Pre-note: The certificates was purchased from a vendor and are valid till 2018
Our Apache for one of our servers (Ubuntu 12.04) crashed this morning. Trying to restart Apache kept giving us the following error message
[Wed Jun 03 12:21:51.875811 2015] [ssl:emerg] [pid 30534] AH01903: Failed to configure CA certificate chain!
[Wed Jun 03 12:21:51.875846 2015] [ssl:emerg] [pid 30534] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
After removing the following line from apache config
SSLCertificateChainFile /etc/apache2/ssl/wck.bundle
Apache reloaded.
The server did not restart so I am sure no updates where done by accident.
I then proceeded to try and get it up and running on one of the 14.04 Ubuntu servers we own. The same problem occurred with the same certificates. I asked the guy who setup the 14.04 apache and he claims the problem we suddenly experienced today with the 12.04 server has always happened on the 14.04 server.
I tried reproducing the error on my local 14.04 by installing a new Apache and copying the certificates and one of the config files for one of the sites to my local machine. On my local machine after the setup everything worked perfectly.
I have tried comparing openssl versions, lib version between the two 14.04, but everything looks the same. I even upgraded both my local machine and the 14.04 server to ensure the libs and Apache version are identical, but the one works and the other one doesn't and I recon If I can solve this problem for the 14.04 Ubuntu server it will provide me with the information to get the ssl certificate chain up and running on the 12.04 Machine.
Does anyone have an idea why suddenly the 12.04 Ubuntu's Apache would stop working with the ssl certaficate chain and the 14.04 server also produces the same error, but my local 14.04 does not?
Any help would be appreciated.
Thanks in advance.
Related
I've been trying to troubleshoot this problem for some days now.
A couple of minutes after starting an SSH connection to my Namecheap server (on Mac/windows/cPanel's "Terminal"), it crashes and give the following error message :
Error: The connection to the server ended in failure at {TIME} PM. (SIGKILL)
and :
Exit Code: 137
I've tried to create some kind of log file for any SIGKILL signal, but, it seems like none can be made on a Namecheap server :
auditctl doesn't exist,
We can't get systemtap because no package managers are available.
Precision :
uname -a : Linux [-n] 2.6.32-954.3.5.lve1.4.78.el6.x86_64 #1 SMP Thu Mar 26 08:20:27 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
I calculated the time between each crash : around 6min.
I don't have a very good knowledge of Linux servers, and maybe didn't include needed information. So please ask for any specificities!
I try to run my OpenVPN client on my windows 10 machine in order to connect to a remote OpenVPN CentOS 7 server but it does not work. I get the error below:
Options error: --capath fails with 'C:\Users\Desktop\OpenVPN\ca.crt': No such process (errno=3)
Options error: --cert fails with 'C:\Users\Desktop\OpenVPN\Win10client.crt': No such process (errno=3)
Fri Mar 22 22:56:20 2019 WARNING: cannot stat file 'C:\Users\Desktop\OpenVPN\Win10client.key': No such process (errno=3)
Options error: --key fails with 'C:\Users\Desktop\OpenVPN\Win10client.key'
Fri Mar 22 22:56:20 2019 WARNING: cannot stat file 'C:\Users\Desktop\OpenVPN\myvpn.tlsauth': No such process (errno=3)
Options error: --tls-crypt fails with 'C:\Users\Desktop\OpenVPN\myvpn.tlsauth': No such process (errno=3)
This is the config that I have on my ovpn file:
client
tls-client
--capath C:\\Users\\Desktop\\OpenVPN\\ca.crt
--cert C:\\Users\\Desktop\\OpenVPN\\Win10client.crt
--key C:\\Users\\Desktop\\OpenVPN\\Win10client.key
--tls-crypt C:\\Users\\Desktop\\OpenVPN\\myvpn.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote serveraddress 1194 udp
dev tun
topology subnet
pull
Assuming your config file is well done. Try to reinstall openvpn, and put your config file to the c:/program files/openvpn/config folder. Then you can start the openvpn Service. Therefore you dont need to use the Openvpn gui.
Where are my iptables logging Blocked messages? I wonder if this is an OpenVZ issue or something from the scripted install. Note, I'm highly technical, but not a server admin. Could the OpenVZ host be blocking and logging outside of my VSP?
I have two newly installed machines running running text-mode CentOS 7 x64, yum up to date packages, and with iptables/CSF.
Also, I ensured machine #2 has all the packages that are on machine #1, though #2 has some extras.
