rmurthy Posted January 9, 2022 Posted January 9, 2022 Can you please help with updating SSL Certificate for the site pusuluri.heliohost.org/www.pusuluri.heliohost.org? Uploaded to: /home/rmurthy/ssl_cert Contains 2 files 1 - certificate file --> 0001_cert.pem 2 - path to key file(existing private key reused) --> keyfile Thank you
OnEnemy Posted January 9, 2022 Posted January 9, 2022 This support request is being escalated to our root admins.
Krydos Posted January 9, 2022 Posted January 9, 2022 I tried it like 8 different times and every single time it would crash apache and everyone's websites on Ricky would all go offline until I removed your ssl certificates and restarted apache. Only a couple other certificates have done this and I'm not sure why. What service did you use to generate the certificate?
rmurthy Posted January 10, 2022 Author Posted January 10, 2022 I used openssl to generate csr using the private key on my Linux machine. Then requested for letsencrypt signing using certbot manual, certonly mode. I even validated the certificate prior to copying over. Strange it did not work. The only difference from earlier model is that I used openssl to generate csr(used to depend on Cpanel earlier - hadn't updated the certificate since Cpanel) went down. I do this all the time for local certificates I use for my home cloud instance where I use openssl to sign them using my own CA priv key. Let me try using the certificate in a local Apache instance and see if I can figure this out. I am currently not feeling well and might take a day or 2 to check this.
Krydos Posted January 10, 2022 Posted January 10, 2022 The two method's that are confirmed to work is ZeroSSL's https://zerossl.com/ free 90 day certificate, and I've personally used this Windows executable project https://github.com/do-know/Crypt-LE/releases to create let's encrypt free 90 certificates that install just fine too. There was also a guy that purchased a one year certificate from somewhere and it installed just fine too. I think you're the third certificate that didn't work, but I didn't keep track of the non-working ones to compare what it was about them that caused the issue.
rmurthy Posted January 22, 2022 Author Posted January 22, 2022 The same certificate, private key pair worked fine when I tried to setup an apache VH with the domain locally on my Linux machine. Surprised that it is causing problem at your end. Is there anyway you could provide me the log/error being reported by Apache when it fails to start with the certificate. Just curious to find out what is causing this. I have generated another letsencrypt certificate for now and copied the full package(key+cert+chain) to ssl_cert/pusuluri_letsencrypt_20220122.zip Please let me know if you are able to install it. I am unable to login to ricky sftp(port 1373) Login passes but client disconnects(tried both Linux and Windows sftp CLI utilities with same result). For now relying on WebDav which is ok for small file transfers. Wondering if you can help understand why this could be happening. Thank you for your support.
Krydos Posted January 22, 2022 Posted January 22, 2022 15 hours ago, rmurthy said: Surprised that it is causing problem at your end. Is there anyway you could provide me the log/error being reported by Apache when it fails to start with the certificate. Just curious to find out what is causing this. Looking at the log, it looks like apache doesn't know what vhost it's supposed to be using the certificate on. The vhost entry is just blank. Not sure why. 15 hours ago, rmurthy said: I have generated another letsencrypt certificate for now and copied the full package(key+cert+chain) to ssl_cert/pusuluri_letsencrypt_20220122.zip That one worked. There you go https://www.sslshopper.com/ssl-checker.html#hostname=pusuluri.heliohost.org 15 hours ago, rmurthy said: I am unable to login to ricky sftp(port 1373) Login passes but client disconnects(tried both Linux and Windows sftp CLI utilities with same result). For now relying on WebDav which is ok for small file transfers. Wondering if you can help understand why this could be happening. I tested SFTP on Ricky and it works for me, and I know SFTP is working on Ricky for a lot of other people too. Perhaps if you enabled more verbose error logs in your FTP client it would give a clue why just your account isn't connecting. Maybe a wrong password?
rmurthy Posted January 24, 2022 Author Posted January 24, 2022 Thank you for helping with enabling ssl. I'll probably have to figure out why vhost is not properly tagged in the certificate file to understand for future. On the sftp front, login passes and post login sftp client exits with exit status. When using filezilla in debug mode, I see the following error messages that indicate post login an unexpected EOF response from the server Excerpt Command: Pass: ******** Trace: Sent password Trace: Access granted Trace: Opening main session channel Trace: Opened main channel Trace: Started a shell/command Status: Connected to ricky.heliohost.org Trace: Session sent command exit status 1 Error: FATAL ERROR: Received unexpected end-of-file from SFTP server Trace: CSftpControlSocket::OnTerminate without error Trace: CControlSocket::DoClose(66) Trace: CControlSocket::ResetOperation(66) Trace: CSftpConnectOpData::Reset(66) in state 3 Error: Could not connect to server Trace: CFileZillaEnginePrivate::ResetOperation(66)
Krydos Posted January 25, 2022 Posted January 25, 2022 SFTP on Ricky through Filezilla is working just fine for me. I restarted the process though anyways. Can you connect now?
rmurthy Posted January 25, 2022 Author Posted January 25, 2022 I am still unable to SFTP to Ricky. Using 1373 as port and trying to login with the same username and password as that I use with webdav. I see successful login in debug messages, but after that Client disconnects indicating server returned invalid respond/EOF. I have tried CLI sfto tool in both Linux & Windows as well as Filezilla and Winscp, all with the same result. The connection aborts with exit status 1. Cannot find any message that points to any missing setting. Do you see anything in the log for SFTP that might indicate what is happening?
Krydos Posted January 25, 2022 Posted January 25, 2022 Try these settings: Protocol: FTP Host: ricky.heliohost.org Port: 21 Encryption: Use explicit FTP over TLS if available Logon Type: Normal User: rmurthy Password: <same as SFTP> I looked at the logs and all it shows it you logging in successfully and then disconnecting 1 second later.
rmurthy Posted January 26, 2022 Author Posted January 26, 2022 Thank you. I was able to login using explicit ftps.
Recommended Posts