search

engintron / engintron

Engintron for cPanel/WHM is the easiest way to integrate Nginx on your cPanel/WHM server. Engintron will improve the performance & web serving capacity of your server, while reducing CPU/RAM load at the same time, by installing & configuring the popular Nginx webserver to act as a reverse caching proxy in front of Apache.
https://engintron.com
GNU General Public License v2.0
664 stars 173 forks source link

invalid number of arguments in "ssl_certificate" directive #407

Closed CarlosLopezES closed 7 years ago

CarlosLopezES commented 7 years ago

Hi,

After 1.8 install, i recive this error: invalid number of arguments in "ssl_certificate" directive in /etc/nginx/conf.d/default_https.conf:43

I have checked the file and puts on each domain: ssl_certificate ; ssl_certificate_key ;

And so on, so not put the path to SSL cert file.

Thank you!

fevangelou commented 7 years ago

Wow, this is weird. Doesn't your server have any certificate issued yet?

What files do you see under /var/cpanel/ssl/cpanel/ using a terminal?

Just do this after you login as root in your server:

ls -l /var/cpanel/ssl/cpanel/*
CarlosLopezES commented 7 years ago

Yes!

-rw-rw----. 1 cpanel cpanel 2887 Sep 6 2014 /var/cpanel/ssl/cpanel/cpanel.pem -rw-rw----. 1 cpanel cpanel 5624 Sep 6 2014 /var/cpanel/ssl/cpanel/mycpanel.cabundle -rw-rw----. 1 cpanel cpanel 5624 Jun 22 2014 /var/cpanel/ssl/cpanel/mycpanel.cabundle.disable.1409975303 -rw-rw----. 1 cpanel cpanel 9218 Sep 6 2014 /var/cpanel/ssl/cpanel/mycpanel.pem -rw-rw----. 1 cpanel cpanel 9214 Jun 22 2014 /var/cpanel/ssl/cpanel/mycpanel.pem.disable.1409975303

Thank you,

fevangelou commented 7 years ago

Is open_basedir restriction enabled in your server?

CarlosLopezES commented 7 years ago

No, it's not restricted in WHM

The file, it generates one line for each domain, like this:

# Definition block for domain(s): ***.com  #
server {
    listen 443 ssl http2;
    #listen [::]:443 ssl http2; # Uncomment if your server supports IPv6
    server_name ***.com;
    # deny all; # DO NOT REMOVE OR CHANGE THIS LINE - Used when Engintron is disabled to block Nginx from becoming an open proxy
    ssl_certificate ;
    ssl_certificate_key ;
    ssl_trusted_certificate ;
    include common_https.conf;
}

When i disable engintron, all disapear.

Thank you,

fevangelou commented 7 years ago

Login as root and execute the following, each line at a time:

rm -f /etc/nginx/conf.d/default_https.conf
/etc/nginx/utilities/https_vhosts.php
cat /etc/nginx/conf.d/default_https.conf

The last line will print out the generated HTTPS definitions for Nginx. Copy it to a txt file and cleanup all the definitions except the VERY first one and the VERY last one. You'll have 2 definitions only in the end. Ommit the domain names ONLY and paste it back here.

CarlosLopezES commented 7 years ago

Of course:

root@ns1 [~]# cat /etc/nginx/conf.d/default_https.conf

# Default definition block for HTTPS (Generated on 2017.02.20 12:42:42) #
server {

    listen 443 ssl http2 default_server;
    #listen [::]:443 ssl http2 default_server; # Uncomment if your server supports IPv6

    server_name localhost;

    deny all; # DO NOT REMOVE OR CHANGE THIS LINE - Used when Engintron is disabled to block Nginx from becoming an open proxy

    ssl_certificate /var/cpanel/ssl/cpanel/mycpanel.pem;
    ssl_certificate_key /var/cpanel/ssl/cpanel/mycpanel.pem;
    ssl_trusted_certificate /var/cpanel/ssl/cpanel/mycpanel.pem;

    include common_https.conf;

    location = /nginx_status {
        stub_status;
        access_log off;
        log_not_found off;
        # Uncomment the following 2 lines to make the Nginx status page private.
        # If you do this and you have Munin installed, graphs for Nginx will stop working.
        #allow 127.0.0.1;
        #deny all;
    }

    location = /whm-server-status {
        proxy_pass http://127.0.0.1:8080;
        # Comment the following 2 lines to make the Apache status page public
        allow 127.0.0.1;
        deny all;
    }

}
fevangelou commented 7 years ago

This is all you see entirely? Without editing anything out?

CarlosLopezES commented 7 years ago

Yes!

fevangelou commented 7 years ago

OK. First let me know which cPanel version you're using and on which CentOS or CloudLinux release.

Secondly, if you do either: cat /usr/local/apache/conf/httpd.conf or cat /etc/httpd/conf/httpd.conf ...is any output returned?

CarlosLopezES commented 7 years ago

It's WHM 60 with CloudLinux 6.8 and CentOS 6.8.

And yes, return all domains with vHost, ssl files, root directory, and so on.

Thank you,

fevangelou commented 7 years ago

Can you check if there's an error_log file in /etc/nginx/utilities/ please? If so, what is its contents.

petrogazz commented 7 years ago

Same issue here (on all steps mentioned), WHM 60.0 (build 36) EasyApache 3, Apache 2.2 PHP5.5, centos 6.8 openvz (no cloudlinux).

The output of tail -n 10 /etc/nginx/utilities/error_log


[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87
[20-Feb-2017 11:07:41 America/New_York] PHP Warning:  file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 87

The vps time zone is Europe/Athens and the timezone conversion from America/New_York matches the correspoding log entries.

PS sorry for interrupting.

CarlosLopezES commented 7 years ago

Same for me 👍

ghost commented 7 years ago

Getting the same error. I completely removed the plugin and now everything's back to normal.

fevangelou commented 7 years ago

@petrogazz and/or @CarlosLopezES Can you please email me your httpd.conf files at engintron at gmail dot com please? What you mention indicates that you have zero certificates issued on your server.

CarlosLopezES commented 7 years ago

Of course, sent!

fevangelou commented 7 years ago

Check your spelling. Haven't received anything yet...

CarlosLopezES commented 7 years ago

Sorry, i was wrong and sent it to 'engitron'

fevangelou commented 7 years ago

As imagined... You have no certificates issued. Re-update now to Engintron. I have added extra checks to stop Nginx from failing. Let me know how it goes.

iRakic commented 7 years ago

I have the same problem like other people. Here is the output of: #tail /etc/nginx/utilities/error_log [20-Feb-2017 22:16:32 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [20-Feb-2017 22:16:32 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89

I have also sent you an email with my httpd.conf file.

petrogazz commented 7 years ago

I have upgraded from ea3 to ea4,updated Engintron and have no issues now. I'll get back with more feedback tomorrow.

iRakic commented 7 years ago

BTW I have forgotten to mention, I have an issue with EA3.

ghost commented 7 years ago

I have ea4 installed but still get the error in the initial post of this thread: invalid number of arguments in "ssl_certificate" directive in /etc/nginx/conf.d/default_https.conf:43

On Feb 20, 2017 11:58 PM, "iRakic" notifications@github.com wrote:

BTW I have forgotten to mention, I have an issue with EA3.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/engintron/engintron/issues/407#issuecomment-281201330, or mute the thread https://github.com/notifications/unsubscribe-auth/AURI1i6Mfk7caK1ItUPUt9OKTka4gy4Bks5rehqigaJpZM4MF-D- .

CarlosLopezES commented 7 years ago

Hi,

Sorry about the delay in answer. Today i have updated to the latest version and now works, but all sites with HTTPS enabled are mismatch, the server puts the certificate from the hostname instead the true certificate of the website.

All websites have certificated issued, someones by let's encrypt and others by his own way.

katmai commented 7 years ago

afaik EA3 is not supported by engintron. you should be using EA4

On 2/20/2017 11:58 PM, iRakic wrote:

BTW I have forgotten to mention, I have an issue with EA3.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/engintron/engintron/issues/407#issuecomment-281201330, or mute the thread https://github.com/notifications/unsubscribe-auth/ABL_6EI_xwWXN98mpfYithXlZ9aHSooEks5rehqhgaJpZM4MF-D-.

--

Rares S. Dumitrescu Systems/Security engineer Free Agent

This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

xuanduoc84 commented 7 years ago

Today, i upgraded to new version 1.8.0 and got that error too Now i must disable Engintron How to fix that?

iRakic commented 7 years ago

@katmai

It says it's compatible with EA3. As you can see it here:

Engintron is also compatible with both EasyApache 3 and EasyApache 4 as of version 1.7.0.

Maybe it has stopped being compatible from version 1.8.0?

xuanduoc84 commented 7 years ago

I used EA3, EA4: v1.8.0 get error to

how to revert to version 1.7.3? (reinstall old version)

ZgrK commented 7 years ago

also i have same problem

fevangelou commented 7 years ago

Just upgrade. It's fixed already. Those who had this issue simply had 0 domains with a TLS/SSL certificate.

CarlosLopezES commented 7 years ago

Hi,

With the latest update, we have again the same problem

nginx: [emerg] invalid number of arguments in "ssl_certificate" directive in /etc/nginx/conf.d/default_https.conf:43 nginx: configuration file /etc/nginx/nginx.conf test failed

fevangelou commented 7 years ago

When did you update?

ghost commented 7 years ago

I just updated the plugin and still face the same issue as @CarlosLopezES

xuanduoc84 commented 7 years ago

My server has TLS/SSL (Docomo) and i still get that error after install "nginx: [emerg] invalid number of arguments in "ssl_certificate" directive in /etc/nginx/conf.d/default_https.conf:43 nginx: configuration file /etc/nginx/nginx.conf test failed"

iRakic commented 7 years ago

I just tried the newest version again. I have the same issue like before.

