Topic: Server manager cannot access

[smnirosh]

ohh. good exercise for me. thanks for bringing me to the track.
https://forums.contribs.org/index.php/topic,50154.msg251731.html#msg251731

[DanB35]

...or you could set up Let's Encrypt using John Crisp's contrib (see https://wiki.contribs.org/Letsencrypt#Install_with_John_Crisp_contrib), and you'll have a valid, trusted cert that will renew itself automatically pretty much forever.

[smnirosh]

Hi friends here i am again on same post,
without doing "Let's Encrypt using John Crisp's contrib", do i have to update certificates eventually? Because today i found that again the certificates are expired on server and httpd was not working. thanks

[Stefano]

if you're not using any external certificate (IOW you're using self signed ones) the certificate renewal is automagically managed by SME

if something isn't working as expected out of the box (and this is the case), you'd open a bug giving us all the details to understand what's wrong

[DanB35]

...or at least give some indication of what you are doing.  Are you using Let's Encrypt at all?  If so, how?  If not, what have you done for a TLS certificate?  What changes have you made to your system?

[smnirosh]

Dear DanB35,
I am not using Let's Encrypt. I have no idea of TLS certificate.
only thing i done recently to the server is https://forums.contribs.org/index.php/topic,52674.msg271443.html#msg271443.

i ran httpd -t
Syntax error on line 136 of /etc/httpd/conf/httpd.conf:
SSLCertificateFile: file '/home/e-smith/ssl.crt/mech.mechdesing.it.crt' does not exist or is empty.

then i followed https://forums.contribs.org/index.php/topic,50154.msg251731.html#msg251731 link to re-enable the certificate, but today i saw that httpd -t is giving me same error.

[DanB35]

A TLS certificate is what you're having trouble with.  You need one, even if it's only one you made yourself (a self-signed one), to enable HTTPS communications.  What's the output of 'config show modSSL'?

Edit:  After you did 'signal-event domain-modify', did /home/e-smith/ssl.crt.mech.mechdesing.it.crt exist?

[smnirosh]

config show modSSL:
modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    TCPPort=443
    access=public
    status=enabled

"After you did 'signal-event domain-modify', did /home/e-smith/ssl.crt.mech.mechdesing.it.crt exist?" YES
(and when the httpd -t gives an error, i checked the /home/e-smith/ssl.crt.mech.mechdesing.it.crt, it existed but 0bytes in size.)

[Stefano]

assuming you did not modify your server and you're not using some kind of customization, this seems a bug, then please go to bugzilla, thank you

[DanB35]

Strange, there should be something in that file.  What's the output of '/sbin/e-smith/audittools/templates'?

[smnirosh]

Strange but after i ran following commands, there are some codes in it.

cd /home/e-smith
rm -f ssl.key/*.key
rm -f ssl.pem/*.pem
rm -f ssl.crt/*.crt
signal-event domain-modify



output of /sbin/e-smith/audittools/templates------
/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeDefault: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25Routers: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeMax: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates/home/e-smith/openvpn/www/serial: MANUALLY_ADDED
/etc/e-smith/templates/home/e-smith/openvpn/www/server.key: MANUALLY_ADDED
/etc/e-smith/templates/home/e-smith/openvpn/www/index.txt: MANUALLY_ADDED
/etc/e-smith/templates/var/service/dnscache.forwarder/root/servers/@: MODIFIED e-smith-dnscache-2.2.0-2.el5.sme

[smnirosh]

this time I also restarted the server using signal-event reboot command as per another forum.
Let's wait couple of days then get back to the same forum again.