whmapi1 command and cPanel ssl showing different

syslint

Well-Known Member
Verifed Vendor
Oct 9, 2006
268
7
168
India
cPanel Access Level
Root Administrator
Twitter
Hello,
We have see this issue in a number of cpanel servers running cpanel version 11.66.0.29 .

Issue : The whmapi command for ssl fetch is not showing the correct cab,cert and key data , which the userdata file show the correct . See a sample below,
Code:
[[email protected] ~]#   /usr/sbin/whmapi1 fetchsslinfo domain=foo.com
---
data:
  cab: ''
  crt: "-----BEGIN CERTIFICATE-----\nMIID5T  Here show the crt Os0=\n-----END CERTIFICATE-----"
  crt_origin: root
  domain: foo.com
  ip: 195.154.150.150
  key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBA Here show the key ldNquX21alQ==\n-----END RSA PRIVATE KEY-----"
  key_origin: root
  searched_users:
    - root
    - foo
  user: foo
metadata:
  command: fetchsslinfo
  reason: OK
  result: 1
  version: 1
[[email protected] ~]#
[[email protected] ~]# grep ssl /var/cpanel/userdata/foo/foo.com_SSL
ssl: 1
sslcacertificatefile: /var/cpanel/ssl/installed/cabundles/cPanel_Inc__681917bfb43af6b642178607e0b36ccc_1747526399.cabundle
sslcertificatefile: /var/cpanel/ssl/installed/certs/foo_com_d96d6_0fd5f_1517356799_a1518802651388e6fd31d3c05a898509.crt
sslcertificatekeyfile: /var/cpanel/ssl/installed/keys/d96d6_0fd5f_41c7db227a6a43b836f8fd4bb8001ff7.key
[[email protected] ~]#
I think the whmapi command must show the correct contents of all these files. Some how it is now showing the cab files data. If this is the case , then I think it is a bug in whmapi system . If not correct me.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
Hello,

Have you installed any third-party web server applications such as Nginx on this server?

Thank you.
 

syslint

Well-Known Member
Verifed Vendor
Oct 9, 2006
268
7
168
India
cPanel Access Level
Root Administrator
Twitter
Hi,

Yes , we have nginx. But that is not the problem. Whether nginix exist or not, why the whmapi command show wrong' informations.?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
Hi,

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.
 

syslint

Well-Known Member
Verifed Vendor
Oct 9, 2006
268
7
168
India
cPanel Access Level
Root Administrator
Twitter
Ticket is #9036521

We also found , those domains having issue showing multiple ssl cache files. May be your whmapi is reading from the wrong file
Code:
-rwxr-x--x 1 root root 3369 Aug 21 16:04 /var/cpanel/ssl/installed/certs/foo.com_aea55_f8dc5_1534878225_e08196c40a524ecab2cb06f96f9cee87.crt.cache*
-rw-r--r-- 1 root mail 1963 Nov 11 09:53 /var/cpanel/ssl/installed/certs/foo.com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt
-rwxr-x--x 1 root root 4936 Nov 11 09:53 /var/cpanel/ssl/installed/certs/foo.com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt.cache*
-rwxr-x--x 1 root root 4463 Nov 11 09:36 /var/cpanel/ssl/installed/certs/foo.com_b0b82_9b71b_1518220799_3cf941af0e9dd4db12ee7dc67a6209fd.crt.cache*
-rwxr-x--x 1 root root 4985 Nov 10 04:48 /var/cpanel/ssl/installed/certs/foo.com_b4384_3c547_1511222399_ba1b35a51932e0baf7f266c2432da9c3.crt.cache*
Only of the cache file is correct others are invalid.
 

syslint

Well-Known Member
Verifed Vendor
Oct 9, 2006
268
7
168
India
cPanel Access Level
Root Administrator
Twitter
May be this will help
1) Apache use the cert file /var/cpanel/ssl/installed/certs/foo_com_af340_86233_1540771199_d040ea0a8af75d8395a2702a146288d8.crt => This is the correct file. It is same as in /var/cpanel/ssl/apache_tls/foo.com/combined , but
2) whmapi command is reading from the file /var/cpanel/ssl/system/certs/foo_com_af340_86233_1540752034_017c06e605deffd8c162a0d5c64e01fd.crt , which is the wrong certificate,

Why whmapi is reading from the wrong file ? I think it is a bug
 

syslint

Well-Known Member
Verifed Vendor
Oct 9, 2006
268
7
168
India
cPanel Access Level
Root Administrator
Twitter
The command "/usr/sbin/whmapi1 fetchsslinfo " is full of bugs, right now three issues

1) Show wrong certificates while apache show the correct one
2) Don't show CAB
3) Show nothing even if the domain have ssl

These three issues are facing a number of servers randomly. It is probably with reading the cached data or wrong files . You should make both apache and whmapi1 read from the same files.
 

syslint

Well-Known Member
Verifed Vendor
Oct 9, 2006
268
7
168
India
cPanel Access Level
Root Administrator
Twitter
That wrong description on the document page really made a conflict. So I think which don't have an api to retrieve the current ssl certificate of a single domains. Instead it have an api to get all certificates.
whmapi1 fetchsslinfo => Only retrieve previously installed ssl certificates and it won't show the current installed ssl certificates ( still the documentation says "This function retrieves certificate information." )

We get rid of this api call to solve the app issue.

Thank you very much Nick :)