/installed/certs/foo.com_b0b82_9b71b_1518220799_3cf941af0e9dd4db12ee7dc67a6209fd.crt.cache*
    -rwxr-x--x 1 root root 4985 Nov 10 04:48 /var/cpanel/ssl/installed/certs/foo.com_b4384_3c547_1511222399_ba1b35a51932e0baf7f266c2432da9c3.crt.cache*
    
    Only of the cache file is correct others are invalid.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    May be this will help
    1) Apache use the cert file /var/cpanel/ssl/installed/certs/foo_com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt => This is the correct file. It is same as in /var/cpanel/ssl/apache_tls/foo.com/combined , but
    2) whmapi command is reading from the file /var/cpanel/ssl/system/certs/foo_com_af340_86233_1540752034_017c06e605deffd8c162a0d5c64e01fd.crt , which is the wrong certificate,

    Why whmapi is reading from the wrong file ? I think it is a bug
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    The command "/usr/sbin/whmapi1 fetchsslinfo " is full of bugs, right now three issues

    1) Show wrong certificates while apache show the correct one
    2) Don't show CAB
    3) Show nothing even if the domain have ssl

    These three issues are facing a number of servers randomly. It is probably with reading the cached data or wrong files . You should make both apache and whmapi1 read from the same files.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,480
    Likes Received:
    30
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
  9. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,480
    Likes Received:
    30
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
  10. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    262
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    That wrong description on the document page really made a conflict. So I think which don't have an api to retrieve the current ssl certificate of a single domains. Instead it have an api to get all certificates.
    whmapi1 fetchsslinfo => Only retrieve previously installed ssl certificates and it won't show the current installed ssl certificates ( still the documentation says "This function retrieves certificate information." )

    We get rid of this api call to solve the app issue.

    Thank you very much Nick :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice