Hello Sandeep
I do have
CentOS Linux release 7.9.2009 (Core)
Kernel Version: 3.10.0-1160.21.1.el7.x86_64
CWPpro version: 0.9.8.1055
Apache version: Apache/2.4.39
Nginx version: nginx/1.18.0
CWP webservers configuration Web Servers: nginx-apache
PHP version: 7.4.13 PHP-FPM is forced
I tried to follow your tutorials to upgrade apache and Nginx and have tlsV1.3
To start with I did not understand well if I have to follow both tutorials or, since I do use Nginx, if I do I need to follow only the Nginx tutorial
Being not expert I imagined I needed to follow both
So I started with the apache tutorial,
https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/it all seemed to go well up to last step when I got this error warning:
** (pkttyagent:24849): WARNING **: 11:12:40.375: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
Apache Rebuild Completed
I decided to ignore this warning for the moment and proceeded to follow the second tutorial for Nginx:
https://www.mysterydata.com/how-to-enable-tls-1-3-in-nginx-cwp-centos-7-centos-8-el7-el8/Again all went fine until I got these two error warnings:
** (pkttyagent:11719): WARNING **: 11:28:52.528: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
** (pkttyagent:11865): WARNING **: 11:29:47.478: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
Again decided to ignore for the moment the two erroes and concluded the tutorial up to the step 6.
As I read on Step 7 the following "Step 7 : ONLY FOR CWP : Ensure you create proper template for nginx in CWP else on every webserver build or ssl renew TLS 1.3 will be disabled" I understood that at this point I could test the setup as this is needed to avoid to loose this setup in case of changes
So I run the test as indicated in the first tutorial at
https://www.cdn77.com/tls-testThe result was good except that tls 1 and tls 1.1 was still enabled
Than I tried to check my website and found the 502 Bad Gateway nginx/1.18.0 error
So checked the dashboard and saw that apache was not running, I tried to restart it, it failed to restart, so I clicked on status and got this error message:
● httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2021-04-04 11:53:23 CEST; 1min 11s ago
Process: 3815 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Apr 04 11:53:23 srv.example.com systemd[1]: Starting Web server Apache...
Apr 04 11:53:23 srv.example.com apachectl[3815]: httpd: Syntax error on line 511 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
Apr 04 11:53:23 srv.example.com systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 04 11:53:23 srv.example.com systemd[1]: Failed to start Web server Apache.
Apr 04 11:53:23 srv.example.com systemd[1]: Unit httpd.service entered failed state.
Apr 04 11:53:23 srv.example.com systemd[1]: httpd.service failed.
I tried to find some hints about to solve this error but found none, however I rolled back the server and decided to get more info in order to try repeat the procedure avoiding this errors.
BTW, in your first tutorial in the last line there is a typographic error: the line sh aapache-rebuild-new.sh should be sh apache-rebuild-new.sh
apache is written with 2 a, very simple, if anoyne did not notice it yet, just remove the extra a
Here my questions:
1) Please, are the errors shown at the end of the two procedures to be ignored or there is something wrong?
In case these errors are a matter of concern or critical, what must be done to fix it?
2) Who do use apache + Nginx + php-fpm, must do both the two tutorials OR must do follow only the second tutorial for Nginx?
3) When the tutorial is successfully ended, how tls v1 and tls v1.1 can be disabled?
When following step 7 of the tutorial I imagine that tls v1 and v1.1 must also be removed from the templates otherwise rebuilding vhosts or renewing SSL certificates will be re-enabled...
Is this correct?
4) How exactly can be definitely disabled and removed?
Thank you