Hostname SSL issue Null Stale CSR on ubuntu

[Spirogg]

hi i tried some of the temp fixes but some don't run on ubuntu

here is the error
@cPRex anyway to resolve this?

The following cPanel service generated warnings from the checkallsslcerts script.

cpanel

The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. ({"domain_details":null,"status":"revoked","status_details":null,"status_message":"Stale CSR"})

 

[Spirogg]

tried this -
root@server2:~# mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v
mv: cannot move '/var/cpanel/hostname_cert_csrs' to '/var/cpanel/hostname_cert_csrs.cpbkp/hostname_cert_csrs': Directory not empty
root@server2:~#

works on AlmaLinux but not Ubuntu
you really need to ask someone to update the guides and fixes for Ubuntu as well

 

[Spirogg]

@cPRex you forgot about me ;(

just kidding - when you get a chance thanks

your on fire today on the forum nice.... speedy @cPRex your one of the fast REX's

 

[cPRex]

Hey there! I'm not able to reproduce this one on a test machine. Here's a basic test showing "mv" working normally:

root@10-2-36-48:~# mkdir movetest
root@10-2-36-48:~# cd movetest/
root@10-2-36-48:~/movetest# touch 1 2 3 4 5 6 7
root@10-2-36-48:~/movetest# cd ../
root@10-2-36-48:~# mv movetest/ testing
root@10-2-36-48:~#

My test Ubuntu machine doesn't have a valid hostname so I don't have that specific directory, but could you check and see if your "mv" command has any aliases linked to it?

 

[Spirogg]

Hey there! I'm not able to reproduce this one on a test machine. Here's a basic test showing "mv" working normally:

root@10-2-36-48:~# mkdir movetest
root@10-2-36-48:~# cd movetest/
root@10-2-36-48:~/movetest# touch 1 2 3 4 5 6 7
root@10-2-36-48:~/movetest# cd ../
root@10-2-36-48:~# mv movetest/ testing
root@10-2-36-48:~#

My test Ubuntu machine doesn't have a valid hostname so I don't have that specific directory, but could you check and see if your "mv" command has any aliases linked to it?

ok did what you posted

root@server2:~# mkdir movetest
root@server2:~# cd movetest/
root@server2:~/movetest# touch 1 2 3 4 5 6 7
root@server2:~/movetest# cd ../
root@server2:~# mv movetest/ testing
root@server2:~#

but could you check and see if your "mv" command has any aliases linked to it?

I;m not sure how to check this ?

 

[Spirogg]

ok did what you posted

root@server2:~# mkdir movetest
root@server2:~# cd movetest/
root@server2:~/movetest# touch 1 2 3 4 5 6 7
root@server2:~/movetest# cd ../
root@server2:~# mv movetest/ testing
root@server2:~#


I;m not sure how to check this ?

root@server2:~# unalias mv
bash: unalias: mv: not found


root@server2:~# alias
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l='ls -CF'
alias la='ls -A'
alias ll='ls -alF'
alias ls='ls --color=auto'

 

[Spirogg]

@cPRex

I found a way on Ubuntu when I ran mv --help

Mandatory arguments to long options are mandatory for short options too.
   --backup[=CONTROL]       make a backup of each existing destination file
  -b                           like --backup but does not accept an argument

then ran
root@server2:~# mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -b
root@server2:~# /usr/local/cpanel/bin/checkallsslcerts

The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/6C74E3F47.redated29AC1E8.txt) …
        … complete.
Setting up DNS DCV for “server2.redated.com” …
        … complete.

Attempting DNS DCV preflight checks …
        server2.redated.com: DNS DCV OK
        www.server2.redated.com: DNS DCV OK
        mail.server2..redated.com: DNS DCV OK
        cpanel.server2..redated.com: DNS DCV OK
        webmail.server2..redated.com: DNS DCV OK
        whm.server2..redated.com: DNS DCV OK
        cpcalendars.server2..redated.com: DNS DCV OK
        cpcontacts.server2..redated.com: DNS DCV OK
Succeeded domains: 8
Failed domains: 0
Requesting certificate from cPStore …
        Order submitted. (Order item ID: 16.redated71)

Please can you change the instructions on cPanel Support to reflect the command for for Ubuntu Servers to that below.


mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -b

then run

/usr/local/cpanel/bin/checkallsslcerts

https://support.cpanel.net/hc/en-us/articles/4408133921559-Stale-hostname-CSRs-causes-the-cPanel-store-to-fail-creating-an-SSL-order

seems Ubuntu Servers does not like the -v i tried with mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -b -v but would not except it and gave me the same error ..

