Koozali.org: home of the SME Server

continuation of the topic SME Server 10 known issues

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #30 on: April 12, 2021, 03:43:30 PM »
Bonjour.

Yes, the command return (Capture from Putty)

[root@smeserveur ~]# httpd -t
Syntax OK
[root@smeserveur ~]# /sbin/e-smith/audittools/templates
[root@smeserveur ~]#

Then
[root@smeserveur ~]# config show modSSL
modSSL=service
    TCPPort=443
    access=public
    status=enabled
[root@smeserveur ~]#

After

[root@smeserveur ~]# config delprop modSSL CertificateChainFile crt key
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
[root@smeserveur ~]# systemctl is-active httpd-e-smith failed



Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #31 on: April 12, 2021, 04:03:48 PM »
Suite
elinks http://localhost:980/server-manager
are you able to login ?
and doing this way :
Code: [Select]
elinks http://localhost:80/server-manager


Both aren't working, or from the admin console

in case i put the command. Md5 sum is different but it's maybe normal since the elink don't work

[root@smeserveur ~]# openssl rsa -noout -modulus -in /home/e-smith/ssl.key/$HOSTNAME.key |openssl md5
(stdin)= 7493fb457087917da69a16ab3e998b87
[root@smeserveur ~]# openssl x509 -noout -modulus -in /home/e-smith/ssl.crt/$HOSTNAME.crt |openssl md5
(stdin)= 63e4ae38feabb8cde40b1ce5ac


Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #32 on: April 12, 2021, 04:12:25 PM »
Next, after erasing the key and crt files


[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.


If i do a systemctl status  httpd-e-smith.service as asked

[root@smeserveur ~]# systemctl status  httpd-e-smith.service
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since lun. 2021-04-12 16:09:26 CEST; 1min 58s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 16599 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND (code=exited, status=1/FAILURE)
  Process: 16596 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
  Process: 16593 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 16586 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
 Main PID: 16599 (code=exited, status=1/FAILURE)

avril 12 16:09:26 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 12 16:09:26 smeserveur.esh httpd[16599]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 12 16:09:26 smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.cr...empty
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 12 16:09:26 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The Koozali SME Server Apache HTTP Service.
avril 12 16:09:26 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@smeserveur ~]#

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #33 on: April 12, 2021, 04:17:28 PM »
To finish

[root@smeserveur ~]# ll /var/log/httpd/error_log*
lrwxrwxrwx 1 root root   39 12 avril 15:13 /var/log/httpd/error_log -> /var/log/httpd/error_log.20210412151302
-rw-r--r-- 1 root root 1354 12 avril 15:10 /var/log/httpd/error_log.20210412145843
-rw-r--r-- 1 root root 2031 12 avril 15:39 /var/log/httpd/error_log.20210412151302
[root@smeserveur ~]# tail -f   /var/log/httpd/error_log
[Mon Apr 12 15:39:49.253599 2021] [ssl:warn] [pid 9305] AH01906: RSA server certificate is a CA certificate (BasicConstr             aints: CA == TRUE !?)
[Mon Apr 12 15:39:49.253667 2021] [ssl:warn] [pid 9305] AH01909: RSA certificate configured for esh:443 does NOT include              an ID which matches the server name
[Mon Apr 12 15:39:49.253682 2021] [ssl:emerg] [pid 9305] AH02238: Unable to configure RSA server private key
[Mon Apr 12 15:39:49.253697 2021] [ssl:emerg] [pid 9305] SSL Library Error: error:0B080074:x509 certificate routines:X50             9_check_private_key:key values mismatch
[Mon Apr 12 15:39:49.253701 2021] [ssl:emerg] [pid 9305] AH02312: Fatal error initialising mod_ssl, exiting.
[Mon Apr 12 15:39:49.783941 2021] [ssl:warn] [pid 9383] AH01906: RSA server certificate is a CA certificate (BasicConstr             aints: CA == TRUE !?)
[Mon Apr 12 15:39:49.784006 2021] [ssl:warn] [pid 9383] AH01909: RSA certificate configured for esh:443 does NOT include              an ID which matches the server name
[Mon Apr 12 15:39:49.784022 2021] [ssl:emerg] [pid 9383] AH02238: Unable to configure RSA server private key
[Mon Apr 12 15:39:49.784037 2021] [ssl:emerg] [pid 9383] SSL Library Error: error:0B080074:x509 certificate routines:X50             9_check_private_key:key values mismatch
[Mon Apr 12 15:39:49.784040 2021] [ssl:emerg] [pid 9383] AH02312: Fatal error initialising mod_ssl, exiting.