# tail -n 10 /etc/nginx/utilities/error_log [22-Feb-2017 16:28:42 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_get_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89 [22-Feb-2017 16:28:42 UTC] PHP Warning: file_put_contents(): Filename cannot be empty in /etc/nginx/utilities/https_vhosts.php on line 89

I must mention that I'm using Let's encrypt for the most of the sites. I have also users that have paid certificates as well.

xuanduoc84 commented 7 years ago

Reinstall now and get this: https://vgy.me/xZa71Y.jpg

Paralda commented 7 years ago

A fix for this:

Uninstall, install 1.7.2:

https://github.com/engintron/engintron/releases/tag/v1.7.2

Then:

rm -f /etc/nginx/conf.d/default_https.conf

Wait for the cron job to recreate the https.conf automatically, and you should be set.

This PHP script seems to be broken in 1.8.0: /etc/nginx/utilities/https_vhosts.php 1.7.2 uses a different PHP script for its cron, which seems to be working.

Shadowized commented 7 years ago

fully broken for me with WHM 62, centOS 6.8, EA4

I've got the same problem as @CarlosLopezES , the generator (/etc/nginx/utilities/https_vhosts.php) doesn't work correctly, and in turn the default_https.conf doesn't have any keys set for it thus nginx fails to start/restart, the error_log has the same contents as what @petrogazz posted.

I'll just keep it disabled until a solution is found.

CarlosLopezES commented 7 years ago

@Paralda I have uninstalled 1.8.0 and installed 1.7.2 (remember to edit lines 528, 530 and 531 from engintron.sh).

Can we launch manually these cronjob to recreate?

Thank you,

xuanduoc84 commented 7 years ago

Script command: /usr/local/cpanel/bin/apache_conf_distiller --update

not working easyapache 4 So what replace for that?

CarlosLopezES commented 7 years ago

Any news on this?

Thank you,

Shadowized commented 7 years ago

I fixed it for myself in #421 , you could try that until they fix the script themselves.

fevangelou commented 7 years ago

Update to today's build. The solution by @Shadowized is not a fix, he probably had AutoSSL issue certificates for all domains inbetween testing.

Shadowized commented 7 years ago

@fevangelou no, I've had the AutoSSL certs on all domains before I reinstalled engintron, but yeah like you mentioned in the other issue I did make it search the entire vhost block instead of a specific place because it wasn't matching at all, the latest update does work though so thats great.

edit: actually no, it doesn't work. none of the vhosts are ported over, do I need to edit anything in it? it finds the httpd.conf just fine when I do an echo on it, but none of the domains are in the generated conf file, just the default https block

iRakic commented 7 years ago

Can someone confirm who had: "nginx: [emerg] invalid number of arguments in "ssl_certificate" directive in ..." issue that everything is working now?

Shadowized commented 7 years ago

@fevangelou I think there's been some misunderstanding if I'm reading this regex correctly, it's searching for an <IfModule ssl_module> block, inside every <VirtualHost example.com:443> block, but that isn't how my certs are stored at all, I'll just go ahead and paste a sanitized example of a live domain for you to better understand it, but I think this is definitely something with how EA4 or Apache 2.4 generates the httpd.conf, maybe even how AutoSSL interacts with it, I'm not sure, but all I know is that when I debug the https_vhosts file with print_r's and echos, it returns 0 results even though it can read/parse the file.

<VirtualHost 1.2.3.4:8443>
    ServerName example.com
    ServerAlias mail.example.com www.example.com
    DocumentRoot /home/user/public_html
...
    SSLEngine on

    SSLCertificateFile /var/cpanel/ssl/installed/certs/example_com.crt
    SSLCertificateKeyFile /var/cpanel/ssl/installed/keys/example_com.key
    SSLCACertificateFile /var/cpanel/ssl/installed/cabundles/cPanel_Inc__example.cabundle
...
</VirtualHost>

any idea why the ssl_module block isn't in there on any of them? I haven't changed anything.

edit1: apparently its due to cpanels apache templates (/var/cpanel/templates/apache2_4), gonna see if I can update those. edit2: I've deleted vhost.local and ssl_vhost.local files, and now its using the default ones which work correctly, I don't understand how this happened and I've never edited or touched those files.

iRakic commented 7 years ago

I have just tested a new build, and the problem is fixed. I now had a new issue with https version of sites. I have randomly checked several sites and the https version of a site is showing a broken certificate. All sites that I have tested are using Let's encrypt.

fevangelou commented 7 years ago

@Shadowized Holy crap! Never seen this before... I'll update the regex to ignore the as either way it's already searching within the "HTTPS" block (so to speak).

fevangelou commented 7 years ago

@Shadowized Fixed in v1.8.1 - please upgrade and let me know.

Shadowized commented 7 years ago

@fevangelou all good now, certs and everything working fine, getting A in ssllabs tests, A+ if I enable HSTS (with codeit-nginx repo). :)