SSL Error RebuidCustomerFiles while update

    Hi there,


    I have own site with ssl enabled. System is Ubuntu 14.04 x64 with i-MSCP 1.2.1.
    Few days ago I wanted to replace the ssl files/datas in the webadmin, but I got error in the status. I could not edit later. After a while I restarted the dedicated server and ssl worked fine, but I forgot the error.
    Today I just started to upgrade the i-MSCP from 1.2.1 to 1.2.2, but the updater stopped almost in the end.


    First time I had exactly same problem like an other member had here: Upgrade to 1.1.7 - SSL Error RebuidCustomerFiles so I loged in to MySQL via console and used:

    Code
    1. SQL-QueryUPDATE ssl_certs SET ca_bundle = '';


    But now a got another error with ssl.
    Error is:

    Code
    1. [ERROR]main::setupRebuildCustomerFiles:[ERROR]main::_process: Error while processing 1, dmn, tochange.main::_process: See /var/log/imscp/SSLcertificate_module_dmn.log for more details.[FATAL]Exit code: 1


    /var/log/imscp/SSLcertificate_module_dmn.log:

    Code
    1. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Dir::make: Creating directory /var/www/imscp/gui/data/certs
    2. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Dir::mode: Changing mode for /var/www/imscp/gui/data/certs to 488
    3. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Dir::owner: Changing owner and group for /var/www/imscp/gui/data/certs to 0:0
    4. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl rsa -in '/tmp/zkphIhznOt' -noout -passin pass:dummypass
    5. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
    6. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl verify '/tmp/xfFKLJSdrs'
    7. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::Execute::getExitCode: External command exited with value 2
    8. [Sat Feb 14 00:01:53 2015] [debug] iMSCP::OpenSSL::validateCertificate: /tmp/xfFKLJSdrs: C = NO, ST = Sor-Trondelag, L = Trondheim, O = R\C3\B3bert Kiss, CN = www.club27.eu, emailAddress = [email protected]
    9. error 20 at 0 depth lookup:unable to get local issuer certificate


    How should I fix it?
    Thanks for helping! :)

    I checked. It is strange.


    Code
    1. openssl verify certificate.txtcertificate.txt: C = NO, ST = Sor-Trondelag, L = Trondheim, O = R\C3\B3bert Kiss, CN = www.club27.eu, emailAddress = [email protected] 20 at 0 depth lookup:unable to get local issuer certificateopenssl verify -CAfile bundle.pem certificate.txtcertificate.txt: OK


    I downloaded ca-bundle.crt from startssl and copied to /usr/local/share/ca-certificates and ran update-ca-certificates, but didnt help.

    Code
    1. Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate ca-bundle.pemWARNING: Skipping duplicate certificate ca-bundle.pem1 added, 0 removed; done.Running hooks in /etc/ca-certificates/update.d....done.


    I ran update-ca-certificates --fresh, but didnt help.

    Code
    1. Clearing symlinks in /etc/ssl/certs...done.
    2. Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate ca-bundle.pem
    3. WARNING: Skipping duplicate certificate ca-bundle.pem
    4. 164 added, 0 removed; done.


    Thanks for helping.

    @rocco27


    All you're doing is wrong...


    Quote from rocco27

    Source Code
    SQL-Query
    UPDATE ssl_certs SET ca_bundle = '';


    Seriously?


    Quote from rocco27

    I downloaded ca-bundle.crt from startssl and copied to /usr/local/share/ca-certificates and ran update-ca-certificates, but didnt help.
    Source Code
    Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate ca-bundle.pem
    WARNING: Skipping duplicate certificate ca-bundle.pem
    1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d....done.


    You should think before doing things ;)



    So now come a first question:


    The certificate is for a customer or for the panel?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Well you are right, I'm confused a bit.


    So I use same certification for the panel and my site too.
    I have all files what I used in the setup and for the website before.
    I tried to run perl /var/www/imscp/engine/setup/imscp-setup -dr ssl, to readd all files and password, or just disable ssl to get back the apache, but no success yet.


    I already tried to use sub.class2.server.sha2.ca.pem and sub.class2.server.sha2.ca.crt files in /usr/local/share/ca-certificates and ran update-ca-certificates, but didnt help.

    Re;


    Process step by step ;)


    1. Flush all rows from the ssl_certs table manually:


    SQL
    1. mysql -u root -p<password>> use imscp;> truncate ssl_certs;> quit;


    2. Rerun installer as follow

    Shell-Script
    1. # perl imscp-autoinstall -dasr ssl


    Answer correctly to the questions ;)


    Once done, go into the panel interface and re-add the SSL certificate for your customer.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    You're welcome ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support