Certificate fails - Segmentation fault (core dumped)


#1

I have tried running the admin-ahead plugin in WHM and get an error

Preparing to install SSL certificates for mydomain.com
Installing the retrieved certificates for mydomain.com
[FAILED] SSL Retrieval failed

The script it is running is

/root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email myemail@gmail.com certonly --renew-by-default --webroot --webroot-path /home/thenoob/public_html -d mydomain.com

If I run that at CLI there is an error > Segmentation fault (core dumped)

-# uname -a
Linux host.mydomain.com 3.2.69-81.art.x86_64 #1 SMP Wed Jul 15 23:07:24 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

I have created certificates in the past. The only thing I know that is different is that the server now has the Atomic Secured Linux (ASL) kernel as denoted by the .art above.

Any idea what the problem might be? Thanks in advance


#2

Hi @123host, do you get a corefile as a result of the (Core dumped) message? If not, can you increase the corefile size limit via something like ulimit -c 10000000 and try the operation again?

Segmentation faults typically occur in native rather than interpreted code; in the case of the Let’s Encrypt client, that’s probably one of the cryptography libraries that we use, and you may have somehow found a bug in one of them.


#3

Thanks Schoen,

I changed the corefile size to unlimited and when I ran the script it did an upgrade of lets-encrypt from 0.5.0 to 0.6.0

It didn’t work again, and now I receive an additional message

2016-05-13 09:39:22,171:WARNING:certbot.cli:You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. We recommend upgrading to the latest certbot-auto script, or using native OS packages.

I am working on finding where the core file is :o)


#5

Thanks for looking into this and I have gone with a different solution that works. https://letsencrypt-for-cpanel.com/


#6

I’m glad you found a solution that works for you, @123host. Maybe we can find an ASL machine to test on to see if we can reproduce the problem.


#7

@schoen if you are looking for a server and your tests won’t disrupt mine, I’d consider some sort of support for you as thanks for this great service. Contact me via the email on my account.


#8

@123host, someone else has suggested to me that ASL is preventing programs from taking certain actions by default, so it might not actually be a bug.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.