[CPANEL-23772] Pure-FTPd Couldn't load the DH parameters file
hi, I just installed WHM/Cpanel on my server : Centos 7
when I go to Home >> Service Configuration >> FTP Server Selection
I selected Pure-FTPD and hit Save
then I got these errors in the logs below.
I get 2 errors I am not sure how to fix these issues?
Feb 21 03:02:14 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11108 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:16 server.xxxxx.com pure-ftpd[11312]: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem
here is log
Thanks if anyone can explain why its throwing these errors and how to fix them Spiro
FTP Configuration
Installing new FTP server.
Disabling Chksrvd monitoring
Waiting for "tailwatchd" to restart "waiting for "tailwatchd" to initialize "finished.
Service Status
tailwatchd (tailwatchd) is running as root with PID 11108 (systemd+/proc check method).
tailwatchd (tailwatchd) running as root with PID 11108 (process table check method)
tailwatchd (tailwatchd) running as root with PID 11108 (process table check method)
Startup Log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: [Wed Feb 21 03:02:14 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11108 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Started tailwatchd.
Startup Log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: [Wed Feb 21 03:02:14 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:14 server.xxxxx.com restartsrv_tailwatchd[11101]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:14 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11108 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:14 server.xxxxx.com systemd[1]: Started tailwatchd.
tailwatchd restarted successfully.
Halting pure-ftpd
Disabling pure-ftpd in init system
Switching FTP server to pure-ftpd
Updating FTP related RPMs
Enabling pure-ftpd in init system
Waiting for "pureftpd" to start ""waiting for "pureftpd" to initialize "finished.
Service Status
pure-ftpd (pure-ftpd (SERVER)) is running as root with PID 11312 (systemd+/proc check method).
Startup Log
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Started Pure-FTPd.
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Starting Pure-FTPd...
Feb 21 03:02:16 server.xxxxx.com pure-ftpd[11312]: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem
pureftpd started successfully.
Startup Log
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Started Pure-FTPd.
Feb 21 03:02:16 server.xxxxx.com systemd[1]: Starting Pure-FTPd...
Feb 21 03:02:16 server.xxxxx.com pure-ftpd[11312]: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem
pureftpd started successfully.
1
Enabling chksrvd monitoring
Waiting for "tailwatchd" to restart "waiting for "tailwatchd" to initialize "finished.
Service Status
tailwatchd (tailwatchd) is running as root with PID 11337 (systemd+/proc check method).
tailwatchd (tailwatchd) running as root with PID 11337 (process table check method)
tailwatchd (tailwatchd) running as root with PID 11337 (process table check method)
Startup Log
Feb 21 03:02:17 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: [Wed Feb 21 03:02:18 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:18 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11337 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:18 server.xxxxx.com systemd[1]: Started tailwatchd.
Startup Log
Feb 21 03:02:17 server.xxxxx.com systemd[1]: Starting tailwatchd...
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: [Wed Feb 21 03:02:18 2018] Starting /usr/local/cpanel/libexec/tailwatch/tailwatchd daemon
Feb 21 03:02:18 server.xxxxx.com restartsrv_tailwatchd[11332]: Log is at /usr/local/cpanel/logs/tailwatchd_log
Feb 21 03:02:18 server.xxxxx.com systemd[1]: tailwatchd.service: Supervising process 11337 which is not our child. We'll most likely not notice when it exits.
Feb 21 03:02:18 server.xxxxx.com systemd[1]: Started tailwatchd.
tailwatchd restarted successfully.
FTP server conversion complete
Thanks if anyone can explain why its throwing these errors and how to fix them Spiro
-
Also when restarting FTP i get this error Restarting FTP Server Waiting for "pureftpd" to restart "waiting for "pureftpd" to initialize "finished. Service Status pure-ftpd (pure-ftpd (SERVER)) is running as root with PID 19769 (systemd+/proc check method). Startup Log Feb 21 03:29:51 server.xxxx.com systemd[1]: Started Pure-FTPd. Feb 21 03:29:51 server.xxxx.com systemd[1]: Starting Pure-FTPd... Feb 21 03:29:51 server.xxxx.com pure-ftpd[19769]: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem Startup Log Feb 21 03:29:51 server.xxxx.com systemd[1]: Started Pure-FTPd. Feb 21 03:29:51 server.xxxx.com systemd[1]: Starting Pure-FTPd... Feb 21 03:29:51 server.xxxx.com pure-ftpd[19769]: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem pureftpd restarted successfully. 0 -
Couldn't load the DH parameters file
Hello, 1. Try running the following commands to see if it solves this issue (note this can take several minutes to complete):openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072 /scripts/restartsrv_pureftpd
2. As far as tailwatchd, the restart should have solved that issue. If not, please open a separate forums thread and include the output from the following command:ps aux|grep tailwatch
Thank you.0 -
Hello, 1. Try running the following commands to see if it solves this issue:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 /scripts/restartsrv_pureftpd
2. As far as tailwatchd, the restart should have solved that issue. If not, please open a separate forums thread and include the output from the following command:ps aux|grep tailwatch
Thank you.
Hello, I have a quick Question would we have better security if we were to useopenssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 4096 /scripts/restartsrv_pureftpd
or is there a reson why you suggestopenssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 /scripts/restartsrv_pureftpd
just wondering, also why is this still an issue with a fresh install of cPanel ?can you guys fix this so we dont have to do this everytime we install cPanel ? thanks so much in advance, Spiro0 -
Hello @Spirogg, 2048 was recommended in order to suppress the warning message and generate the parameters as quickly as possible. However, in order to provide 128-bit security, which is the lower bound for adequate security, Diffie-Hellman parameters should be at least 3072 bits in size. I've updated my previous post to reflect this. We stopped generating the Diffie-Hellman parameters at compile time in cPanel & WHM version 56 due to a lack of compatibility with Java version 8 (Java 8 doesn't support parameters larger than 2048 bits in size). Since it's been some time since that change was made, I've opened internal case CPANEL-23772 to explore suppressing this warning message when Pure-FTPd starts, or generating the Diffie-Hellman parameters at compile time again. I'll monitor this case and update this thread with more information as it becomes available. Thank you. 0 -
ok thanks 0 -
@cPanelMichael Hi any word on this case ? I've opened internal case CPANEL-23772 to explore suppressing this warning message when Pure-FTPd starts, or generating the Diffie-Hellman parameters at compile time again. I still need to do the following in ssh openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 /scripts/restartsrv_pureftpd
Thanks Spiro0 -
Hi any word on this case ?
Hello :) There's no update to report at this time, however the case is still open. Is this leading to any specific issues beyond the additional output that's visible when restarting Pure-FTPd? Thank you.0 -
Hello, To update, the following case is scheduled for inclusion with cPanel & WHM Version 86: " CPANEL-23772 - Create and ship 3072-bit DH parameters You can monitor Thank you. 0 -
Hello, To update, the following case is scheduled for inclusion with cPanel & WHM Version 86: " CPANEL-23772 - Create and ship 3072-bit DH parameters You can monitor Thank you.
Hello there @cPanelMichael thanks so much for the heads up and for getting them to get this working correctly :) much appreciated :)0 -
Hello, To update, the following case is scheduled for inclusion with cPanel & WHM Version 86: " CPANEL-23772 - Create and ship 3072-bit DH parameters You can monitor Thank you.
thank you @cPanelMichael & @cPanelLauren you two did it they fix this issue :) you both are the Greatest .... wishing you and your Families and the Rest of the Crew at cPanel Great Health and Stay Safe.. Best Regards, Spiro0
Please sign in to leave a comment.
Comments
11 comments