[BlueOnyx:24888] Re: AlmaLinux 5210R broken

Michael Stauber mstauber at blueonyx.it
Mon Apr 5 11:35:09 -05 2021 

Hi Colin,

> I decided to try out the new AlmaLinux 5210R.
> 
> Created a new Aventurin{e} CT and ran through the wizard.
> All fine and I was able to log in the GUI.
> Ran a yum update to check I was up to date.
> Then decided to install an LE cert. Oh dear!
> 
> Now cannot access web interface at all.
This isn't specifically an AlmaLinux issue. It happens on CentOS as well.

See:

http://mail.blueonyx.it/pipermail/blueonyx/2021-March/061918.html

To shake that situation loose you can do this:

rm -R /etc/admserv/certs/
mkdir /etc/admserv/certs/

Then restart CCEd to let it regenerate a self signed SSL certificate for
the GUI:

/usr/sausalito/sbin/cced.init restart

Restart AdmServ:

systemctl restart admserv

Check if AdmServ is running:

systemctl status admserv

Normally it now should be running *and* have the self signed
certificate. BUT: It could also be that it shows this error:

[root at alma admserv]# systemctl restart admserv
Job for admserv.service failed because the service did not take the
steps required by its unit configuration.
See "systemctl status admserv.service" and "journalctl -xe" for details.
[root at alma admserv]# systemctl status admserv
● admserv.service - SYSV: Apache is a World Wide Web server.  It is used
to serve HTML files and CGI.
   Loaded: loaded (/etc/rc.d/init.d/admserv; generated)
   Active: failed (Result: protocol) since Tue 2021-03-23 11:38:26 -05;
5s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 3717925 ExecStart=/etc/rc.d/init.d/admserv start
(code=exited, status=0/SUCCESS)
 Main PID: 11727 (code=exited, status=1/FAILURE)

Mär 23 11:38:26 alma.smd.net systemd[1]: Starting SYSV: Apache is a
World Wide Web server.  It is used to serve HTML files and CGI....
Mär 23 11:38:26 alma.smd.net admserv[3717925]: Starting admin web
server: AH00526: Syntax error on line 55 of /etc/admserv/conf.d/ssl.conf:
Mär 23 11:38:26 alma.smd.net admserv[3717925]: SSLCACertificateFile:
file '/etc/admserv/certs/ca-certs' does not exist or is empty
Mär 23 11:38:26 alma.smd.net admserv[3717925]: [FAILED]


As you can see the problem is this:

Syntax error on line 55 of /etc/admserv/conf.d/ssl.conf
SSLCACertificateFile: file '/etc/admserv/certs/ca-certs' does not exist
or is empty

The self signed SSL certificate doesn't have CA-Certs, but our
/etc/admserv/conf.d/ssl.conf still has an entry that calls for their
presence.

The fix: Edit /etc/admserv/conf.d/ssl.conf and remove this line:

SSLCACertificateFile /etc/admserv/certs/ca-certs

That allows you to then restart Admserv again:

systemctl restart admserv


-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list