I knew it ... I knew it! The instant I posted this I knew I would find the problem and it would be my own fault.
For posterity the issue was the private key file was password protected. Use openssl to remove the password and *BAM* services start up fine. My apologies for the false alarm, hopefully someone else can learn from my mistake. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Sallee, Jake via PacketFence-users <[email protected]> Sent: Wednesday, June 20, 2018 4:14 PM To: packetfence Cc: Sallee, Jake Subject: [PacketFence-users] Replacing snake oil certs with production certs. All: This is a new PFv8.0.1 3 node cluster install. Are there any instructions for installing new production certs on the PF servers in a cluster? I have a new cert that I am trying to install but when I do the httpd services fail to restart. I'm thinking the certs need to be processed into a format that PF likes, I just don't know what that format is. I renamed the self signed cert and key file to old-server.crt and old-server.key, then copied my new cert and key file, and named them server.crt and server.key. Next I chown'ed and chmod'ed the new certs to be pf:pf 660 (which is what the default certs are). When I bounce the httpd.portal and/or httpd.admin the services stop but fail to start again. Reverting the certs fixes the issue. Any guidance would be happily accepted. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fSlashdot.org&c=E,1,_wmtwdEvSShvqCi3qPjM4ij2heE3X3nFDQWfFbNXOrigzXZ8HYebyvDYVmA_FWeuRHo4xa4Y12pssuznWRmP2AlvCGy-53Ax1lWVcNDdvNtPMPdIcIJnzzQCYg,,&typo=1! https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsdm.link%2fslashdot&c=E,1,-hBjQuN1d8aNDbkVr-k-ERq_squU_pxaP-IBd1tS8fKi40KruteG__NN7OcSbwMaIBcuOdzjeoqB9Pw6u8RxXmxCT_QFOAka48xC8XmtZGmG&typo=1 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
