Issue Key file: /opt/drweb/drweb32.key - Key file was not found / TLS Versions or Ciphers?

[TimReeves]

Last night drwebd could not be restarted after updates - on ALL the servers I manage. See error message in title.

I also see in the status messages:
Plesk authorization failed: HTTP request error [35]

Yesterday I used the facility of SSLit! to sync protocolls and ciphers to Mozilla Intermediate 5.0 (the recommended version) - which is now only TLS 1.2 and 1.3, and more secure cyphers.

Can it be that drwebd fails on these protocolls or cyphers?

I am aware of some forum entries and Plesk KB solutions which address aspects of this problem - but not exactly this problem. Obviously I can't reinstall drwebd on all servers every day - and it probably would not work anyway, I need a solution that allows me to keep the intermediate 5.0 from Mozilla but that also allows drwebd to work. An update of drwebd on the systems I use - Debian 9 and 10 - sounds like the way to go to me.

Can someone from Plesk team look into this please - I can't imagine that I will be the only one affected...

Cheers, Tim

 

[TimReeves]

@IgorG Hey Igor, on all my servers drwebd is still not running - can someone have a look at this issue please?!
Thanks,
Tim

 

[IgorG]

There was bug #PPPM-5740 "Premium Antivirus by Dr.Web now works without a license key installed when TLSv1 is disabled for sw-cp-server."
But AFAIK it was fixed in August Plesk update.
You could try to fix it with adding TLSv1 in the ssl_protocols in the /etc/sw-cp-server/conf.d/ssl.conf, e.g:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

and restart sw-cp-server and drwebd services:

# service sw-cp-server restart
# service drwebd start

Contact Plesk Support Team if not help.

 

[TimReeves]

Thanks @IgorG I tried that but no joy )-:

Still seeing this when trying to start drwebd:
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Key file: /opt/drweb/drweb32.key - Key file was not found! (
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: A path to a valid license key file was not specified.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: A path to a valid license key file was not specified.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: Plesk authorization failed: HTTP request error [35]
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Plesk authorization failed: HTTP request error [35]
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: Error: Plesk Software not running.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Error: Plesk Software not running.

Perhaps it has to do with the ciphers rather than the TLS verion?

Seems I'll have to contect Plesk Support.

 

[IgorG]

You can try to use following workaround:

1. Create file /etc/sw-cp-server/conf.d/plesk-drweb-local.conf with the following content using text editor:
   

   # vi /etc/sw-cp-server/conf.d/plesk-drweb-local.conf

   server {
   listen [::1]:8443 ssl;
   listen 127.0.0.1:8443 ssl;
   
   ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
   ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;
   
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers HIGH:!aNULL:!MD5;
   
   include conf.d/*plesk.inc;
   include conf.d/*wpb.inc;
   }

2. Restart Plesk and DrWeb services:
   

   # service sw-cp-server restart && service drwebd restart

 

[TimReeves]

Hey @IgorG that works, then drwebd runs again.
So I have two questions:

1. Is the previous fix also needed (with the SSL protocolls)?
2. Can this be pushed out with the next Plesk update - I'm very busy and would not like to do this on all the servers I manage - not to mention that many others will surely be affected?

That's not the first time you've helped me out of a problem - so again, many thanks!
Tim

 

[IgorG]

1. No.
2. I'm not sure that this fix will be included to the next update but I'll update bugreport with your request.

 

[B_P]

You can try to use following workaround:

1. Create file /etc/sw-cp-server/conf.d/plesk-drweb-local.conf with the following content using text editor:
   

   # vi /etc/sw-cp-server/conf.d/plesk-drweb-local.conf

   server {
   listen [::1]:8443 ssl;
   listen 127.0.0.1:8443 ssl;
   
   ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
   ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;
   
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers HIGH:!aNULL:!MD5;
   
   include conf.d/*plesk.inc;
   include conf.d/*wpb.inc;
   }

2. Restart Plesk and DrWeb services:
   

   # service sw-cp-server restart && service drwebd restart

If you adjust ssl_ciphers (as found on Enable TLS 1.0 and TLS 1.1 on Ubuntu 20.04), this even allows NGINX on Ubuntu 20.04 to work with drweb (which otherwise fails since Ubuntu deprecated the use of TLSv1):

File /etc/sw-cp-server/conf.d/plesk-drweb-local.conf

server {
  listen [::1]:8443 ssl;
  listen 127.0.0.1:8443 ssl;

  ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
  ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "HIGH:!aNULL:!MD5@SECLEVEL=1";

  include conf.d/*plesk.inc;
  include conf.d/*wpb.inc;

}

 

[Control Oye]

Thanks @IgorG I tried that but no joy )-:

Still seeing this when trying to start drwebd:
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Key file: /opt/drweb/drweb32.key - Key file was not found! (
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: A path to a valid license key file was not specified.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: A path to a valid license key file was not specified.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: Plesk authorization failed: HTTP request error [35]
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Plesk authorization failed: HTTP request error [35]
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: Error: Plesk Software not running.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Error: Plesk Software not running.

Perhaps it has to do with the ciphers rather than the TLS verion?

Seems I'll have to contect Plesk Support.

I have install Plesk Obsidian 18.0.44 on Ubuntu 22.04

I am facing same

Thanks @IgorG I tried that but no joy )-:

Still seeing this when trying to start drwebd:
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Key file: /opt/drweb/drweb32.key - Key file was not found! (
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: A path to a valid license key file was not specified.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: A path to a valid license key file was not specified.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: Plesk authorization failed: HTTP request error [35]
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Plesk authorization failed: HTTP request error [35]
Nov 06 10:51:40 mail.syrian-heritage.org drwebd[5182]: Error: Plesk Software not running.
Nov 06 10:51:40 mail.syrian-heritage.org drwebd.real[5182]: Error: Plesk Software not running.

Perhaps it has to do with the ciphers rather than the TLS verion?

Seems I'll have to contect Plesk Support.

I have installed Plesk Obsidian 18.0.44 on Ubuntu 22.04

I am facing same drwebd problem
same entries in logs like

drwebd.real[5182]: Key file: /opt/drweb/drweb32.key - Key file was not found! (
drwebd[5182]: A path to a valid license key file was not specified.
drwebd.real[5182]: A path to a valid license key file was not specified.
drwebd[5182]: Plesk authorization failed: HTTP request error [35]
drwebd.real[5182]: Plesk authorization failed: HTTP request error [35]
drwebd[5182]: Error: Plesk Software not running.
drwebd.real[5182]: Error: Plesk Software not running.



Any solution for Ubuntu 22.04 will be appreciated

Looking forward

 

[Andersweb]

For our online shop (currently 18.04 LTS) I am currently setting up a new Ubuntu system on a new VPS with 22.04 or 20.04.

I have the same problems as described in this article. It affects both the 20.04 and 22.04 versions.

With Ubuntu 18.04 DrWeb runs without problems.

Plesk Obsidian v18.0.44

The following error messages appear on 20.04 and 22.04:

SERVER:~# service drwebd status
× drwebd.service - Plesk Premium Antivirus
Loaded: loaded (/lib/systemd/system/drwebd.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2022-06-18 17:47:47 CEST; 1min 31s ago
Process: 1747 ExecStart=/opt/drweb/drwebd --foreground=yes (code=exited, status=255/EXCEPTION)
Main PID: 1747 (code=exited, status=255/EXCEPTION)
CPU: 63ms

Jun 18 17:47:47 xxxxxxxxx drwebd[1747]: Key file: /opt/drweb/drweb32.key - Key file was not found! (No such file or directory)
Jun 18 17:47:47 xxxxxxxxx drwebd[1747]: A path to a valid license key file was not specified.
Jun 18 17:47:47 xxxxxxxxx drwebd.real[1747]: Key file: /opt/drweb/drweb32.key - Key file was not found! (No such file or directory)
Jun 18 17:47:47 xxxxxxxxx drwebd.real[1747]: A path to a valid license key file was not specified.
Jun 18 17:47:47 xxxxxxxxx drwebd[1747]: Plesk authorization failed: HTTP request error [35]
Jun 18 17:47:47 xxxxxxxxx drwebd[1747]: Error: Plesk Software not running.
Jun 18 17:47:47 xxxxxxxxx drwebd.real[1747]: Plesk authorization failed: HTTP request error [35]
Jun 18 17:47:47 xxxxxxxxx drwebd.real[1747]: Error: Plesk Software not running.
Jun 18 17:47:47 xxxxxxxxx systemd[1]: drwebd.service: Main process exited, code=exited, status=255/EXCEPTION
Jun 18 17:47:47 xxxxxxxxx systemd[1]: drwebd.service: Failed with result 'exit-code'.

When updating from 18.04 to 20.04, DrWeb also refuses to work.

I have tried different solutions that can be found on the internet. Unfortunately without success.

Would appreciate a solution

Greetings Stefan