Results 1 to 8 of 8

Thread: Cannot start Directadmin service after certificate renewal

  1. #1
    Join Date
    Apr 2013
    Posts
    30

    Exclamation Cannot start Directadmin service after certificate renewal

    I just renewed my certificate and when I restart the DA service I get the following error:
    Redirecting to /bin/systemctl restart directadmin.service
    Job for directadmin.service failed because a configured resource limit was exceeded. See "systemctl status directadmin.service" and "journalctl -xe" for details.


    The logfile:
    2018:11:30-00:04:07: error loading certificate key
    2018:11:30-00:04:07: error:2006D002:BIO routines:BIO_new_file:system lib

    Permissions are ok:
    -r-------- 1 diradmin diradmin 2407 Nov 29 21:04 cacert.pem
    -rw------- 1 diradmin diradmin 2910 Nov 29 23:45 cakey.pem

    Tried different stuff and cannot get it to work.
    Any advise? thx

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,498
    Hello,

    Wrong cert and key? They do not match each other?


    Code:
    cd /usr/local/directadmin/conf
    
    openssl pkey -in cakey.pem -pubout -outform pem | sha256sum
    
    
    
    openssl x509 -in cacert.pem -pubkey -noout -outform pem | sha256sum

    the strings should match. If they differ you should either re-issue your cert or find a matching key/cert pair.

  3. #3
    Join Date
    Apr 2013
    Posts
    30
    Quote Originally Posted by zEitEr View Post
    Hello,

    Wrong cert and key? They do not match each other?


    Code:
    cd /usr/local/directadmin/conf
    
    openssl pkey -in cakey.pem -pubout -outform pem | sha256sum
    
    
    
    openssl x509 -in cacert.pem -pubkey -noout -outform pem | sha256sum

    the strings should match. If they differ you should either re-issue your cert or find a matching key/cert pair.
    Hi Alex,

    This is the output I get from the first command:

    unable to load key
    139764678092688:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:707:Expecting: ANY PRIVATE KEY

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,498
    Check the content of the file cakey.pem then. It might be corrupted...

  5. #5
    Join Date
    Apr 2013
    Posts
    30
    Quote Originally Posted by zEitEr View Post
    Check the content of the file cakey.pem then. It might be corrupted...
    I requested a recreation of the certificate. I think something went wrong. But it works on the website and not directadmin.

  6. #6
    Join Date
    Apr 2013
    Posts
    30

    Cool Solved!

    Quote Originally Posted by zEitEr View Post
    Check the content of the file cakey.pem then. It might be corrupted...
    So I re-issued the certificate and now it seems to be ok. Thanks for the advice!

  7. #7
    Join Date
    Apr 2013
    Posts
    30
    See now some errors in my exim log:

    2018-12-11 08:56:56 TLS error on connection from [xxx.xxx.xxx.xxx] (SSL_CTX_use_certificate_chain_file file=/etc/exim.cert): error:0906D066:PEM routines:PEM_read_bio:bad end line

  8. #8
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,498
    The same cause I believe, you need to reinstall the cert for Exim too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •