Invalid command ‘SSLEngine’

CentOS release 4.5 (Final)

Server version: Apache/1.3.37 (Unix)

You can get this error for lots of reasons (including the mod_ssl.c module not being loaded) but my problem to day was the above error spat out by:

apachectl configtest

The reason is that apachectl DOES NOT define SSL (i.e. when it’s checking the config file). Therefore the httpd.conf will ALWAYS look broken if mod_ssl.c specific directives are in it. That is unless they are bracketed with:

<IfDefine SSL> or <IfModule mod_ssl.c>

in which case what’s the point of using “apachectl configtest” to test the config file?

httpd -S

gives the same error unless you also pass -DSSL like this:

httpd -S -DSSL

Be safe: use the actual boot scripts to stop and start the server if you’re using SSL:

/etc/init.d/httpd stop

/etc/init.d/httpd startssl

WHM / cPanel :

You may get errors for SSLEngine while installing SSL from WHM :

Syntax error on line 29945 of /usr/local/apache/conf/httpd.conf.installssl.1210663778.980885407.445848-domain.com:
Invalid command ‘SSLEngine’, perhaps mis-spelled or defined by a module not included in the server configuration

root@devel [/usr/share/ssl/private]# service httpd startssl
[Tue Jul 18 15:51:15 2006] [warn] module bytes_log_module is already loaded, skipping
Syntax error on line 1211 of /usr/local/apache/conf/httpd.conf:
Invalid commandSSLEngine‘, perhaps mis-spelled or defined by a module not included in the server configuration
/etc/init.d/httpd startssl: httpd could not be started

Fix:

Rebuild Apache using easyapache or from WHM which will fix the issue with SSL.

root@devel [/usr/share/ssl/private]# service httpd restart
/etc/init.d/httpd restart: httpd not running, trying to start
/etc/init.d/httpd restart: httpd started

Formatting and Mounting a new drive in Linux

I have installed a new slave hard drive. How do I format it and mount it?

Solution:

1. Login as root: and type the following command:

[root@34 root]# fdisk /dev/hdc

2. This screen will appear:

The number of cylinders for this disk is set to 10011.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

3. Press p for print, this will show you the current partitons on the drive:

Command (m for help): p

Disk /dev/hdc: 82.3 GB, 82348277760 bytes
255 heads, 63 sectors/track, 10011 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

4. There are no current partitions, if there were, press d to delete them. Then press n to create a new partition and follow the rest of the commands:

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-10011, default 1): Enter
Using default value 1: Enter
Last cylinder or +size or +sizeM or +sizeK (1-10011, default 10011): Enter
Using default value 10011

5: Write your new partiton to the drive:

Command (m for help): w
The partition table has been altered!

—————————————

6. Now to make the file system.

[root@34 root]# mkfs.ext3 /dev/hdc1
mke2fs 1.32 (09-Nov-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
10059776 inodes, 20103331 blocks
1005166 blocks (5.00%) reserved for the super user
First data block=0
614 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424

—————————————–

7. Now to make a directory to mount the new drive to.

[root@34 root]# mkdir /backups
[root@34 root]# mount /dev/hdc1 /backups
[root@34 root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 75G 1.3G 70G 2% /
/dev/hda1 99M 14M 81M 15% /boot
none 243M 0 243M 0% /dev/shm
/dev/hdc1 76G 33M 72G 1% /backups

You will see that the new drive is labled /dev/hdc1 and is mounted to /backups.
——————————————-

8. Now edit the /etc/fstab so that the mount is there after a reboot.

Current fstab is shown below:

LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0

9. Now we are going to add one line at the end:

[root@34 root]# vi /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/dev/hdc1 /backups ext3 defaults 0 0

Save and quit vi.

What is Virtuozzo / Parallels Power Panel?

Virtuozzo / Parallels Power Panel also known as VZPP / PPP is used to manage a VPS / Container efficiently. A user can Restart, Stop, Start, and Fast Stop his/her VPS when an emergency occurs. Using Virtuozzo also helps a user to get better information of his/her VPS such as Change password, File Manager, Resources, System Services, System Processes, Firewall, SSH Connection, Status Changes, QoS Alerts, Action Log, Traffic Log etc.

Virtuozzo Power Panel Features:-

* Start/Stop VPS: Start, stop, fast stop and restart the VPS.

* VPS Resource Monitoring: Monitor VPS resource utilization for CPU, system, disk space and disk inodes.

* VPS Backup/Restore: Back up and restore the VPS from the backup including all system and user files.

* VPS Repair: Start the VPS in repair mode when a VPS is broken and does not boot.

-> Embedded SSH Client: Connect via integrated SSH client to the VPS.

* VPS Re-install: Reinstall the VPS from scratch, either saving or discarding existing files.

* VPS Actions Log: View the VPS actions log to monitor resource shortage alerts and various VPS events

* VPS Resources: Shows package name, Additional Information, CPU Usage with graphic, System Usage with Graphic, Disk Usage and Network Usage. By pressing the Extended button you will get a more detailed CPU Parameters, Disk Quota, and UBCs.

* File Manager: Lets you see the files on your VPS.

* Change Password: You can use this option to change the VPS Password.

* System Services: Shows the running applications.

* System Processes: Shows running application/processes. Lets you see CPU%, Mem%, the command and PID.

* Status Changes: Shows the VPS changes such as restarts, stops, locked, etc.

* Actions Log: Shows a list of actions, both running and already finished.

* QoS Alerts: This will be the first thing that is going to tell you when a problem occurs.

How to access Virtuozzo?

VZPP is accessible via 4643 port. For example: If your main VPS Container IP 192.168.1.121,

Users can access VZPP in the following manner – https://192.168.1.121:4643

username: root

password: your_current_root_password

Plesk – Cannot FTP to a domain after its physical hosting has been recreated

1. Physical hosting on a domain had been removed.

2. Then it was recreated using the same FTP user name.

3. After that it’s impossible to login by ftp to the domain, the FTP server returns an error:

530 User fp1 cannot log in, home directory inaccessible.
CAUSE
IIS cache causes this problem.
RESOLUTION
Here is two possible ways to resolve:

1. Clean up IIS FTP service cache. To reset FTP cache restart IIS FTP service

net stop MSFTPSvc
net start MSFTPSvc

2. Disable IIS FTP cache. To completely disable caching set the following parameter:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters\DisableMemoryCache DWORD 1

Plesk : FTP error “home directory inaccessible”

Login to domain.com via FTP fails for all users. The following error message is displayed:

Cannot log in, home directory inaccessible

CAUSE

There could be several reasons:

1. This happens if the host name is longer than 15 symbols.

2. Domain resolves to a different IP then the one it has been configured for in Plesk.

3. FTP server configuration is broken.

RESOLUTION

1. To change the host name right-click the My Computer icon, choose Properties. Select Computer Name tab then click Change button. Specify the computer name as desired and click OK. When done, restart your computer.

2. Please check if domain.com resolves to the same IP it has been configured for in Plesk. You can use the following command :

nslookup yourdomain.com

The returned IP should be tha same as the one configured in Plesk for the domain.

3. If the name of your server is shorter than 15 symbols and domain resolves to the proper IP it could mean that something is broken in FTP configuration.

You should follow the steps below to fix the issue:

a. Repair permissions on home folders of problem domains. It can be done using the Control Panel:

Plesk , domains, mark problem domain, Click on Check permissions

b. Re-configure FTP configuration using Plesk command line tool ftpmng.exe as follows:

"%plesk_bin%\ftpmng.exe" --remove-vhost --vhost-name=yourdomain.com
"%plesk_bin%\ftpmng.exe" --reconfigure-vhost --vhost-name=yourdomain.com

c. If this issue happens to every domain you can repair FTP configuration for all domains using commands as below:

"%plesk_bin%\ftpmng.exe" --remove-all "%plesk_bin%\ftpmng.exe" --reconfigure-all

rndc: the key is invalid

Problem:

———
Issue:
———
While starting named, or when running /etc/rc.d/init.d/named status, you get the following error:
rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.


Solution:

——-
Fix:
——-

Run rndc-confgen.
running rndc-confgen would ouput something like this:
# Start of rndc.conf
key “rndc-key” {
algorithm hmac-md5;
secret “lYzcmf255w8BC6PHTSYCQA==”;
};

options {
default-key “rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key “rndc-key” {
# algorithm hmac-md5;
# secret “lYzcmf255w8BC6PHTSYCQA==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { “rndc-key”; };
# };
# End of named.conf

do as mentioned in the output, that is, copy the rndc.conf part to /etc/rndc.conf (of course, remove all the existing entries)
in /etc/named.conf, remove the existing key and controls section, and paste the one from the output of rndc-confgen.
restart named (/etc/rc.d/init.d/named restart).
This fixes the issue

Upgrade WHM / cPanel Linux server to EDGE Virtuozzo Optimized release

Q. How do I upgrade my CentOS Linux 5.0 dedicated server to WHM / cPanel edge release?

A. You can upgrade to EDGE release from WHM manager. Please 
note that Edge is the bleeding edge tree. While it has the newest features; It has undergone the
least amount of testing (if any). You generally shouldn't run this build unless you need a bug fix
or feature in it. Once an equivalent CURRENT or RELEASE build has been released, you should switch away from this.
 

Configure EDGE upgrade

a] Just login to WHM b] Look for Server Configuration c] Click on Update Config d] Set cPanel/WHM Updates option to Manual Updates Only (bleeding EDGE tree) Upgrade WHM / cPanel Linux server to EDGE release e] Click on Save.  

To start upgrade procedure

Look for cPanel Click on Upgrade to Latest Version Click on Click Upgrade button

Edge upgrade from a shell or command prompt

Login as the root via ssh. Edit /etc/cpupdate.conf file: # vi /etc/cpupdate.conf Find line CPANEL=stable Replace with: CPANEL=manual-edge Save and close the file. Now update to edge: # /scripts/upcp -- force

 

semget: No space left on device

This relates to semaphores on your system (you’ve run out). Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

For cPanel servers :

ipcs | grep nobody | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

 

Finally restart Apache :

/etc/init.d/httpd restart

Or 
service httpd restart

 

 

Setting Private name servers in Cpanel / WHM

If you want your own name server such as ns1.linuxbabu.net, ns2.linuxbabu.net

Please follow the below steps to setup your own nameservers.

Step 1. Log into your domain manager account, via your domain registrar’s web site
(i.e. www.godaddy.com , www.enom.com , …)

Step 2: You will need to name your DNS server and insert a valid ip that is bound to your server. This will cause your server to get “mapped” on the Internet as being an operational DNS server.

For this example, my domain name is ‘linuxbabu.net’ and the IP’s bound to my server are “75.126.196.138” (Primary IP) and “75.126.196.152” (Secondary IP). I will be using the hostname ‘ns1.linuxbabu.net’ bound to the “75.126.196.138” IP, and ‘ns2.linuxbabu.net’ bound to the “75.126.196.152” IP.

Note : The hostname ‘ns1.linuxbabu.net’ and ‘ns2.linuxbabu.net’ are not mandatory. You can use any name along with your domain name. The name ‘ns1’ is simply easy to remember for both the sys admin, and the customer.

Step 3: The last step is to basically say which DNS server is authorized to resolve the domain ‘linuxbabu.net’ to an IP. We will have to input the hostnames that we specified in step 2, which are: ‘ns1.linuxbabu.net’ and ‘ns2.linuxbabu.net’.

Note: If you wish to use your DNS server to resolve other domains besides ‘linuxbabu.net’ you should repeat only step 3, which is basically telling your domain registrar who is the authoritative DNS server for the domain.

Part 2: cPanel DNS Configuration

Now that we’ve established our DNS Internet Awareness through our domain registrar, we will have to configure cPanel to finalize our settings

Step 1. Login to your whm https://75.126.196.138:2087/ and then Main >> DNS Functions >> Add a DNS Zone

ns1.linuxbabu.net 75.126.196.138
ns2.linuxbabu.net 75.126.196.152

=============

Main >> Server Configuration >> Basic cPanel/WHM Setup

Primary Nameserver & Secondary Nameserver

Click on “Assign Ip Address”

If it does not assign the right ip address then login to the server through ssh

edit
/etc/nameserversip

===================================

nano /etc/nameserverips

192.168.1.1=0
192.168.1.2=0
192.168.1.3=0

Change to

192.168.1.1=ns1.linuxbabu.net
192.168.1.2=ns2.linuxbabu.net

====================================

once the correct Ip are assigned to name servers

Click on “add A entery for this name server”

This will the A entry for nameservers.

================================

Check the nameservers IP

Main >> Networking Setup >> Nameserver IPs

It should showup the correct nameservers and their IPs

============
Ip Nameserver
192.168.1.1 ns1.linuxbabu.net
192.168.1.2 ns2.linuxbabu.net
============

Known Issue : When I try to edit my nameserver IPs, two nameservers keep showing up even though I keep manually deleting them from /etc/nameserverips and restarting named. ns1.linuxbabu.net and ns2.linuxbabu.net always keep taking up my first two IP addresses, and I have never added these domains.

Fix :
From WHM Main >> Server Configuration >> Tweak Settings select the option “Disable whois lookups for the nameserver IP manager.” and reconfigure the NS and you are done.

How do I view what exim is doing?

Exim comes with a utility called ‘exiwhat’ which will display what each instance of exim is currently involved with. The output will look similar to this:

root@server [~]# exiwhat
2118 daemon: -q1h, listening for SMTP on port 25 (IPv4)
2130 daemon: no queue runs, listening for SMTPS on port 465 (IPv4)
31640 handling incoming connection from [1.2.3.4]

Also, to monitor the exim log in realtime, you may use the tail command thusly:

tail -f /var/log/exim_mainlg