EHCP Force Support > Bugs
Certificate File Placement Bug with Apache failure!
(1/1)
Loren Tedford:
So for adding ssl for domains using let's encrypt doesn't work correctly with apache2 and causes apache2 to fail on restart. Apparently Apache template isn't pointing in the right place and it doesn't seem to update properly when you add a domain name to the panel and then add an ssl certificate to it.
--- Code: ---root@ehcp:/var/www/vhosts# service apache2 status
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Sun 2019-12-29 00:08:06 UTC; 2min 22s ago
Process: 31706 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
Process: 31692 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=1/FAILURE)
Process: 32039 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 30583 (code=exited, status=0/SUCCESS)
Dec 29 00:08:06 ehcp systemd[1]: Starting The Apache HTTP Server...
Dec 29 00:08:06 ehcp apachectl[32039]: AH00526: Syntax error on line 165 of /var/www/new/ehcp/apachehcp.conf:
Dec 29 00:08:06 ehcp apachectl[32039]: SSLCertificateFile: file '/var/www/vhosts/loren/kc9zhv.com/phptmpdir/server.crt' doe
Dec 29 00:08:06 ehcp apachectl[32039]: Action 'start' failed.
Dec 29 00:08:06 ehcp apachectl[32039]: The Apache error log may have more information.
Dec 29 00:08:06 ehcp systemd[1]: apache2.service: Control process exited, code=exited status=1
Dec 29 00:08:06 ehcp systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 29 00:08:06 ehcp systemd[1]: Failed to start The Apache HTTP Server.
--- End code ---
The domain I added the ssl to was https://towclaim.com
Domains on this server are:
https://Lorentedford.com
https://voipham.com
https://Ltcraft.net
https://newwavesucks.com
https://kc9zhv.com
https://towclaim.com
https://ilhamradio.org
Some are using the ssl certificate some are not for some reason.
Here is a copy of the apache2 template for lorentedford.com
--- Code: ---#____________start of lorentedford.com__paneluser:{panelusername}_reseller:{reseller}_id:{id}____________
# Comment: {aciklama}
# template with ssl
# this file used in Easy Hosting Control Panel (ehcp), www.ehcp.net
<VirtualHost *:443>
ServerName webmail.lorentedford.com
ServerAlias email.lorentedford.com
ServerAlias mail.lorentedford.com
DocumentRoot {ehcpdir}/webmail
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/webmail/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}/webmail:/tmp:/var/www/php_sessions:/usr/share:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube; \n upload_tmp_dir=/tmp; \n session.save_path=/var/www/php_sessions;"
SSLEngine on
SSLCertificateFile /var/www/vhosts/loren/lorentedford.com/phptmpdir/server.crt
SSLCertificateKeyFile /var/www/vhosts/loren/lorentedford.com/phptmpdir/server.key
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName webmail2.lorentedford.com
ServerAlias email2.lorentedford.com
ServerAlias mail2.lorentedford.com
DocumentRoot {ehcpdir}/webmail2
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/webmail2/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}/webmail2; \n upload_tmp_dir={ehcpdir}/webmail2/data; \n session.save_path={ehcpdir}/webmail2/data;"
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName cpanel.lorentedford.com
ServerAlias panel.lorentedford.com
ServerAlias ehcp.lorentedford.com
ServerAlias cp.lorentedford.com
DocumentRoot {ehcpdir}
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}:/usr/share/php:/usr/share/pear"
<Files ~ "\.conf$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.txt$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.log$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.sh$">
Order allow,deny
Deny from all
</Files>
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName lorentedford.com
ServerAlias www.lorentedford.com {wildcarddomain} # this is changed to *.lorentedford.com within classapp.php
# buraya aliaslar yazilacak..
{aliases}
UseCanonicalName Off
DocumentRoot {homedir}/httpdocs
DirectoryIndex index.htm index.html index.php
# this combined log format is understandable by webalizer... some other formats are not recognised by webalizer.. thats why, specified here explicitly..
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9000{homedir}/httpdocs/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={homedir}:/usr/share/php:/usr/share/pear; \n upload_tmp_dir={homedir}/phptmpdir; \n session.save_path={homedir}/phptmpdir;"
AccessFileName .htaccess
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
{customhttp}
{root_password_protected_dirs}
{password_protected_dirs}
{webstats_password_protection}
</VirtualHost>
#____________end of lorentedford.com__paneluser:{panelusername}_reseller:{reseller}_id:{id}____________
# end template with ssl
--- End code ---
Here is an example of apche2 template for ilhamradio.org
--- Code: ---#____________start of ilhamradio.org__paneluser:{panelusername}_reseller:{reseller}_id:{id}____________
# Comment: {aciklama}
# template with ssl
# this file used in Easy Hosting Control Panel (ehcp), www.ehcp.net
<VirtualHost *:443>
ServerName webmail.ilhamradio.org
ServerAlias email.ilhamradio.org
ServerAlias mail.ilhamradio.org
DocumentRoot {ehcpdir}/webmail
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/webmail/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}/webmail:/tmp:/var/www/php_sessions:/usr/share:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube; \n upload_tmp_dir=/tmp; \n session.save_path=/var/www/php_sessions;"
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName webmail2.ilhamradio.org
ServerAlias email2.ilhamradio.org
ServerAlias mail2.ilhamradio.org
DocumentRoot {ehcpdir}/webmail2
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/webmail2/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}/webmail2; \n upload_tmp_dir={ehcpdir}/webmail2/data; \n session.save_path={ehcpdir}/webmail2/data;"
SSLEngine on
SSLCertificateFile /var/www/vhosts/loren/ilhamradio.org/phptmpdir/server.crt
SSLCertificateKeyFile /var/www/vhosts/loren/ilhamradio.org/phptmpdir/server.key
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName cpanel.ilhamradio.org
ServerAlias panel.ilhamradio.org
ServerAlias ehcp.ilhamradio.org
ServerAlias cp.ilhamradio.org
DocumentRoot {ehcpdir}
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}:/usr/share/php:/usr/share/pear"
<Files ~ "\.conf$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.txt$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.log$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.sh$">
Order allow,deny
Deny from all
</Files>
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName ilhamradio.org
ServerAlias www.ilhamradio.org {wildcarddomain} # this is changed to *.ilhamradio.org within classapp.php
# buraya aliaslar yazilacak..
{aliases}
UseCanonicalName Off
DocumentRoot {homedir}/httpdocs
DirectoryIndex index.htm index.html index.php
# this combined log format is understandable by webalizer... some other formats are not recognised by webalizer.. thats why, specified here explicitly..
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9000{homedir}/httpdocs/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={homedir}:/usr/share/php:/usr/share/pear; \n upload_tmp_dir={homedir}/phptmpdir; \n session.save_path={homedir}/phptmpdir;"
AccessFileName .htaccess
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
{customhttp}
{root_password_protected_dirs}
{password_protected_dirs}
{webstats_password_protection}
</VirtualHost>
#____________end of ilhamradio.org__paneluser:{panelusername}_reseller:{reseller}_id:{id}____________
# end template with ssl
--- End code ---
Here is an apache2 example we have for Ltcraft.net
--- Code: ---#____________start of ltcraft.net__paneluser:{panelusername}_reseller:{reseller}_id:{id}____________
# Comment: {aciklama}
# template with ssl
# this file used in Easy Hosting Control Panel (ehcp), www.ehcp.net
<VirtualHost *:443>
ServerName webmail.ltcraft.net
ServerAlias email.ltcraft.net
ServerAlias mail.ltcraft.net
DocumentRoot {ehcpdir}/webmail
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/webmail/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}/webmail:/tmp:/var/www/php_sessions:/usr/share:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube; \n upload_tmp_dir=/tmp; \n session.save_path=/var/www/php_sessions;"
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName webmail2.ltcraft.net
ServerAlias email2.ltcraft.net
ServerAlias mail2.ltcraft.net
DocumentRoot {ehcpdir}/webmail2
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/webmail2/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}/webmail2; \n upload_tmp_dir={ehcpdir}/webmail2/data; \n session.save_path={ehcpdir}/webmail2/data;"
SSLEngine on
SSLCertificateFile /var/www/vhosts/loren/ltcraft.net/phptmpdir/server.crt
SSLCertificateKeyFile /var/www/vhosts/loren/ltcraft.net/phptmpdir/server.key
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName cpanel.ltcraft.net
ServerAlias panel.ltcraft.net
ServerAlias ehcp.ltcraft.net
ServerAlias cp.ltcraft.net
DocumentRoot {ehcpdir}
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9001{ehcpdir}/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={ehcpdir}:/usr/share/php:/usr/share/pear"
<Files ~ "\.conf$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.txt$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.log$">
Order allow,deny
Deny from all
</Files>
<Files ~ "\.sh$">
Order allow,deny
Deny from all
</Files>
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
</VirtualHost>
<VirtualHost *:443>
ServerName ltcraft.net
ServerAlias www.ltcraft.net {wildcarddomain} # this is changed to *.ltcraft.net within classapp.php
# buraya aliaslar yazilacak..
{aliases}
UseCanonicalName Off
DocumentRoot {homedir}/httpdocs
DirectoryIndex index.htm index.html index.php
# this combined log format is understandable by webalizer... some other formats are not recognised by webalizer.. thats why, specified here explicitly..
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%v:%p %h %l %u %t \"%{Host}i\" \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_host
CustomLog {homedir}/logs/access_log combined
CustomLog /var/log/apache2/access_log_multi.log vhost_combined_host
ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9000{homedir}/httpdocs/$1
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir={homedir}:/usr/share/php:/usr/share/pear; \n upload_tmp_dir={homedir}/phptmpdir; \n session.save_path={homedir}/phptmpdir;"
AccessFileName .htaccess
SSLEngine on
SSLCertificateFile {ssl_cert_path}
SSLCertificateKeyFile {ssl_cert_key_path}
{ssl_cert_chain_setting_with_path}
{customhttp}
{root_password_protected_dirs}
{password_protected_dirs}
{webstats_password_protection}
</VirtualHost>
#____________end of ltcraft.net__paneluser:{panelusername}_reseller:{reseller}_id:{id}____________
# end template with ssl
--- End code ---
Every one of the domains listed has got a let's encrypt key but doesn't show up for some reason by default correctly.
earnolmartin:
Remove all custom certificates and then try using Let's Encrypt. Let's Encrypt certificates are never stored in the /phptmpdir. They will be found and are referenced by the config files in /etc/letsencrypt
Navigation
[0] Message Index
Go to full version