Jump to content

[Solved] SSL Certificate update request


rmurthy

Recommended Posts

Can you please help with updating  SSL Certificate for the site pusuluri.heliohost.org/www.pusuluri.heliohost.org?

Uploaded to: /home/rmurthy/ssl_cert

Contains 2 files

1 - certificate file --> 0001_cert.pem

2 - path to key file(existing private key reused) --> keyfile

 

Thank you

Link to comment
Share on other sites

I tried it like 8 different times and every single time it would crash apache and everyone's websites on Ricky would all go offline until I removed your ssl certificates and restarted apache. Only a couple other certificates have done this and I'm not sure why. What service did you use to generate the certificate?

Link to comment
Share on other sites

  • Krydos changed the title to [Krydos] SSL Certificate update request

I used openssl to generate csr using the private key on my Linux machine. Then requested for letsencrypt signing using certbot manual, certonly mode. I even validated the certificate prior to copying over.

Strange it did not work. The only difference from earlier model is that I used openssl to generate csr(used to depend on Cpanel earlier - hadn't updated the certificate since Cpanel) went down.

I do this all the time for local  certificates I use for my home cloud instance where I use openssl to sign them using my own CA priv key. Let me try using the certificate in a local Apache instance and see if I can figure this out. I am currently not feeling well and might take a day or 2 to check this.

 

Link to comment
Share on other sites

The two method's that are confirmed to work is ZeroSSL's https://zerossl.com/ free 90 day certificate, and I've personally used this Windows executable project https://github.com/do-know/Crypt-LE/releases to create let's encrypt free 90 certificates that install just fine too. There was also a guy that purchased a one year certificate from somewhere and it installed just fine too. I think you're the third certificate that didn't work, but I didn't keep track of the non-working ones to compare what it was about them that caused the issue.

Link to comment
Share on other sites

  • 2 weeks later...

The same certificate, private key pair worked fine when I tried to setup an apache VH with the domain locally on my Linux machine.

Surprised that it is causing problem at your end. Is there anyway you could provide me the log/error being reported by Apache when it fails to start with the certificate. Just curious to find out what is causing this.

I have generated another letsencrypt certificate for now and copied the full package(key+cert+chain) to ssl_cert/pusuluri_letsencrypt_20220122.zip

Please let me know if you are able to install it.

I am unable to login to ricky sftp(port 1373) Login passes but client disconnects(tried both Linux and Windows sftp CLI utilities with same result). For now relying on WebDav which is ok for small file transfers. Wondering if you can help understand why this could be happening.

Thank you for your support.

Link to comment
Share on other sites

15 hours ago, rmurthy said:

Surprised that it is causing problem at your end. Is there anyway you could provide me the log/error being reported by Apache when it fails to start with the certificate. Just curious to find out what is causing this.

Looking at the log, it looks like apache doesn't know what vhost it's supposed to be using the certificate on. The vhost entry is just blank. Not sure why.

15 hours ago, rmurthy said:

I have generated another letsencrypt certificate for now and copied the full package(key+cert+chain) to ssl_cert/pusuluri_letsencrypt_20220122.zip

That one worked. There you go https://www.sslshopper.com/ssl-checker.html#hostname=pusuluri.heliohost.org

15 hours ago, rmurthy said:

I am unable to login to ricky sftp(port 1373) Login passes but client disconnects(tried both Linux and Windows sftp CLI utilities with same result). For now relying on WebDav which is ok for small file transfers. Wondering if you can help understand why this could be happening.

I tested SFTP on Ricky and it works for me, and I know SFTP is working on Ricky for a lot of other people too. Perhaps if you enabled more verbose error logs in your FTP client it would give a clue why just your account isn't connecting. Maybe a wrong password?

Link to comment
Share on other sites

  • Krydos changed the title to [Solved] SSL Certificate update request

Thank you for helping with enabling ssl. I'll probably have to figure out why vhost is not properly tagged in the certificate file to understand for future.

On the sftp front, login passes and post login sftp client exits with exit status. When using filezilla in debug mode, I see the following error messages that indicate post login an unexpected EOF response from the server

Excerpt

Command:	Pass: ********
Trace:	Sent password
Trace:	Access granted
Trace:	Opening main session channel
Trace:	Opened main channel
Trace:	Started a shell/command
Status:	Connected to ricky.heliohost.org
Trace:	Session sent command exit status 1
Error:	FATAL ERROR: Received unexpected end-of-file from SFTP server
Trace:	CSftpControlSocket::OnTerminate without error
Trace:	CControlSocket::DoClose(66)
Trace:	CControlSocket::ResetOperation(66)
Trace:	CSftpConnectOpData::Reset(66) in state 3
Error:	Could not connect to server
Trace:	CFileZillaEnginePrivate::ResetOperation(66)

 

Link to comment
Share on other sites

I am still unable to SFTP to Ricky. Using 1373 as port and trying to login with the same username and password as that I use with webdav. I see successful login in debug messages, but after that Client disconnects indicating server returned invalid respond/EOF. I have tried CLI sfto tool in both Linux & Windows as well as Filezilla and Winscp, all with the same result. The connection aborts with exit status 1. Cannot find any message that points to any missing setting.

Do you see anything in the log for SFTP that might indicate what is happening?

Link to comment
Share on other sites

Try these settings:

Protocol: FTP
Host: ricky.heliohost.org
Port: 21
Encryption: Use explicit FTP over TLS if available
Logon Type: Normal
User: rmurthy
Password: <same as SFTP>

I looked at the logs and all it shows it you logging in successfully and then disconnecting 1 second later.

Link to comment
Share on other sites

  • Krydos locked this topic
Guest
This topic is now closed to further replies.
×
×
  • Create New...