Author Topic: CWP7 cwpsrv fails first on install, fix this breaks Apache  (Read 1628 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWP7 cwpsrv fails first on install, fix this breaks Apache
« on: January 21, 2019, 06:58:54 PM »
Third install with the same results - utter failure. Everything works fine until you set up your first username/root domain. When you generate an SSL certificate for your root domain (while creating the first user) it breaks the webpanel - cwpsrv service crashes with a hostname certificate conflict.
Code: [Select]
Jan 21 13:33:38 helium11 systemd: Stopped CentOS Web Panel service (daemon).
Jan 21 13:33:38 helium11 systemd: Starting CentOS Web Panel service (daemon)...
Jan 21 13:33:38 helium11 cwpsrv: cwpsrv: [emerg] SL_CTX_use_PrivateKey_file("/etc/pki/tls/private/hostname.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Jan 21 13:33:38 helium11 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test failed
Jan 21 13:33:38 helium11 systemd: cwpsrv.service: control process exited, code=exited status=1
Jan 21 13:33:38 helium11 systemd: Failed to start CentOS Web Panel service (daemon).
Jan 21 13:33:38 helium11 systemd: Unit cwpsrv.service entered failed state.
Jan 21 13:33:38 helium11 systemd: cwpsrv.service failed.
Jan 21 13:33:44 helium11 systemd: cwpsrv.service holdoff time over, scheduling restart.
Jan 21 13:33:44 helium11 systemd: Stopped CentOS Web Panel service (daemon).
Jan 21 13:33:44 helium11 systemd: Starting CentOS Web Panel service (daemon)...
Jan 21 13:33:44 helium11 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
Jan 21 13:33:44 helium11 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
Jan 21 13:33:44 helium11 systemd: Started CentOS Web Panel service (daemon).
Jan 21 13:33:47 helium11 systemd: Stopping CentOS Web Panel service (daemon)...
Jan 21 13:33:47 helium11 systemd: Stopped CentOS Web Panel service (daemon).
Jan 21 13:33:47 helium11 systemd: Starting CentOS Web Panel service (daemon)...
Jan 21 13:33:47 helium11 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
Jan 21 13:33:47 helium11 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
Jan 21 13:33:47 helium11 systemd: Started CentOS Web Panel service (daemon).
Jan 21 13:35:01 helium11 systemd: Started Session 9 of user root.
Jan 21 13:35:52 helium11 systemd: Stopping Web server Apache...
Jan 21 13:35:53 helium11 systemd: Stopped Web server Apache.
Jan 21 13:35:53 helium11 systemd: Starting Web server Apache...
Jan 21 13:35:53 helium11 systemd: httpd.service: control process exited, code=exited status=1
Jan 21 13:35:53 helium11 systemd: Failed to start Web server Apache.
Jan 21 13:35:53 helium11 systemd: Unit httpd.service entered failed state.
Jan 21 13:35:53 helium11 systemd: httpd.service failed.
Jan 21 13:36:25 helium11 dbus[4436]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
Jan 21 13:36:25 helium11 systemd: Starting Hostname Service...
Jan 21 13:36:25 helium11 dbus[4436]: [system] Successfully activated service 'org.freedesktop.hostname1'
Jan 21 13:36:25 helium11 systemd: Started Hostname Service.
Jan 21 13:36:31 helium11 systemd: Unit httpd.service cannot be reloaded because it is inactive.
Jan 21 13:36:32 helium11 systemd: Unit httpd.service cannot be reloaded because it is inactive.
Jan 21 13:36:42 helium11 systemd: Starting Web server Apache...
Jan 21 13:36:43 helium11 systemd: httpd.service: control process exited, code=exited status=1
Jan 21 13:36:43 helium11 systemd: Failed to start Web server Apache.
Jan 21 13:36:43 helium11 systemd: Unit httpd.service entered failed state.
Jan 21 13:36:43 helium11 systemd: httpd.service failed.
Jan 21 13:38:14 helium11 systemd: Unit httpd.service cannot be reloaded because it is inactive.
Jan 21 13:38:23 helium11 systemd: Starting Web server Apache...
Jan 21 13:38:24 helium11 systemd: httpd.service: control process exited, code=exited status=1
Jan 21 13:38:24 helium11 systemd: Failed to start Web server Apache.
Jan 21 13:38:24 helium11 systemd: Unit httpd.service entered failed state.
Jan 21 13:38:24 helium11 systemd: httpd.service failed.

