Resolved Error in web server configuration

[Dukemaster]

Hi support team,
I only wanted to activate also IPv6 for a domain and I got amazing error, but server is still running.
Can You help me please, I don't know how to resolve the problem.
I deleted the subscription with the domain after the error occured. 9 domains running.
Ubuntu 14.04.5 LTS by (1and1), ONYX 17.5.3#1, Nginx as Proxy, Php 7.1.3 FPM by Apache
This is the error message:

Unable to generate the web server configuration file on the host <XYZ.server.info> because of the following errors:

Template_Exception: nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-DHEh27") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-DHEh27','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

file: /opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0

Please resolve the errors in web server configuration templates and generate the file again.

In nginx/conf.d I have only the standard files to activate hsts strict, gzip and ssl ciphers
001_own_additional.conf:

ssl_session_timeout 10m;
ssl_session_cache shared:SSL:50m;

add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security 'max-age=15768000;includeSubDomains';

ssl.conf:

ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

gzip.conf

gzip on;
gzip_disable "MSIE [1-6]\\.(?!.*SV1)";
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp image/svg+xml application/javascript application/js application/xhtml+xml application/rss+xml application/x-font-ttf application/vnd.ms-fontobject font/opentype font/ttf font/eot font/otf image/jpg image/jpeg image/png image/gif application/json;
gzip_vary on;

Greets

 

[IgorG]

Try this one Nginx configuration test failed after changing SSL certificate

 

[Dukemaster]

Thanks a lot @IgorG
test and reconfiguration failed by:

root:~# /usr/local/psa/admin/bin/httpdmng --reconfigure-server
[2017-03-30 11:49:28] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/nginx-config' '-t'] with exit code [1]
[2017-03-30 11:49:31] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/nginx-config' '-t'] with exit code [1]
[2017-03-30 11:49:32] ERR [panel] Apache config (14908673670.79884400) generation failed: Template_Exception: nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-DHEh27") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-DHEh27','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

file: /opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-DHEh27") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-DHEh27','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

root:~# nginx -t
nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-DHEh27") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-DHEh27','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
root:~#

Greets

 

[Dukemaster]

Edit: nginx is not running and restart over panel/shell is not possible
By clicking the second link in error message in domain setting I get the following message as you can also see in the screen.

Edit: nginx is not running and restart over panel is not possible
By clicking the second link in error message in domain setting I get the following message as you can also see in the screen.

Konfigurieren des Webservers nicht möglich:Execution failed. Command: httpdmng Arguments: Array ( [0] => --reconfigure-all ) Details:
Error occured while sending feedback. HTTP code returned: 502 Error occured while sending feedback. HTTP code returned: 502 Execution failed.
Command: httpdmng Arguments: Array ( [0] => --reconfigure-server [1] => -no-restart ) Details: [2017-03-30 14:02:57] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/nginx-config' '-t'] with exit code [1] Error occured while sending feedback. HTTP code returned: 502 [2017-03-30 14:02:58] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/nginx-config' '-t'] with exit code [1] Error occured while sending feedback. HTTP code returned: 502 [2017-03-30 14:02:58] ERR [panel] Apache config (14908753760.03736800) generation failed:
Template_Exception: nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-DHEh27") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-DHEh27','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed file: /opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php line: 75 code: 0 Error occured while sending feedback.
HTTP code returned: 502 nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-DHEh27") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-DHEh27','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed

 

[Dukemaster]

I looked in /var/log/apache2
Think it has to do with the Upgrade to Onyx 17.5.3 due to my configurations.
Would be great if someone could help to solve the problem. Could give a trusted team member access if necessary.
Thanks