and

[root@smeserveur ~]# systemctl cat httpd-e-smith
# /usr/lib/systemd/system/httpd-e-smith.service
[Unit]
Description=httpd-e-smith The Koozali SME Server Apache HTTP Service
After=network.target remote-fs.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStartPre=/sbin/e-smith/service-status httpd-e-smith
ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare
ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
ExecReload=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -k graceful
ExecStop=/bin/kill -WINCH ${MAINPID}
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
KillSignal=SIGCONT
PrivateTmp=true

[Install]
WantedBy=sme-server.target


and then


[root@smeserveur ~]# systemctl status httpd-e-smith
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since lun. 2021-04-12 16:09:26 CEST; 7min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 16599 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND (code=exited, status=1/FAILURE)
  Process: 16596 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
  Process: 16593 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 16586 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
 Main PID: 16599 (code=exited, status=1/FAILURE)

avril 12 16:09:26 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 12 16:09:26 smeserveur.esh httpd[16599]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 12 16:09:26 smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.crt' does not ... empty
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 12 16:09:26 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The Koozali SME Server Apache HTTP Service.
avril 12 16:09:26 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@smeserveur ~]#



Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #34 on: April 12, 2021, 04:19:15 PM »
So sorry to waste your time. :-(

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #35 on: April 12, 2021, 08:46:28 PM »
do not be sorry.

so both httpd-admin and httpd-e-smith are not running becaus you can not join on  port 980 from the command line.


smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.cr...empty

shows that cert has not been renewed.

and error log shows a mismatch between keys and crt.

also at the openssl test you had different output so there is an issue there

try
Code: [Select]
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl status -l httpd-e-smith
also as httpd-admin seems to have an issue please do
Code: [Select]
systemctl status -l httpd-admin

is it a bare metal machine or vm?

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #36 on: April 13, 2021, 09:01:06 AM »
Hi
[[root@smeserveur ~]# rm /home/e-smith/ssl.*/* -f
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with err                          or code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for d                          etails.
[root@smeserveur ~]# systemctl status -l httpd-e-smith
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Servi                          ce
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendo                          r preset: enabled)
   Active: failed (Result: exit-code) since mar. 2021-04-13 08:53:38 CEST; 11s a                          go
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 14768 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREG                          ROUND (code=exited, status=1/FAILURE)
  Process: 14765 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=                          exited, status=0/SUCCESS)
  Process: 14742 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/http                          d.conf (code=exited, status=0/SUCCESS)
  Process: 14733 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=e                          xited, status=0/SUCCESS)
 Main PID: 14768 (code=exited, status=1/FAILURE)

avril 13 08:53:38 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali                           SME Server Apache HTTP Service...
avril 13 08:53:38 smeserveur.esh httpd[14768]: AH00526: Syntax error on line 146                           of /etc/httpd/conf/httpd.conf:
avril 13 08:53:38 smeserveur.esh httpd[14768]: SSLCertificateFile: file '/home/e                          -smith/ssl.crt/smeserveur.esh.crt' does not exist or is empty
avril 13 08:53:38 smeserveur.esh systemd[1]: httpd-e-smith.service: main process                           exited, code=exited, status=1/FAILURE
avril 13 08:53:38 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The K                          oozali SME Server Apache HTTP Service.
avril 13 08:53:38 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered                           failed state.
avril 13 08:53:38 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
/i]

And
[root@smeserveur ~]# systemctl status -l httpd-admin
● httpd-admin.service - httpd-admin The Koozali SME Server Server-Manager web service
   Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: enabled)
   Active: active (running) since lun. 2021-04-12 16:45:05 CEST; 16h ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 1465 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 1374 ExecStartPre=/sbin/e-smith/service-status httpd-admin (code=exited, status=0/SUCCESS)
 Main PID: 1496 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   Memory: 2.7M
   CGroup: /system.slice/httpd-admin.service
           ├─1496 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           └─1709 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND

avril 12 16:45:00 smeserveur.esh systemd[1]: Starting httpd-admin The Koozali SME Server Server-Manager web service...
avril 12 16:45:05 smeserveur.esh systemd[1]: Started httpd-admin The Koozali SME Server Server-Manager web service.
[root@smeserveur ~]#


And


[root@smeserveur ~]# ls /home/e-smith/ssl.crt
[root@smeserveur ~]# ls /home/e-smith/ssl.key
smeserveur.esh.key
[root@smeserveur ~]#


It's a baremetal

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #37 on: April 13, 2021, 11:27:36 AM »
So for whatever good reason ssl-update does not appear to be recreating your server certificates correctly.