This is a copy of the log after I ran the only thing that resolves the hostname.crt mismatch. In order to get the panel back up, I had to run:

sh /scripts/generate_hostname_ssl

This allows cwpsrv.service to start and the panel is accessible. The problem comes thereafter as you can see from my log - generating a new certificate totally breaks Apache. I have been having this problem for 2 to 3 weeks and cannot get past the breakdown of Apache. I have rebuilt vhosts and done everything I can think of and Apache stays broken.

Do you as developers ever install this panel to make sure it works properly and does not crash after you push updates? This is incredibly aggravating and makes CWP7 utterly worthless as it can only host the panel while Apache is broken.

Please ask for any logs, but none are more interesting than what I posted above and below. I just want a developer to try and install the panel and create a username who's domain is secured with SSL and see what I am describing happen before your own eyes. I am totally sick of this!!! Three weeks with no working hosting is not acceptable and experimenting time and time again just uses all of my Let's Encrypt certs until I have to wait another week before starting over just to have it break again identically.

systemctl status httpd.service -l
Code: [Select]
[root@helium11 ~]# systemctl status httpd.service -l
● httpd.service - Web server Apache
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2019-01-21 14:16:27 EST; 20s ago
  Process: 20981 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=0/SUCCESS)
  Process: 18562 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 2013 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
 Main PID: 18977 (code=exited, status=0/SUCCESS)

Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Starting Web server Apache...
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Failed to start Web server Apache.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Unit httpd.service entered failed state.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service failed.

journalctl -xe
Code: [Select]
-- Unit httpd.service has begun starting up.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Unit httpd.service entered failed state.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service failed.
Jan 21 14:17:01 srv1.mydomain.com run-parts(/etc/cron.daily)[2648]: finished maldet
Jan 21 14:17:01 srv1.mydomain.com run-parts(/etc/cron.daily)[2654]: starting man-db.cron
Jan 21 14:17:11 srv1.mydomain.com run-parts(/etc/cron.daily)[18276]: finished man-db.cron
Jan 21 14:17:11 srv1.mydomain.com run-parts(/etc/cron.daily)[18278]: starting mlocate
Jan 21 14:17:12 srv1.mydomain.com run-parts(/etc/cron.daily)[18287]: finished mlocate
Jan 21 14:17:12 srv1.mydomain.com run-parts(/etc/cron.daily)[18289]: starting rkhunter
Jan 21 14:17:34 srv1.mydomain.com kernel: perf: interrupt took too long (2521 > 2500), lowering kernel.perf_event_max_sample_rate to 79000

There is nothing in the Apache error log that is helpful - I know the configuration has failed:

Code: [Select]
[Mon Jan 21 13:20:27.891310 2019] [mpm_event:notice] [pid 18977:tid 140169689966464] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Mon Jan 21 13:20:27.891371 2019] [core:notice] [pid 18977:tid 140169689966464] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Mon Jan 21 13:35:52.999279 2019] [mpm_event:notice] [pid 18977:tid 140169689966464] AH00492: caught SIGWINCH, shutting down gracefully
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed

Code: [Select]
[root@helium11 ~]# /usr/local/apache/bin/apachectl -t
Syntax OK
« Last Edit: January 21, 2019, 07:47:35 PM by DA_MAN »

Offline
*
Re: CWP7 cwpsrv fails first on install, fix this breaks Apache
« Reply #1 on: January 22, 2019, 08:15:10 PM »
After running:
Code: [Select]
strace -f -o apache.trace /usr/local/apache/bin/httpd
I took a guess that is was a certificate mismatch or mess up on the first user root domain, so I deleted the certificate and Apache restarted without issue. This was not a big shocker considering what broke cwpsrv.service was a hostname mismatch (for the CWP panel) that occurred right after I created the first user account with an SSL domain.

Something is wrong with you Let's Encrypt SSL generation. I fear generating an SSL again for this site because I will be pushing running out of my allotment of SSL's before getting any websites (well Apache) to work and stay working.

Could someone give me some guidance as well as look into either what the dev's changed about the Let's Encrypt SSL generation scripts in CWP along with what certbot/Let's Encrypt might have changed about their system in the last month?

I had no issues like this prior until you guys pushed a bunch of updates.

Oh and I am a paid Pro user...
« Last Edit: January 22, 2019, 08:17:48 PM by DA_MAN »

Offline
*
Re: CWP7 cwpsrv fails first on install, fix this breaks Apache
« Reply #2 on: January 22, 2019, 08:24:44 PM »
Creating the certificate for the domain manually works and did not (yet) break either the cwpsrv or httpd services. Someone needs to take a look at the SSL generation script(s) used when you check the SSL option while creating a domain, there is something wrong with it.