Cannot start Directadmin service after certificate renewal

kimbo

Verified User
Joined
Apr 23, 2013
Messages
57
I just renewed my certificate and when I restart the DA service I get the following error:
Redirecting to /bin/systemctl restart directadmin.service
Job for directadmin.service failed because a configured resource limit was exceeded. See "systemctl status directadmin.service" and "journalctl -xe" for details.


The logfile:
2018:11:30-00:04:07: error loading certificate key
2018:11:30-00:04:07: error:2006D002:BIO routines:BIO_new_file:system lib

Permissions are ok:
-r-------- 1 diradmin diradmin 2407 Nov 29 21:04 cacert.pem
-rw------- 1 diradmin diradmin 2910 Nov 29 23:45 cakey.pem

Tried different stuff and cannot get it to work.
Any advise? thx
 
Hello,

Wrong cert and key? They do not match each other?


Code:
cd /usr/local/directadmin/conf

openssl pkey -in cakey.pem -pubout -outform pem | sha256sum



openssl x509 -in cacert.pem -pubkey -noout -outform pem | sha256sum


the strings should match. If they differ you should either re-issue your cert or find a matching key/cert pair.
 
Hello,

Wrong cert and key? They do not match each other?


Code:
cd /usr/local/directadmin/conf

openssl pkey -in cakey.pem -pubout -outform pem | sha256sum



openssl x509 -in cacert.pem -pubkey -noout -outform pem | sha256sum


the strings should match. If they differ you should either re-issue your cert or find a matching key/cert pair.

Hi Alex,

This is the output I get from the first command:

unable to load key
139764678092688:error:0906D06C:pEM routines:pEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY
 
Check the content of the file cakey.pem then. It might be corrupted...

I requested a recreation of the certificate. I think something went wrong. But it works on the website and not directadmin. :confused:
 
See now some errors in my exim log:

2018-12-11 08:56:56 TLS error on connection from [xxx.xxx.xxx.xxx] (SSL_CTX_use_certificate_chain_file file=/etc/exim.cert): error:0906D066:pEM routines:pEM_read_bio:bad end line
 
Back
Top