Dovecot unable to restart after SSL Certificate reset

Arvy

• August 14, 2015 22:52

Hello, my self-signed certificate would expire in 15 days. So, I reset it using WHM. Ok for FTP. Ok for Exim. Ok for Cpanel. When I did the reset for Dovecot, the service stopped to work! I tryed to restart the service in WHM, no result. Received 2 email messages from Service Monitor (unable to restart). My blood pressure was touching the moon (that's my main server!). So, after crying for some minutes, I decided to reset the certificate again. Magically everything returned to normal! Ok, now I'm fine. But, WHY this happened? Created a wrong certificate? Certificated files locked or something? The SSL reset changes something in the configuration files? Means, this procedure would crash something? Just for information, there's a way to "force a reinstall" if everything goes wrong someday? Thank you!

• 

  cPanelMichael

  • August 17, 2015 12:11

  Hello :) You can review /var/log/maillog for the time of the failure to see there are any specific error messages associated with dovecot's inability to start. There's no way to force an installation of the SSL certificate, other than by installing a new one as you did. Thank you.

  0
• 

  Arvy

  • August 17, 2015 13:01

  Hello Michael, that's the problem, there's no error! :( Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill) This was the last one. Aug 15 00:29:16 server dovecot: master: Dovecot v2.2.16 starting up for imap, pop3 (core dumps disabled) After reset (second time) the certificate... Why there's no log? :(

  0
• 

  cPanelMichael

  • August 17, 2015 14:45

  Aug 15 00:19:14 server dovecot: master: Warning: Killed with signal 15 (by pid=9466 uid=0 code=kill)

  
  Was the process killed manually, or do you have any third-party applications such as LFD installed that could have killed the process? Thank you.

  0
• 

  Arvy

  • August 17, 2015 17:41

  Hello Michael, no, the server is 100% cPanel, no customizations in the main services. Everything related to Exim/Dovecot/Apache/PureFTP/Bind is done using WHM only. I'm not absolutely sure, but I think that the same problem ocurred last year in another server too (my secondary hosting server). Thank you.

  0
• 

  cPanelMichael

  • August 17, 2015 17:53

  Are you able to reproduce the issue when resetting the SSL certificate again? Are you using the latest version of cPanel available on your build tier? Thank you.

  0
• 

  Arvy

  • August 18, 2015 17:58

  Hello Michael, yes, everytime I reset the certificate, I need to do this twice, because in the first try Dovecot doesn't start. Yes: 11.50.0 (build 29) Thanks

  0
• 

  cPanelMichael

  • August 18, 2015 18:24

  Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0
• 

  Arvy

  • August 20, 2015 00:02

  Hello Michael, it's a bugzilla or something, or you need to access the machine? If it's a bugzilla, no problem, I can help to provide more info, but if you need to access the machine, we can't because the server has some sites that we have a confidential agreement with some clients.

  0
• 

  cPanelMichael

  • August 28, 2015 13:13

  Hello :) It's possible this is related to a bug with how Dovecot restarts as opposed to the SSL certificate, as I have been unable to reproduce the issue on a test server: Fixed case FB-185937: Fix restartsrv_dovecot to use the main pid. Could you verify if the issue persists on cPanel version 11.50.1.1 (currently only available on the "Current" build tier)? Thank you.

  0
• 

  Arvy

  • August 31, 2015 13:09

  Hello Michael, thank you! In the next weeks I'll regenerate the certificates for another server that the same problem occurred last year. I'll post the results here. Thanks.

  0
• 

  cPanelMichael

  • September 11, 2015 02:57

  Hello :) I'm just following up on this thread. Were you able to reproduce the issue on the additional server? Thank you.

  0
• 

  Arvy

  • October 10, 2015 20:14

  Michael! Sorry for the loooooooooooooooog delay to answer! I really forgot. No problem detected with the second server. The certificate was updated and dovecot restarted ok. I think the problem is solved. Thanks!

  0
• 

  cPanelMichael

  • October 12, 2015 17:47

  I'm happy to see the issue is no longer occurring. Thank you for updating us with the outcome.

  0
• 

  Arvy

  • October 13, 2015 00:27

  Hello Michael, just a note: the certificate expired and the server auto-renewed it. But today I realized that Pure-FTP was still running with the old certificate. I had to restart the service to use the new certificate. Means, it changed ok, but didn't restart the FTP service to load the new certificate.

  0
• 

  cPanelMichael

  • November 11, 2015 18:48

  Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0

Please sign in to leave a comment.