Quote
avril 13 08:53:38 smeserveur.esh httpd[14768]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:

avril 13 08:53:38 smeserveur.esh httpd[14768]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.crt' does not exist or is empty

Can you try this:

Code: [Select]
rm /home/e-smith/ssl.crt/*
rm /home/e-smith/ssl.key/*
rm /home/e-smith/ssl.pem/*
signal-event post-upgrade
signal-event reboot

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Yull

  • *
  • 9
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #38 on: April 13, 2021, 03:42:36 PM »
Hello
Sorry for my English (French)
I had the same problem as you to access server-manager on a backup restore (French) on a SME 10 French installation)
After reading you, I managed to work around the problem in the following way:
- SME 10 installation without restoring the backup
- Server configuration

Modification of the smeserver.tgz backup file with 7-Zip:
Delete files contained in these directories
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.crt \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.key \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.pem \

- Restore the backup from the console
- reboot
- Server configuration (restoring the backup crashed it after the reboot)

And it's good we can access server-manager

Restoring contributions, updating, and more than just testing
« Last Edit: April 13, 2021, 03:44:55 PM by Yull »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #39 on: April 13, 2021, 08:07:29 PM »
Perfect. Like your English!!

Yes it really needs a reboot I think.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #40 on: April 13, 2021, 11:15:56 PM »
Yull
thanks for your post

Hello
Sorry for my English (French)
I had the same problem as you to access server-manager on a backup restore (French) on a SME 10 French installation)
After reading you, I managed to work around the problem in the following way:
- SME 10 installation without restoring the backup
- Server configuration

Modification of the smeserver.tgz backup file with 7-Zip:
Delete files contained in these directories
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.crt \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.key \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.pem \

thanks you pointed one element that was not tested: importation of old keys....
we now use a size of 4096, which is what a lot of security audit now ask for
on sme 9 the key was lower, and it seems that the test to delete it and recreate is not at the right place.
so here is a bug, that you both suffered as you use the self signed certificate, and you found a really nice workaround


- Restore the backup from the console
- reboot
- Server configuration (restoring the backup crashed it after the reboot)

And it's good we can access server-manager

Restoring contributions, updating, and more than just testing
yes as Reetp pointed out after a restore a reboot is mandatory, for two reasons :
- only services planned to be started after installation are up at the end, systemd was not aware he needs to start services that have been enabled during the restore.
- mysql restore process also still depends on a backup




I have however tested the ssl-update event after deleting the old keys of a server, and this is working
I am able to restart httpd-e-smith, so there is something strange there with Raphaël
Code: [Select]
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith

curious to see with the signal-event post-upgrade ; signal-event reboot 

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #41 on: April 15, 2021, 09:33:48 AM »
Bonjour.
Merci Yull pour tes informations. Je suis dans le même cas, avec une installation de sme en français.
Je me permet de résumer mes tests.

Installation of sme10.
Server : update, internet access--> Ok
Client :
 - DHCP : not working--> signal-event e-smith-base-update-->DHCP : Ok
 - Internet : OK
 - Sme-manager : OK
 - //smeserver/primary : Ok
 - Joining the domain : Ok
I try to restore v9.2 through the admin console: no 9 restoration, maybe the signal-event e-smith-base-update remove this possibility.

For JPP, Reinstallation of sme10, restoration during installation,
Server : update, internet access--> Ok
Client:
 - signal-event e-smith-base-update-->Dhcp not working
 - signal-event post-upgrade ; signal-event reboot -->Dhcp : Ok
After rebooting
 - Internet: OK
 - Sme-manager not working
 - //smeserver/primary : not working
 - Joining the domain : not working
Quote
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
signal-event post-upgrade ; signal-event reboot
- Sme-manager : Not working
 - //smeserver/primary : Not working
 - Join domain : Not working
 - ls /home/e-smith/ssl.key-->a key was create
 - ls /home/e-smith/ssl.crt-->nothing

I will try yull's method this afternoon or tomorrow.
Have a nice day.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #42 on: April 15, 2021, 05:50:33 PM »
would you be able to open a second putty terminal and start a
tail -f /var/log/messages

juste before issuing the signal-event ssl-update

then post the result to try to debug that. you could post that as attachement in a bug it would be great

https://bugs.koozali.org/show_bug.cgi?id=11552
« Last Edit: April 15, 2021, 05:57:31 PM by Jean-Philippe Pialasse »

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: continuation of the topic SME Server 10 known issues
« Reply #43 on: April 16, 2021, 01:52:35 PM »
Hello.
In answer to Jean Pierre, I have also posted the answer file in the bugzilla.
Quote
[root@smeserveur ~]# tail -f /var/log/messages
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur mysql.init:   Fatal Error:                           
Apr 16 12:07:55 smeserveur mysql.init:   Calendar is not activated.             
Apr 16 12:07:55 smeserveur mysql.init:   In /usr/share/pear/Horde/Registry.php on line 340
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur mysql.init:   1. Horde_Registry::appInit() /usr/bin/kronolith-convert-to-utc:15
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur /sbin/e-smith/db[4209]: /home/e-smith/db/configuration: OLD horde=service|DbPassword|neo6OloXX0NnD1Zvpd9CnbQcqsjju9HbIWW36VfKDm4oXSA8yhlht0EgVv4Xe8H3uRKGuxuupPPM|SecretKey|J50hffRSvOdrk0a2fX1bbdiWHmBq+1HTIIg+tUjTvyeT3m3rMS+BZuSaPKYJneJvB8ADoTca2znI|access|public|freebusy|enabled|imp|installed|status|enabled
Apr 16 12:07:55 smeserveur /sbin/e-smith/db[4209]: /home/e-smith/db/configuration: NEW horde=service|DbPassword|neo6OloXX0NnD1Zvpd9CnbQcqsjju9HbIWW36VfKDm4oXSA8yhlht0EgVv4Xe8H3uRKGuxuupPPM|KronolithUTC|yes|SecretKey|J50hffRSvOdrk0a2fX1bbdiWHmBq+1HTIIg+tUjTvyeT3m3rMS+BZuSaPKYJneJvB8ADoTca2znI|access|public|freebusy|enabled|imp|installed|status|enabled
Apr 16 12:11:59 smeserveur esmith::event[5237]: Processing event: ssl-update
Apr 16 12:11:59 smeserveur esmith::event[5237]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /etc/dovecot/dovecot.conf
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /etc/httpd/conf/httpd.conf
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_before_auth
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_ciphers
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_protocols
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/ssl/cert.pem
Apr 16 12:11:59 smeserveur esmith::event[5237]: 12667 semi-random bytes loaded
Apr 16 12:11:59 smeserveur esmith::event[5237]: Generating RSA private key, 4096 bit long modulus
Apr 16 12:12:00 smeserveur esmith::event[5237]: ...++
Apr 16 12:12:01 smeserveur esmith::event[5237]: ...++
Apr 16 12:12:01 smeserveur esmith::event[5237]: e is 65537 (0x10001)
Apr 16 12:12:01 smeserveur esmith::event[5237]: problems making Certificate Request
Apr 16 12:12:01 smeserveur esmith::event[5237]: 139673335326608:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.crt: Program fragment delivered error <<Closing openssl pipe reported:  at /etc/e-smith/templates//home/e-smith/ssl.crt line 114.>> at template line 1
Apr 16 12:12:01 smeserveur esmith::event[5237]: WARNING in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: ERROR: Template processing failed for //home/e-smith/ssl.crt/smeserveur.esh.crt: 1 fragment generated errors
Apr 16 12:12:01 smeserveur esmith::event[5237]:  at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 10.
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: Program fragment delivered error <<Could not open crt file: Aucun fichier ou dossier de ce type at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 15.>> at template line 1
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR: Template processing failed for //var/service/qpsmtpd/ssl/cert.pem: 1 fragment generated warnings, 1 fragment generated errors
Apr 16 12:12:01 smeserveur esmith::event[5237]:  at /etc/e-smith/events/actions/generic_template_expand line 56.
Apr 16 12:12:01 smeserveur esmith::event[5237]: Can't opendir(./home): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]:  at /etc/e-smith/events/actions/generic_template_expand line 38.
Apr 16 12:12:01 smeserveur esmith::event[5237]: generic_template_expand=action|Event|ssl-update|Action|generic_template_expand|Start|1618567919 57404|End|1618567921 641968|Elapsed|2.584564
Apr 16 12:12:01 smeserveur esmith::event[5237]: Running event handler: /etc/e-smith/events/actions/adjust-services
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (sigusr1)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised qpsmtpd (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised qpsmtpd (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised sqpsmtpd (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised sqpsmtpd (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised ldap (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Job for ldap.service failed because the control process exited with error code. See "systemctl status ldap.service" and "journalctl -xe" for details.
Apr 16 12:12:01 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl start ldap.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised ldap (reload)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Failed to reload ldap.service: Job type reload is not applicable for unit ldap.service.
Apr 16 12:12:01 smeserveur esmith::event[5237]: See system logs and 'systemctl status ldap.service' for details.
Apr 16 12:12:01 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl reload ldap.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised httpd-e-smith (start)
Apr 16 12:12:02 smeserveur esmith::event[5237]: Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
Apr 16 12:12:02 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl start httpd-e-smith.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:02 smeserveur esmith::event[5237]: adjusting non-supervised httpd-e-smith (reload)
Apr 16 12:12:02 smeserveur esmith::event[5237]: Job for httpd-e-smith.service invalid.
Apr 16 12:12:02 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl reload httpd-e-smith.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:02 smeserveur esmith::event[5237]: adjust-services=action|Event|ssl-update|Action|adjust-services|Start|1618567921 642145|End|1618567922 447084|Elapsed|0.804939

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #44 on: April 17, 2021, 12:37:56 AM »
https://github.com/davidmoten/jenkins-ec2-https/issues/1

suggests one of the needed field to generate a csr is too short or empty

check your /etc/openssl.conf. all fields are mandatory.