So I think the only way is to use the -b ( for backup) on Ubuntu Servers, and the -v on ALmaLinux / CentOS


Thanks for your replies and communication..

Kind Regards,
Spiro

 

[cPRex]

The -v is still working well for me on an Ubuntu box:

root@host:~# mv movetest{,.cpbkp} -v
renamed 'movetest' -> 'movetest.cpbkp/movetest'

Could you submit a ticket so we could check that particular environment?

 

[Spirogg]

The -v is still working well for me on an Ubuntu box:

root@host:~# mv movetest{,.cpbkp} -v
renamed 'movetest' -> 'movetest.cpbkp/movetest'

Could you submit a ticket so we could check that particular environment?

Ticket Number #94445867

thanks
Spiro

 

[Spirogg]

Ok I now understand better why this happens.

I've also performed this operation on my Ubuntu test server which worked without issues:

root@10-2-32-173:~# head -2 /etc/os-release
NAME="Ubuntu"
VERSION="20.04.2 LTS (Focal Fossa)"
root@10-2-32-173:/var/cpanel# mv -v hostname_cert_csrs{,.cPbak}
renamed 'hostname_cert_csrs' -> 'hostname_cert_csrs.cPbak'

I then added 100 files to this directory to make it not empty:

root@10-2-32-173:/var/cpanel# find hostname_cert_csrs.cPbak/ -type f | wc -l
100

After doing this I recreated the hostname_cert_csrs directory, populated it with a number of empty files, and upon trying to move the directory at this time the error was populated:

root@10-2-32-173:/var/cpanel# mkdir hostname_cert_csrs
root@10-2-32-173:/var/cpanel# touch hostname_cert_csrs/{1..1000}
root@10-2-32-173:/var/cpanel# find hostname_cert_csrs -type f | wc -l
1000

root@10-2-32-173:/var/cpanel# mv -v hostname_cert_csrs{,.cPbak}
mv: cannot move 'hostname_cert_csrs' to 'hostname_cert_csrs.cPbak/hostname_cert_csrs': Directory not empty

- In the future to prevent this type of issue you can remove the old directory, or when renaming the directory give it another name.

so when i was trying mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v it already had a backup of cpbkp
so i could remove it or rename it to mv /var/cpanel/hostname_cert_csrs{,.cpbkp1} -v
then it will work. makes sense- duh .... I'm so slow sometimes.

I do want to address why -b worked, The -b flag is 'backup' that creates a backup of the destination prior to overwriting.

You could either change the name of the backup directory that was created. as you showed, and then run the original command.
mv -v /var/cpanel/hostname_cert_csrs.cpbkp /var/cpanel/hostname_cert_csrs.cpbkup.1

or, while running the initial mv command, to change the name of the backup being created by incrementing numbers prior to the curly closing bracket as shown below:
mv -v /var/cpanel/hostname_cert_csrs{,.cPbak2}

An example showing this work is below:

root@10-2-32-173:/var/cpanel# mv /var/cpanel/hostname_cert_csrs{,.cPbak}
mv: cannot move '/var/cpanel/hostname_cert_csrs' to '/var/cpanel/hostname_cert_csrs.cPbak/hostname_cert_csrs': Directory not empty

root@10-2-32-173:/var/cpanel# mv -v /var/cpanel/hostname_cert_csrs{,.cPbak2}
renamed '/var/cpanel/hostname_cert_csrs' -> '/var/cpanel/hostname_cert_csrs.cPbak2'

ok just incase someone else needs this information im posting it here as well

SOLVED.. thank you @cPRex for dealing with all my questions

Kind Regards,
Spiro