I recently ran into an odd problem with my ssl certificate, and wanted to document the errors and solution.
History:
My SME server ran out of disk space at some point. While disk space was unavailable, new ssl certificates were generated. This resulted in certificate files in place with zero bytes of content.
Symptoms:
1. Console error (physical monitor or vmware console session only; this error did not appear in any log file):
Syntax error on line 151 of /etc/httpd/conf/httpd.conf: SSLCertificateFile: file '/home/e-smith/ssl.crt/<host>.<primaryDomain>.crt' does not exist or is empty2. Attempts to create a new ssl.crt produced this error in /var/log/messages:
ERROR in /etc/e-smith/templates//home/e-smith/ssl.crt: Program fragment delivered error <<RSACERT kid exited 256 at /etc/e-smith/templates//home/e-smith/ssl.crt line 83.>> at template line 1
Aug 27 07:53:39 <host> esmith::event[1355]: WARNING in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: ERROR: Template processing failed for //home/e-smith/ssl.crt/<host>.<primaryDomain>.crt: 1 fragment generated warnings, 1 fragment generated errorsSolution:
To resolve the issue, I needed to delete the empty ssl certificate files and run the 'domain-modify' event:
cd /home/e-smith
rm -f ssl.key/*.key
rm -f ssl.pem/*.pem
rm -f ssl.crt/*.crt
signal-event domain-modify
I also learned that all three ssl-related files:
/home/e-smith/ssl.key/<host>.<primaryDomain>.key
/home/e-smith/ssl.pem/<host>.primaryDomain>.pem
/home/e-smith/ssl.crt/<host>.primaryDomain>.crt
Are created from the "ssl.pem" template:
expand-template /etc/e-smith/templates/home/e-smith/ssl.pem
1 Replies
1213 Views