First of all: Apache was still running just fine .. .. As it seemed .. ..
Read until the end, you may solve it in 3 lines .. ..
I went a different route.
It is difficult to use directadmin to solve problems if you cannot login.
And then, diagnosing the problem using SSH0 is as well challenging for some.
The error is there. Clear.
tail /var/log/directadmin/error.log
2020:09:01-10:14:22: error loading certificate key: error:00000000:lib(0):func(0):reason(0)
2020:09:01-10:19:02: error loading certificate key: error:00000000:lib(0):func(0):reason(0)
A never ending list of the same error.
So there is a certificate problem?
I thought, okay, maybe start with yum update "ca*" to update the local certificates (this is Centos 7.4).
That did not help. yum update "ssl*" was up to date as well.
Debug DA:
cd /usr/local/directadmin
./directadmin b9000
In the end I found these important lines:
Sockets::initSSL: SSL_use_certificate_file:/usr/local/directadmin/conf/carootcert.pem
Sockets::initSSL: SSL_use_PrivateKey_file:/usr/local/directadmin/conf/cakey.pem
error loading certificate key
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
error loading certificate key: error:00000000:lib(0):func(0):reason(0)
Aha, let's Google with this info since it is a little more detailled .. ..
This made me do research in the direction of the certificate key.
But in mean while I tried https://help.directadmin.com/item.php?id=629
Ah well. It did not work, okay.
(**note: but having done this, now Apache did not start after a restart as it started complaining about a certificate error as well).
I was not sure how to proceed. Looking for 'directadmin generate new key' I got to many hits pointing in the wrong direction.
And later on I found out Apache was no longer running, so letsencrypt could AS WELL no longer work.
Of course I started directadmin in NON-SSL mode to at least have that running.
In the end I saw I overlooked one of the very first hits:
I thought it was too old to be useful nowadays.
But what did I do?
I went did
cd /usr/local/directadmin/conf
mv cakey.pem cakey_OLD.pem
Then I edited
nano /etc/httpd/conf/httpd.conf
And I placed a # in front of
Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-vhosts.conf
and saved the file and restart httpd
systemctl start httpd
No errors: now I can use letsencrypt
I generated the new private key, and certificate
Installing an SSL certificate for your hostname using LetsEncrypt
After a little waiting time (restarting / starting services) I saw I had again access to https://yourdomain.com:2222/ which means the new key and certificate are okay.
Then I did
nano /etc/httpd/conf/httpd.conf
to remove those 2 hashes which I had put in there
(note: I could have copied the original in the first place, but I am comfortable editing all files).
systemctl restart httpd
No errors.
--> DA and Apache (and exim and ftp) are all running again.
I have NO CLUE why this happened, this server has been running free of errors (and no domains hosting on it as it is a backup server) so something must have gone wrong with the letsencrypt update.
Next time I will be able to find my detailed text here (as well via Google) and if apache is still running, I will immediately do
cd /usr/local/directadmin/conf
mv cakey.pem cakey_OLD.pem
And do what is given in https://help.directadmin.com/item.php?id=629:
example: /usr/local/directadmin/scripts/letsencrypt.sh request_single yourdomain.com 4096
O, and to do some cleaning up, don't forget to delete cakey_OLD.pem
I hope this has helped someone (in the future).
Read until the end, you may solve it in 3 lines .. ..
I went a different route.
It is difficult to use directadmin to solve problems if you cannot login.
And then, diagnosing the problem using SSH0 is as well challenging for some.
The error is there. Clear.
tail /var/log/directadmin/error.log
2020:09:01-10:14:22: error loading certificate key: error:00000000:lib(0):func(0):reason(0)
2020:09:01-10:19:02: error loading certificate key: error:00000000:lib(0):func(0):reason(0)
A never ending list of the same error.
So there is a certificate problem?
I thought, okay, maybe start with yum update "ca*" to update the local certificates (this is Centos 7.4).
That did not help. yum update "ssl*" was up to date as well.
Debug DA:
cd /usr/local/directadmin
./directadmin b9000
In the end I found these important lines:
Sockets::initSSL: SSL_use_certificate_file:/usr/local/directadmin/conf/carootcert.pem
Sockets::initSSL: SSL_use_PrivateKey_file:/usr/local/directadmin/conf/cakey.pem
error loading certificate key
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
error loading certificate key: error:00000000:lib(0):func(0):reason(0)
Aha, let's Google with this info since it is a little more detailled .. ..
This made me do research in the direction of the certificate key.
But in mean while I tried https://help.directadmin.com/item.php?id=629
Ah well. It did not work, okay.
(**note: but having done this, now Apache did not start after a restart as it started complaining about a certificate error as well).
I was not sure how to proceed. Looking for 'directadmin generate new key' I got to many hits pointing in the wrong direction.
And later on I found out Apache was no longer running, so letsencrypt could AS WELL no longer work.
Of course I started directadmin in NON-SSL mode to at least have that running.
In the end I saw I overlooked one of the very first hits:
I thought it was too old to be useful nowadays.
But what did I do?
I went did
cd /usr/local/directadmin/conf
mv cakey.pem cakey_OLD.pem
Then I edited
nano /etc/httpd/conf/httpd.conf
And I placed a # in front of
Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-vhosts.conf
and saved the file and restart httpd
systemctl start httpd
No errors: now I can use letsencrypt
I generated the new private key, and certificate
Installing an SSL certificate for your hostname using LetsEncrypt
After a little waiting time (restarting / starting services) I saw I had again access to https://yourdomain.com:2222/ which means the new key and certificate are okay.
Then I did
nano /etc/httpd/conf/httpd.conf
to remove those 2 hashes which I had put in there
(note: I could have copied the original in the first place, but I am comfortable editing all files).
systemctl restart httpd
No errors.
--> DA and Apache (and exim and ftp) are all running again.
I have NO CLUE why this happened, this server has been running free of errors (and no domains hosting on it as it is a backup server) so something must have gone wrong with the letsencrypt update.
Next time I will be able to find my detailed text here (as well via Google) and if apache is still running, I will immediately do
cd /usr/local/directadmin/conf
mv cakey.pem cakey_OLD.pem
And do what is given in https://help.directadmin.com/item.php?id=629:
example: /usr/local/directadmin/scripts/letsencrypt.sh request_single yourdomain.com 4096
O, and to do some cleaning up, don't forget to delete cakey_OLD.pem
I hope this has helped someone (in the future).