Site using HTTPS over quota causes apache not to start

[TheMightyZeus]

When a site configured to use an SSL certificate (as per this) exceeds its quota, the certificate specified in "Override a Virtual Host Setting" is not included in the vhost anymore. Thus Apache complains that a vhost wants to use port 443 but has no SSL certificate configured, and fails to start.

[Thu May 22 15:00:02 2014] [notice] Graceful restart requested, doing restart
[Thu May 22 15:00:02 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu May 22 15:00:02 2014] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 48 bytes)
[Thu May 22 15:00:02 2014] [notice] mod_bw : Version 0.92 - Initialized [0 Confs]
[Thu May 22 15:00:02 2014] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Thu May 22 15:06:01 2014] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[ghost]

USE THE FORUM FOR SUPPORT ISSUES @TheMightyZeus

http://forums.zpanelcp.com/Forum-General-Support-Questions

[Caffe1neAdd1ct]

I would say personally there is enough information here to confirm there is an application breaking bug.

This should not have been closed without making sure the reported bug doesn't exist.

I too can confirm this does happen on CentOS 6.4 Zpanel 10.1.1 just tested on a dev environment.

Please re-open this bug report.

[TheMightyZeus]

@Me-Bl This bug report (not support request) describes a pretty serious bug that causes every site on a machine to silently go down under perfectly common conditions.

Use zpanel-documented instructions to create an https site, send it over quota, and wait for next daemon run.

Seconded. Please re-open this bug report.

[ghost]

Report using the forum we will check it and confirm if it's a BUG then we will be happy to log it AND FIX IT.

[TheMightyZeus]

There is not a section in the forums for bug reporting. The website has this bug tracker listed under support. Not accepting bug reports in your bug tracker makes no sense. It's been confirmed by more than one person, it's a bug.

[TheMightyZeus]

Also the forums say

If you feel that you have found a bug in ZPanel then please report the issue at http://bugs.zpanelcp.com.

Therefore, this is the correct place to report a bug. Can someone please reopen this issue?

[Caffe1neAdd1ct]

@TheMightyZeus If we get time over @zVPS then we'll look into fixing this. Its not a simple one....

I think we need some client options for specifying ssl sites and the cert files then the daemon hook can handle the virtual hosts needed. This would get round closing and opening the vhost block inside the override which is a hacky way of doing this at best.

Once the daemon hook is generating the ssl vhost and redirect from non -> https vhost we can implement handling for successfully blocking ssl sites on over quota.

[Caffe1neAdd1ct]

And I have personally tested this issue, this is a current bug inside 10.1.1 so please reopen.

[TheMightyZeus]

Including the vhost override even in a site that's over quota would fix this issue, though I suspect that it would potentially expose several more, depending on the specifics of any given override. One kind of hacky workaround would be to allow only certain directives from the override to carry over to a vhost that's over quota. Specifically, SSLEngine, SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile.

I agree that being able to specify the certificates in zpanel as opposed to simply specifying overrides on the vhost and the port would be a better solution, and much more user-friendly, but also that it's far from a simple change.

Right now my personal workaround is to simply give SSL sites unlimited quota, which keeps everything from coming down, but obviously is not a good solution.

[5050]

Reopened. I agree that a module must be writen to handle SSL assignation to panel/domains and certificates. I reported this to the dev/team forum and opened a discussion about it.

[Caffe1neAdd1ct]

Thanks @5050

Let me know the forum link and I'll pop over at some point

Kev

[jacobgelling]

@Caffe1neAdd1ct http://forums.zpanelcp.com/Thread-Module-to-handle-SSL

[TheNigelist]

I'm not sure if Kev has access to that part of the forum anymore?

[jacobgelling]

Ah right, that sucks :worried:

[devnix]

I had this bug today too after setting manually a SSL following the guidelines of Zpanel. From that moment, I didn't touch any configuration, so I find this bug kinda strange.

I "fixed" it changing in /etc/httpd/conf.d/ssl.conf

Listen 443

to

Listen 443 http

Don't ask, just googled for hours about the error. I completely agree with the idea of a module for managing certificates, I was surprised to install it manually!