My server was rebooted by our VPS host. After this DirectAdmin has come back up but none of our sites are available:
What I've done so far:
The SSL errors persisit and look like the root cause. Sites are still down.
$ nano /var/log/directadmin/error.log
Checked the hostname certificate for this service from my machine (I've replaced my hostname with example.com in the text below):
Found a post on this error code https://superuser.com/questions/297889/does-openssl-errno-104-mean-that-sslv2-is-disabled
Firefox Reports the following when I navigate to any http or https page:
I've rebuilt Openlitespeed and OpenSSH
I'd really appreciate if anyone has ideas where I could dig for clues on this? I've been at this for a few hours and don't know where else to look?
- Running Centos8 + Openlitespeed
- I can login to Directadmin on port 2222 and I have SSH access.
- All other http & https traffic seems down
What I've done so far:
- I restarted httpd and checked logs. Did anything that pointed to an http issue
- I first noticed symptoms of directadmin's PID file not being written. I've followed: https://forum.directadmin.com/threads/directadmin-service-never-wrote-its-pid-file.57435/
- I've rebuilt all binaries with Custombuild as a result of some of the ssl errors after following this thread. After much troubleshooting and running DirectAdmin in debug mode the PID error disappeared.
The SSL errors persisit and look like the root cause. Sites are still down.
$ nano /var/log/directadmin/error.log
Code:
2020:05:14-13:45:02: Can't connect to ssl!
2020:05:14-13:45:02: -> A failure in the SSL library occurred, usually a protocol error.
2020:05:14-13:45:02: -> error:00000001:lib(0):func(0):reason(1)
2020:05:14-14:22:22: Can't connect to ssl!
2020:05:14-14:22:22: ->syscall
2020:05:15-12:49:38: Can't connect to ssl!
2020:05:15-12:49:38: ->syscall
2020:05:15-12:49:43: SSL Socket write error (ret=-1): Some I/O error occurred. The OpenSSL error queue may contain more information on the error. I$
openssl error queue:
empty error queue. ret=-1
errno: Broken pipe
2020:05:15-12:55:00: Can't connect to ssl!
2020:05:15-12:55:00: ->syscall
2020:05:15-15:41:29: Can't connect to ssl!
2020:05:15-15:41:29: ->syscall
Checked the hostname certificate for this service from my machine (I've replaced my hostname with example.com in the text below):
Code:
openssl s_client -servername example.com -host example.com -port 443 | grep 'Verify return code'
write:errno=104
Verify return code: 0 (ok)
Found a post on this error code https://superuser.com/questions/297889/does-openssl-errno-104-mean-that-sslv2-is-disabled
At least on Linux, 104 is ECONNRESET for "Connection reset by peer" – in other words, the connection was forcibly closed with a TCP RST packet, either sent out by the server or spoofed by an intermediary.
I would try Wireshark/tshark on the Ubuntu server to see what actually gets sent. If the RST is real, it could be that the httpd process died – check the log files and dmesg just in case.
- I've tried rebuilding the hostname cert but found letsencrypt. However letsencrypt can't navigate to it's webserver to validate a new SSL cert.
- Qualasys obviously is no help here Anyone have ideas where else I could lookeither since the webserver can't serve a page as a result of the error.
- Tried disabling ssl for a domain to see if I can get to a domain without SSL. No access to this domain.
Firefox Reports the following when I navigate to any http or https page:
Code:
Secure Connection Failed
An error occurred during a connection to www.atservice.co.za. PR_CONNECT_RESET_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
I've rebuilt Openlitespeed and OpenSSH
I'd really appreciate if anyone has ideas where I could dig for clues on this? I've been at this for a few hours and don't know where else to look?