Illegal Protocol SSLv2GracefulShutDownTimeout during upgrade to Plesk Panel 12

[William Hudson]

We are currently running Ubuntu 10.04.4 LTS Plesk Panel version 11.5.30 Update #41. I tried to upgrade to the V12 Plesk Panel and followed the instructions at http://kb.parallels.com/121714 for existing containers (to fix the bootstrap). However, I received a number of error messages (see attached repair log) plus several copies of the following email - also mentioned in the repair log.

Unable to generate the web server configuration file on the host <www.syntagm.co.uk> because of the following errors:

Template_Exception: Syntax error on line 243 of /etc/apache2/apache2.conf:
SSLProtocol: Illegal protocol 'SSLv2GracefulShutDownTimeout'

file: /opt/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0

Please resolve the errors in web server configuration templates and generate the file again.

At this point all of our web sites were dead, so I didn't investigate further and restored to the immediately preceeding container backup.

There is nothing notable about our Plesk installation. We've tried to keep it up to date and we are using SSL for one of the web sites, but nothing else comes to mind. We have been using it as a VPS service from Webfusion here in the UK for a couple of years.

 

[Lloyd_mcse]

I take it you tried to remove the

SSLv2GracefulShutDownTimeout

directive from /etc/apache2/apache2.conf? Or comment it out.

SSLv2 should be disabled these days anyway.

I dug out my old Ubuntu 10.04 files and I have the directive slightly different...

GracefulShutDownTimeout 3

Hope it helps

Kind regards

Lloyd

 

[William Hudson]

Thanks for getting back to me, Lloyd. No, I've not tried editing anything since I've never been very comfortable tinkering with configuration files under Plesk. In fact, the error message appears to apply to a generated conf file as opposed to the one on my system. If I have a look at the current /etc/apache2/apache2.conf file, there is no SSLv2GracefulShutDownTimeout line at all. What I have found is that there are two similar files in /etc/apache2 - one called apache2.conf and one called apache2.conf.dpkg-dist. These are almost identical (with only some white space differences) until we get to the end. The -dist version ends with the line

Include /etc/apache2/sites-enabled/

while the current .conf ends with

Include /etc/apache2/sites-enabled/
AddOutputFilter INCLUDES .shtml
AddType text/html .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
GracefulShutDownTimeout 3

SSLProtocol all -SSLv2

I am tempted to rename the current .conf and replace it with the -dist version, but I would prefer to understand what is going on. I see that there is a web configuration troubleshooter for Plesk (http://kb.parallels.com/115587) but since my current configuration is running fine, I'm not sure it will help. Some of our sites are using .shtml or .php/.phps and one is using SSL so I don't know how important the additional lines above are and whether a Plesk upgrade might cater for these requirement in a different way (do the added lines come from another configuration file, for example?).

Any enlightenment gratefully received!

 

[Lloyd_mcse]

No problem, again looking at my archived files, /etc/apache2/mods-enabled/ssl.conf should already have

SSLProtocol all -SSLv2

So it's not needed in the /etc/apache2/apache2.conf file.

If you don't edit the above ssl.conf to add/remove ciphers & protocols etc you should add them in..

/etc/apache2/conf.d/zz050-psa-disable-weak-ssl-ciphers.conf

Not forgetting to restart apache2 after editing.

Anyway I hope it helps

Kind regards

Lloyd

 

[William Hudson]

Okay, got there in the end, but it was as much fun as having a tooth pulled.

I removed the seemingly unnecessary lines from apache2.conf and reinitialized the apache2 config with '/usr/local/psa/admin/sbin/httpdmng --reconfigure-all'. Then I restarted Apache and checked that all of the possibly-affected services were still working (.shtml, php and SSL). They were.

Then I did the Plesk 12 upgrade which produced a worrying slew of error and warning messages but then completed with 'successfully installed'. The Plesk control panel wasn't working at this stage ('bad gateway' from nginx) so I assumed that I needed to do the bootstrap repair mentioned before (http://kb.parallels.com/121714). I got no Apache configuration errors this time and our web sites appeared to be working, but the bad gateway message persisted. So I uninstalled sw-nginx from the container manager, but that appears not to be such a good idea because nginx thinks it should still be working but half of its brain is missing (or some state of the world to that effect). So I then reinstalled sw-nginx from the container manager (Software Packages) and restarted the container.

Everything seems to be working now.

BTW, I tried the downloadable web configuration troubleshooter for Plesk 11.5 before the upgrade (and before I changed the apache2.conf file) but it said everything was fine.

Regards,

William