[Sun Mar 26 06:45:24.094652 2017] [auth_digest:notice] [pid 2508] AH01757: generating secret for digest authentication ...
[Sun Mar 26 06:45:24.095955 2017] [:notice] [pid 2508] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Sun Mar 26 06:45:24.095971 2017] [:notice] [pid 2508] mod_python: using mutex_directory /tmp
[Sun Mar 26 06:45:24.114978 2017] [ssl:warn] [pid 2508] AH01909: webmail.123.server.domain:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 06:45:24.115485 2017] [ssl:warn] [pid 2508] AH01909: webmail.123.server.domain:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 06:45:24.115817 2017] [ssl:warn] [pid 2508] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 06:45:24.116106 2017] [ssl:warn] [pid 2508] AH01909: default-2001_8d8_966_e900__7a_cc95:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 06:45:24.116394 2017] [ssl:warn] [pid 2508] AH01909: default-IPv4:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 06:45:24.116729 2017] [mpm_prefork:notice] [pid 2508] AH00163: Apache/2.4.10 (Ubuntu) mod_fcgid/2.3.9 mod_python/3.3.1 Python/2.7.6 OpenSSL/1.0.1f mod_perl/2.0.8 Perl/v5.18.2 configured -- resuming normal operations
[Sun Mar 26 06:45:24.116743 2017] [core:notice] [pid 2508] AH00094: Command line: '/usr/sbin/apache2'
[Sun Mar 26 16:49:42.466203 2017] [cgi:error] [pid 12747] [client 103.68.223.210:60704] script not found or unable to stat: /var/www/vhosts/default/cgi-bintest-cgi
[Mon Mar 27 22:55:01.606777 2017] [mpm_prefork:notice] [pid 2508] AH00169: caught SIGTERM, shutting down
[Mon Mar 27 22:55:03.086400 2017] [ssl:warn] [pid 14303] AH01909: webmail.123.server.domain:443:0 server certificate does NOT include an ID which matches the server name
[Mon Mar 27 22:55:03.086901 2017] [ssl:warn] [pid 14303] AH01909: webmail.123.server.domain:443:0 server certificate does NOT include an ID which matches the server name
[Mon Mar 27 22:55:03.087229 2017] [ssl:warn] [pid 14303] AH01909: lists:443:0 server certificate does NOT include an ID which matches the server name
[Mon Mar 27 22:55:03.087517 2017] [ssl:warn] [pid 14303] AH01909: default-2001_8d8_966_e900__7a_cc95:443:0 server certificate does NOT include an ID which matches the server name
[Mon Mar 27 22:55:03.087806 2017] [ssl:warn] [pid 14303] AH01909: default-IPv4:443:0 server certificate does NOT include an ID which matches the server name
[Mon Mar 27 22:55:03.087921 2017] [suexec:notice] [pid 14303] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Mar 27 22:55:03.149585 2017] [auth_digest:notice] [pid 14304] AH01757: generating secret for digest authentication ...
[Mon Mar 27 22:55:03.151713 2017] [:notice] [pid 14304] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Mon Mar 27 22:55:03.151725 2017] [:notice] [pid 14304] mod_python: using mutex_directory /tmp
[Mon Mar 27 22:55:03.171175 2017] [ssl:warn] [pid 14304] AH01909: webmail.123.server.domain:443:0 server certificate

 

[UFHH01]

Hi Dukemaster,

unfortunately, you missed the advantages, that you have, when you use the Plesk component "Webserver Configurations Troubleshooter". It is far easier to use and could point you directly to possible issues/errors/problems, when generating webserver - configuration files.

Pls. use the command:

plesk installer --select-product-id plesk --select-release-current --install-component config-troubleshooter

or choose the component over your "HOME > Tools & Settings > Updates & Upgrades" - Site: => Plesk Extensions > Plesk Web Server Configuration Troubleshooter​

You are now able to move to "HOME > Extensions > My Extensions > Webserver Configurations Troubleshooter" and you can see immediately, which current webserver - configuration files need to be regenerated or/and have misconfigurations. Each file can be regenerated individually, apache/nginx can be stopped and started, the configuration can be checked and the options are quite self-explaining, when you use the extension. Maybe you give it a try to solve your current issue?

 

[Dukemaster]

Hello and thanks a lot @UFHH01 . With Troubleshooter I was able to delete the second problem with a old unnecessary domain-ID in PSA Database.
GREAT
But the main problem is the missing certificate "cert-DHEh27" in /opt/psa/var/certificates/cert-DHEh27
I asked someone very familiar with server administration, but not so much with Plesk. We think it is not possible to solve this issue by troubleshooter.

Would be wonderful if You or someone else could tell us where to get this certificate, or how to check why it is not generated.

Lots of greets

 

[UFHH01]

Hi Dukemaster,

pls. identify the configuration file, which uses the cert "cert-DHEh27" with for example:

For apache - webserver - configuration files:

find /etc/apache2 -type f -name "*.conf" -exec grep --color -Hni "cert-DHEh27"  {} \;

( or on CentOS/RHEL based systems )

find /etc/httpd -type f -name "*.conf" -exec grep --color -Hni "cert-DHEh27"  {} \;

For nginx - webserver - configuration files:

find /etc/nginx -type f -name "*.conf" -exec grep --color -Hni "cert-DHEh27"  {} \;

Let's assume, that you found the missing certificate file at:

/etc/apache2/plesk.conf.d/server.conf

and

/etc/nginx/plesk.conf.d/server.conf

pls. consider to rename the files with for example:

mv /etc/apache2/plesk.conf.d/server.conf /etc/apache2/plesk.conf.d/server.conf.backup
mv /etc/nginx/plesk.conf.d/server.conf /etc/nginx/plesk.conf.d/server.conf.backup

... and rebuild your webserver - configuration files again with the command:

/usr/local/psa/admin/bin/httpdmng --reconfigure-server

or

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

 

[Dukemaster]

Hey, @UFHH01 & @IgorG
THANKS A LOT
Pretty good... webmail was the prob., watch this screen, guys

 

[andreapastina]

Hi, same problem on a ovh vps unmanaged. Trying to solve it reconfiguring server but stille not working.
This is whay i receive:

Unable to generate the web server configuration file on the host <stock.ovh> because of the following errors:

Template_Exception: Can not restart web server: Apache is down, start it instead of graceful
Apache is down, start it instead of graceful

file: /opt/psa/admin/plib/Service/Driver/Web/Server/Apache.php
line: 122
code: 0

Can anyone help me? Thanks