OpenVZ VPS (installed with their image of CentOS 7 x64)
VMware VM (installed with official CentOS 7 x64 minimal mode)
I performed my extra installs/configs exactly the same on both machines, and I have these lines in /etc/csf/csf.conf
TESTING = "0"
TCP_IN = "22,80,443"
UDP_IN = ""
On the VM, I'm getting these /var/log/messages when I nmap scan it:
Apr 12 17:25:23 mach kernel: Firewall: *UDP_IN Blocked* IN=ens192 OUT= ...
Apr 12 17:25:55 mach kernel: Firewall: *TCP_IN Blocked* IN=ens192 OUT= ...
On the VPS, I'm NOT getting any Firewall /var/log/messages when I nmap scan it... but I think it is properly blocking traffic.
How do I even proceed/diagnose this?
I am trying to configure Zimbra on my Linode (ubuntu). It's been more than 12 continuous hours but I am unable to get it configured correctly. I have followed too many guides from internet already. For the last try, I was trying this: Configure Zimbra and as usual the same error occured. This is the error:
Installing Proxy SSL certificate...done.
Initializing ldap...failed. (28416)
ERROR
Configuration failed
Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
complete the configuration.
Errors have been logged to /tmp/zmsetup05102015-071817.log
And this is the last few lines of log file:
Sun May 10 07:22:20 2015 done.
Sun May 10 07:22:20 2015 Installing LDAP SSL certificate...
Sun May 10 07:22:20 2015 *** Running as root user: /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
Sun May 10 07:22:25 2015 done.
Sun May 10 07:22:25 2015 Installing Proxy SSL certificate...
Sun May 10 07:22:25 2015 *** Running as root user: /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
Sun May 10 07:22:30 2015 done.
Sun May 10 07:22:30 2015 checking isEnabled zimbra-ldap
Sun May 10 07:22:30 2015 zimbra-ldap is enabled
Sun May 10 07:22:30 2015 Initializing ldap...
Sun May 10 07:22:30 2015 *** Running as zimbra user: /opt/zimbra/libexec/zmldapinit
Connection refused at /opt/zimbra/libexec/zmldapinit line 138.
Sun May 10 07:23:13 2015 failed. (28416)
Sun May 10 07:23:13 2015
ERROR
I am not sure, what can be wrong or how to fix it. If any of you have ever faced such problem and know the solution, please let me know.
Thanks
Begin by checking the /tmp/zmsetup05102015-071817.log and then do you have any services that could prevent ldap starting? moreover any ports that may already be in use preventing this?
I am trying to install chef server on linux Ubuntu by following guide on opscode website as it is.
Now the first error that I see on console while installing was:
Setting permissions for user "chef" in vhost "/chef" ...
...done.
Creating config file /etc/chef/solr.rb with new version
* Starting chef-solr chef-solr [fail]
I looked solr.log inside var/log/chef/solr.log
[Wed, 02 May 2012 20:32:02 -0700] FATAL: Chef Solr is not installed or solr_home_path, solr_data_path, and solr_jetty_path are misconfigured.
[Wed, 02 May 2012 20:32:02 -0700] FATAL: Your current configuration is:
[Wed, 02 May 2012 20:32:02 -0700] FATAL: solr_home_path: /var/chef/solr
[Wed, 02 May 2012 20:32:02 -0700] FATAL: solr_data_path: /var/chef/solr/data
[Wed, 02 May 2012 20:32:02 -0700] FATAL: solr_jetty_path: /var/chef/solr-jetty
[Wed, 02 May 2012 20:32:02 -0700] FATAL: You can install Chef Solr using the chef-solr-installer script.
I have followed the tutorial as it is as given on http://wiki.opscode.com/display/chef/Installing+Chef+Server+on+Debian+or+Ubuntu+using+Packages
What could be the issue? Looking at solr.log says " Chef Solr is not installed or solr_home_path, solr_data_path, and solr_jetty_path are misconfigured." I am a windows guy. How can I check if chef solr is installed or there is problem with path in linux?
Can there be any other issue?
I solved this problem by doing the following
created /etc/chef/solr.rb
Containing the following:
Base directory where solr is installed
supportdir = "/srv/chef/support"
Solr Configuration Information
solr_jetty_path File.join(supportdir, "solr", "jetty")
solr_data_path File.join(supportdir, "solr", "data")
solr_home_path File.join(supportdir, "solr", "home" )
Then executed chef-solr-installer
If you are running solr in standalone jetty I think you need to change solr_jetty_path to point to your jetty installation location e.g. /usr/local/jetty. I can only confirm that after further experimentation
Hope that helps you slightly
Most likely you added the wrong apt repository for your distribution.
deb http://apt.opscode.com/ <codename> main
Check this please.
For Ruby 1.8,
/usr/lib64/ruby/gems/1.8/gems/chef-solr-10.16.2/lib/chef/solr/solr_installer.rb is missing
require "fileutils"