Author Topic: CWP hostname certificate not renewed  (Read 18006 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWP hostname certificate not renewed
« on: September 12, 2017, 08:19:53 AM »
For smoe reason the SSL certs on the server did not autorenew although AutoSSL is used - I therefore manually updated all certs, that worked - I did though assume that renewal was automatic?

BUT - the server hostname cert gives some problems.

It expired and I therefore tried to go to 'change hostname' page and hit the 'change hostname' but kept the name.

The output showed that the cert was renewed, but the browser showed that it doesnīt work.

I restarted httpd, restarted cwp, cleared cache in browser - to no avail - it still shows the old cert...?

What has to be done to make it show correct?


Offline
**
Re: CWP hostname certificate not renewed
« Reply #1 on: September 13, 2017, 08:22:46 AM »
Did you have server hostname mentioned in Let's Encrypt Config file /usr/local/cwpsrv/conf/cwpsrv.conf   ???
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!

Offline
*
Re: CWP hostname certificate not renewed
« Reply #2 on: September 13, 2017, 08:36:00 AM »
try to change hostname and then return it back to old

Regarding auto renewal try to contact cwp development to check it
http://centos-webpanel.com/contact
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: CWP hostname certificate not renewed
« Reply #3 on: September 13, 2017, 09:25:57 AM »
Did you have server hostname mentioned in Let's Encrypt Config file /usr/local/cwpsrv/conf/cwpsrv.conf   ???


# months ago this server started with CentOs7 and newest cwp - adding the hostname perfectly created the ssl cert.

A few days ago the SSL certs ran out although they were made via AutoSSL and therefore should autorenew themselves - neither the hostname cert or any of the other certs made at the same time, autorenewed.

I therefore ran autorenew of the non-hostname ssl certs and that worked just fine.

I then went to 'change hostname' kept the old hostname and clicked 'change hostname'

The ssl cert renewed with no problem, but now the hostname cert is still using the old cert and the services Dovecot and Postfix now uses the CWP generated certificate instead of the correct one, that is, the same as the hostname should use

When checking the certs at the ssl cert location, I see that the certs are indeed the new ssl cert and when checking the Dovecot and Postfix ssl settings they are also set to use the new hostname ssl just as they are supposed to do, but they are indeed using the wrong and cwp generated selfsigned cert...

Checking the certs location /etc/pki/... I see that there seems to be a few redirects from dovecot/postfix/ and others eg.:

link server-postfix.crt → /etc/pki/tls/certs/hostname.crt

I donīt remember if they were ther before, but it seems as if these links could make a kind of loop sending the application to look the wrong place for the certs...

I think this is a bug created by CWP when creating the SSL certs, as it seems it creates aīcorrect AutoSSL letsencrypt cert when clicking the 'change hostname' but at the same time creates an autogenerated selfsigned ssl cert and creates links to these selfsigned certs instead of using the correct AutoSSL generated certs...

I have not enough insight to see what will happen if I just delete the links mentioned above, if the system will know to use the correct AutoSSL generated certs when the links are gone...

My thoughts are - if it worked just fine before I ran the renewal, why is there a problem after I ran the renewal?

Anybody outthere know of a solution?
« Last Edit: September 13, 2017, 09:28:01 AM by muscator »

Offline
*
Re: CWP hostname certificate not renewed
« Reply #4 on: September 13, 2017, 09:40:13 AM »
try to change hostname and then return it back to old

Regarding auto renewal try to contact cwp development to check it
http://centos-webpanel.com/contact

I can see others that are facing the same problem with autorenewal failing, so it seems to be a bug

Offline
*
Re: CWP hostname certificate not renewed
« Reply #5 on: September 13, 2017, 01:13:07 PM »
when changing hostname have you got info that autoSSL was installed ?
In case that autoSSL installed certificate output would give you certificate in your browser, if you don't get any ssl output then it generates self signed certificate.

One more important thing is that you need to rebuild your mail server after changing your hostname.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: CWP hostname certificate not renewed
« Reply #6 on: September 13, 2017, 02:30:10 PM »
when changing hostname have you got info that autoSSL was installed ?
In case that autoSSL installed certificate output would give you certificate in your browser, if you don't get any ssl output then it generates self signed certificate.

One more important thing is that you need to rebuild your mail server after changing your hostname.

As mentioned in my description above, the 'change hostname' action produced a valid AutoSSL cert, whereas this cert do not show, instead it shows the expired old autossl cert, whereas the Postfix and Dovecot services now use the new self signed cert instead of the correct and new hostname autossl cert which it did before I renewed it via 'change hostname' option...

As also mentioned - everythong worked 100% correct from startup 3 months ago and until autorenewal failed a few days ago...

In my eyes a clear bug.


Offline
*
Re: CWP hostname certificate not renewed
« Reply #7 on: September 20, 2017, 09:48:30 AM »
Hmnnn - after checking a lot I have not found out, that if I check the AutoSSL cert via eg.sslchecker.com or similar, the cer is alright when checking in the form my.domain.com and port 443 also in the browser it is allright and shows the correct cert.

When checking on my.domain.com:2031 it shows the old expired cert in browser and sslchecker

Yes - I have used service cwpsrv start, several times but to no avail, yes, I have restarted httpd, yes, I have cleared cache in browser, yes, I have tried a completely new browser..

Apparently it is some kind of redirect in CWP that doesnīt work as it should for the hostname, but I canīt seem to find that redirect anywhere....?

Anybody got an idea...?


Offline
*
Re: CWP hostname certificate not renewed
« Reply #8 on: September 21, 2017, 08:38:19 AM »
Ok - Igor came with a command I didnīt see anywhere in the FAQ or elsewhere, but it did the trick:

/scripts/restart_cwpsrv

Unfortunately it seems to have started a new problem in the Postfix with clamd looping, but thatīs another issue..