ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

https://mail.forum.configserver.com/viewtopic.php?t=10086

Page 1 of 1

MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 28 Feb 2017, 17:17
by marcele
I was trying to setup some of the new CSF MESSENGER_HTTPS features but LFD can't find the SSL certificates on a Plesk server for some reason. Any ideas?

Feb 28 09:57:33 web6 lfd[27641]: MESSENGER: Error starting HTTPS service: No SSL certs found in MESSENGER_HTTPS_CONF location
Feb 28 09:57:33 web6 lfd[27641]: MESSENGER: HTTPS service temporarily *DISABLED*

I tried setting MESSENGER_HTTPS_CONF to "/etc/httpd/conf/plesk.conf.d/vhosts/*.conf" (Plesk symlinks to every vhosts httpd.conf in this directory) . I also tried setting it to "/var/www/vhosts/system/*/conf/httpd.conf" (the actual locations) with no luck.

I'm including a sample vhost domain http.conf in case the syntax is a bit different with Plesk
<IfModule mod_ssl.c>

<VirtualHost 203.0.113.1:7081 >
ServerName "example.com:443"
ServerAlias "www.example.com"
ServerAlias "ipv4.example.com"
ServerAdmin "user@exmaple.com"
UseCanonicalName Off

DocumentRoot "/var/www/vhosts/example.com/httpdocs"
ErrorLog "/var/www/vhosts/system/example.com/logs/error_log"

<IfModule mod_suexec.c>
SuexecUserGroup "prqgiywx" "psacln"
</IfModule>

<IfModule mod_userdir.c>

UserDir "/var/www/vhosts/example.com/web_users/*"
</IfModule>

<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "a67b51c7-b275-4277-b1f9-ba62c183420b"
</IfModule>

SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/cert-5cpwQt
SSLCACertificateFile /usr/local/psa/var/certificates/cert-Zc1E8t

<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/example.com/etc/php.ini
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX plesk-php53-fastcgi
FcgidMaxRequestLen 134217728
</IfModule>

<Directory /var/www/vhosts/example.com/httpdocs>

<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</IfModule>

SSLRequireSSL

Options -Includes -ExecCGI

</Directory>

<Directory /var/www/vhosts/example.com/web_users>

<IfModule sapi_apache2.c>
php_admin_flag engine off
</IfModule>

<IfModule mod_php5.c>
php_admin_flag engine off
</IfModule>

<IfModule mod_php7.c>
php_admin_flag engine off
</IfModule>

</Directory>

<Directory /var/www/vhosts/example.com>
Options +FollowSymLinks
</Directory>

Include "/var/www/vhosts/system/example.com/conf/vhost_ssl.conf"

</VirtualHost>

</IfModule>

<VirtualHost 203.0.113.1:7080 >
ServerName "example.com:80"
ServerAlias "www.example.com"
ServerAlias "ipv4.example.com"
ServerAdmin "slang103@gmail.com"
UseCanonicalName Off

DocumentRoot "/var/www/vhosts/example.com/httpdocs"
ErrorLog "/var/www/vhosts/system/example.com/logs/error_log"

<IfModule mod_suexec.c>
SuexecUserGroup "prqgiywx" "psacln"
</IfModule>

<IfModule mod_userdir.c>

UserDir "/var/www/vhosts/example.com/web_users/*"
</IfModule>

<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "a67b51c7-b275-4277-b1f9-ba62c183420b"
</IfModule>

<IfModule mod_ssl.c>
SSLEngine off
</IfModule>

<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/example.com/etc/php.ini
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX plesk-php53-fastcgi
FcgidMaxRequestLen 134217728
</IfModule>

<Directory /var/www/vhosts/example.com/httpdocs>

<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</IfModule>

Options -Includes -ExecCGI

</Directory>

<Directory /var/www/vhosts/example.com/web_users>

<IfModule sapi_apache2.c>
php_admin_flag engine off
</IfModule>

<IfModule mod_php5.c>
php_admin_flag engine off
</IfModule>

<IfModule mod_php7.c>
php_admin_flag engine off
</IfModule>

</Directory>

<Directory /var/www/vhosts/example.com>
Options +FollowSymLinks
</Directory>

Include "/var/www/vhosts/system/example.com/conf/vhost.conf"

</VirtualHost>

Re: MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 28 Feb 2017, 17:31
by ForumAdmin
The VirtuaHost directives do not match the regexes used in lfd. We will look into adapting them in a future release.

Re: MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 28 Feb 2017, 17:44
by marcele
Sounds good. Thanks for adding the recaptcha stuff too! Looking forward to all of this to reduce support calls :)

Re: MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 28 Feb 2017, 17:48
by marcele
Also note that the original file has extra spacing in there but for some reason when I include it on code tags all the line breaks get stripped. If you want the original file just let me know and I can email it to you.

Re: MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 01 Mar 2017, 13:08
by marcele
It looks like Plesk has an extra space in their virtualhost line that causes the Messenger.pm regex to not match. To fix its just a matter of changing the regex on line 87 of messenger.pm

From

Code: Select all

if ($line =~ /^\s*<VirtualHost .*:(\d+)>/) {
To:

Code: Select all

if ($line =~ /^\s*<VirtualHost .*:(\d+)\s*>/) {
It fixes the error of not finding the certificates but it still errors with:

Code: Select all

Feb 28 23:20:16 el7p17 lfd[13687]: MESSENGER: Error starting HTTPS service: SSL_key_file  does not exist at /usr/share/perl5/vendor_perl/IO/Socket/SSL.pm line 363.
My settings

Code: Select all

MESSENGER_HTTPS_CONF = /etc/httpd/conf/plesk.conf.d/vhosts/*.conf
MESSENGER_HTTPS_KEY  = /etc/pki/tls/private/localhost.key
MESSENGER_HTTPS_CRT  = /etc/pki/tls/certs/localhost.crt
I'm thinking that the issue is that Plesk stores its certificates in PEM format so each SSLCertificateFile already includes the private key for each cert?

Re: MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 01 Mar 2017, 13:17
by marcele
With debug on its finding the certificates alright. I'm not sure why its still erroring:

Code: Select all

Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["example.com"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["foo.example.com"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["ipv4.Testing.com"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["example.org"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["ipv4.foo.example.com"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["Testing.com"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["ipv4.example.com"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: SSL: ["ipv4.example.org"] [/usr/local/psa/var/certificates/cert7U2IOoK] []
Feb 28 23:31:21 el7p17 lfd[15376]: MESSENGER: Error starting HTTPS service: SSL_key_file  does not exist at /usr/share/perl5/vendor_perl/IO/Socket/SSL.pm line 363.

Re: MESSENGER_HTTPS_CONF not finding Plesk Apache certificates

Posted: 01 Mar 2017, 15:25
by ForumAdmin
I'm working on a generic regex to include plesk. Part of the problem is that it appears plesk uses incorrect syntax, such as putting values within quotes and angle brackets. Such formatting does not appear in the Apache spec, but we' taking that into account. See:
https://httpd.apache.org/docs/2.4/mod/c ... servername
https://httpd.apache.org/docs/2.4/mod/c ... erveralias
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited