New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL Requires Restart - No Cron #556

Closed
brixly opened this Issue Jun 8, 2017 · 7 comments

Comments

Projects
None yet
5 participants
@brixly
Copy link

brixly commented Jun 8, 2017

Hi there, would really appreciate your help on this one as it causes us a huge amount of support enquiries.

We use LetsEncrypt as a plugin for cPanel, as well as AutoSSL. When a certificate is installed, the site doesn't go secure until we have restarted using the 'Restart Apache & Nginx' option within Engintron.

Under the 'cron' section of Engintron, I can see this...

          • root /etc/nginx/utilities/https_vhosts.sh >> /dev/null 2>&1

However, im not too sure this is even running. Is there any way we would be able to tell?

I can see within the https_vhosts.sh file, it runds service nginx reload following the regeneration.

Is service nginx reload enough to get the SSL working? We have tried this in the past, but the site still shows as insecure until we restart both Apache and Nginx.

We obviously don't want to alter the code to restart nginx and apache entirely through a cron, incase of syntax errors etc.

Could you just clarify where we are going wrong please?

@brixly

This comment has been minimized.

Copy link

brixly commented Jun 8, 2017

Ok, so I can verify from the logs the script appears to be running through the cron...

Jun 8 15:07:01 cloud07 CROND[406963]: (root) CMD (/etc/nginx/utilities/https_vhosts.sh >> /dev/null 2>&1)
Jun 8 15:08:01 cloud07 CROND[408380]: (root) CMD (/etc/nginx/utilities/https_vhosts.sh >> /dev/null 2>&1)

If that is the case, why are the sites not secure until we restart Apache and Nginx entirely?

Many thanks,

Dennis

@ghost

This comment has been minimized.

Copy link

ghost commented Jun 16, 2017

Same here. I created a cron command to restart apache and nginx once a day, but I've ran into some SSL cert key issues when Nginx restarts and an Engintron reinstall is required (some file not file issue from apache "httpd.conf,v".

@imagina

This comment has been minimized.

Copy link

imagina commented Jul 1, 2017

Ok, in my case i found the problem.

It was ngintron cron requiring to read files outside of /home and we were limiting that option in php.ini with open_basedir

Remove open_basedir restriction in your main php.ini file and it should run fine.

@omikron

This comment has been minimized.

Copy link

omikron commented Jul 12, 2017

We do not limit anything with open_basedir, and we have the same problem.

Even when adding a new domain and having AutoSSL generate a new SSL, Nginx has to be restarted for the certificate to take effect.

@fevangelou

This comment has been minimized.

Copy link
Member

fevangelou commented Jul 15, 2017

Open /etc/crontab via the Engintron WHM app and just hit save. It's important to do this through the Engintron WHM app as a previous version of the code editor used would break line endings in that file and cause custom cron jobs to break, thus refreshing the Nginx config for HTTPS would not work.

@brixly

This comment has been minimized.

Copy link

brixly commented Nov 15, 2017

I have continued the thread here...

#662 (comment)

@fevangelou fevangelou closed this Apr 4, 2018

@lukapaunovic

This comment has been minimized.

Copy link

lukapaunovic commented Apr 18, 2018

This is finally how I fixed this.
I looked when my autossl cron is running

cat /etc/cron.d/cpanel_autossl

Mine runs at

26 4 * * * root /usr/local/cpanel/bin/autossl_check --all

So I added this to run hour later.

30 5 * * * /usr/sbin/service nginx restart > /dev/null 2>&1

This works beautifully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment