[BlueOnyx:24889] Re: AlmaLinux 5210R broken

Colin Jack colin at mainline.co.uk
Mon Apr 5 13:36:31 -05 2021 

Hi Michael,

    > I decided to try out the new AlmaLinux 5210R.
    > 
    > Created a new Aventurin{e} CT and ran through the wizard.
    > All fine and I was able to log in the GUI.
    > Ran a yum update to check I was up to date.
    > Then decided to install an LE cert. Oh dear!
    > 
    > Now cannot access web interface at all.
    This isn't specifically an AlmaLinux issue. It happens on CentOS as well.

    See:

    http://mail.blueonyx.it/pipermail/blueonyx/2021-March/061918.html

    To shake that situation loose you can do this:

    rm -R /etc/admserv/certs/
    mkdir /etc/admserv/certs/

    Then restart CCEd to let it regenerate a self signed SSL certificate for
    the GUI:

    /usr/sausalito/sbin/cced.init restart

    Restart AdmServ:

    systemctl restart admserv

    Check if AdmServ is running:

    systemctl status admserv

    Normally it now should be running *and* have the self signed
    certificate. BUT: It could also be that it shows this error:

    [root at alma admserv]# systemctl restart admserv
    Job for admserv.service failed because the service did not take the
    steps required by its unit configuration.
    See "systemctl status admserv.service" and "journalctl -xe" for details.
    [root at alma admserv]# systemctl status admserv
    ● admserv.service - SYSV: Apache is a World Wide Web server.  It is used
    to serve HTML files and CGI.
       Loaded: loaded (/etc/rc.d/init.d/admserv; generated)
       Active: failed (Result: protocol) since Tue 2021-03-23 11:38:26 -05;
    5s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 3717925 ExecStart=/etc/rc.d/init.d/admserv start
    (code=exited, status=0/SUCCESS)
     Main PID: 11727 (code=exited, status=1/FAILURE)

    Mär 23 11:38:26 alma.smd.net systemd[1]: Starting SYSV: Apache is a
    World Wide Web server.  It is used to serve HTML files and CGI....
    Mär 23 11:38:26 alma.smd.net admserv[3717925]: Starting admin web
    server: AH00526: Syntax error on line 55 of /etc/admserv/conf.d/ssl.conf:
    Mär 23 11:38:26 alma.smd.net admserv[3717925]: SSLCACertificateFile:
    file '/etc/admserv/certs/ca-certs' does not exist or is empty
    Mär 23 11:38:26 alma.smd.net admserv[3717925]: [FAILED]


    As you can see the problem is this:

    Syntax error on line 55 of /etc/admserv/conf.d/ssl.conf
    SSLCACertificateFile: file '/etc/admserv/certs/ca-certs' does not exist
    or is empty

    The self signed SSL certificate doesn't have CA-Certs, but our
    /etc/admserv/conf.d/ssl.conf still has an entry that calls for their
    presence.

    The fix: Edit /etc/admserv/conf.d/ssl.conf and remove this line:

    SSLCACertificateFile /etc/admserv/certs/ca-certs

    That allows you to then restart Admserv again:

    systemctl restart admserv

Up and running! __

Many thanks. Much appreciated.

Colin

More information about the Blueonyx mailing list