• Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif


    [Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication [Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line [Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib It actually gives us a good clue that at last one component of our cert is invalid/improperl........
  • How To Upgrade Debian 8,9,10 to Debian 12 Bookworm


    Step 1.) Upgrade to Debian 11 first The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful. Step 2.) Update sources.list Update your /etc/apt/sources.list like this: deb http://........
  • How To Setup Python3 in Ubuntu Docker Image for AI Deep Learning


    The issue is that Docker images are stripped down, so many tools and even python3 is missing, so you'll have to build or update the actual image yourself. I assume you have started an image with something like this and that you have the Nvidia Toolkit installed (assuming you are using GPUs). If you're not using nvidia just remove --runtime=nvidia --gpus all. docker run -it --runtime=nvidia --gpus all ubuntu bash These works for most images li........
  • debootstrap how to install Ubuntu, Mint, Debian install


    In this example we install debian 10 with --variant=minbase which gives us a minimal/tiny install. Don't use variant if you want the full size install. mkdir /tmp/deb10files debootstrap --variant=minbase buster /tmp/deb10files/ Did you get an error? debootstrap --variant=minbase buster /home/theuser/VMs/deb10files/ You'll get this error if you make a directory in your home........
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox


    This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory. Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage. One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication


    Why choose OpenVPN instead of a firewall appliance? OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time. When comparing OpenVPN with traditional firewal........
  • HongKong VPS Server, Cloud, Dedicated Server, Co-Location, Datacenter The Best Guide on Hong Kong, China Internet IT/Computing


    In our 2024 VPS Server/Cloud Buyer's Guide, we place the location of your VPS/hosting/server as one of the priorities that is often overlooked. 2024 Update - Datacent........
  • How To Install OpenProject on Centos 7 Step-by-Step Guide


    There are a few caveats that may not be obvious to everyone so I am going to cover them here but keep this in mind before starting. Before starting install epel or you will be missing tesseract: yum -y install epel-release #1) When you specify your SSL certificate with a full path, it really needs to exist where you tell it to (including the default location of /etc/ssl/certs and /etc/ssl/c........
  • How To Use Letsencrypt SSL/TLS Encryption to Create Certificates without installing on the target machine


    For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server. There is a way to use it like a normal CSR/CA setup in manual mode. ./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com   Eventually you will get prompted to create a certain path and file with certain data: Create a file containing just this data: Casdfasfadsfsad........
  • letsencrypt certbot error "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80."


    ./certbot-auto --apache certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com Obtaining a new certificate Performing the following challenges: http-01 challenge for yourdomain.com Cleaning........
  • VMWare ESXi 6.7 SSH/PowerShell CLI Commands


    [root@localhost:~] BootModuleConfig.sh echo host-ind nfcd........
  • [warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive


    [root@thetor2017 conf]# service httpd restart Stopping httpd: [ OK ] Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers, lowering MaxClients to 300. To increase........
  • OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror


    Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled: cat /sys/module/kvm_intel/parameters/nested Y cat /sys/module/kvm_intel/parameters/ept Y OVF Tool: Disk progress: 99% OVF Tool: Transfer Completed OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance- OVF Tool: Task p........
  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
  • Cannot create gradle for conversations


    The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location. Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error export ANDROID_HOME=/home/user/Downloads/tools/ Conversations-master$ ./gradlew Downloading https://services.gradle.org/distributions/grad........
  • Installing SSL Certificate with Chain Intermediary CA File


    Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!). In the Apache vhost conf for the domain here is what you add: SSLCACertificateFile /path/to/your/cafile.pem Here is a full example of an SSL Vhost config in Apache using a CA Certificate file ........
  • M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua


    You are using Centos 5 which is deprecated so nothing in yum will work until you follow this post to use the vault: http://realtechtalk.com/Centos_59_Working_Vault_Repo_file-1921-articles yum update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * epel: fedora-archive.ip-connect.vn.ua Traceback........
  • [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Err


    [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error........
  • Apache SSL very slow response with Firefox Freezes/Loads Very slow when checking self-signed SSL certificate


    I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP. I tried everything but nothing helped. One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server). When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze. This bu........
  • [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution


    Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key How can you fix it and do it properly? Step 1.) Make a new Private KeyCreate server pass key:........
  • How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks


    This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........
  • Centos 5 OpenSSL does not support TLS 1.2 Apache Error


    [Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down [Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert' [Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled [Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
  • CPanel SNI error


    Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate.........
  • Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch


    [Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
  • Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


    Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again You have to upgrade the ca-certs for epel but need to disable it before that can happen. yum upgrade ca-certificates --disablerepo=epel........
  • cPanel How to set SSL and Dedicated IP in cPanel


    Account Functions -> Change Site's IP Address Choose the domain and then click "Change" Choose the new IP 1.) Setup SSL Certificate in cPanel Click on "SSL/TLS Manager" under the "Security" section. 2.) Under " Private Keys (KEY)" Click "Generate, view, upload, or delete your private keys." Choose "Key Size: 4096........
  • Apache SNI is not needed what is the issue?


    Iread this article and still don't understand the issue. If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate. http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :) [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! B........
  • "Cannot load certificate file keys/server.crt: error:0906D06C:PEM" OpenVPN Solution


    Cannot load certificate file keys/server.crt: error:0906D06C:PEM The .crt is blank empty because when generating it I kept hitting enter for the defaults and this caused the crt not to be signed. Certificate is to be certified until Dec 18 00:35:49 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y So if you get messages like these, a........
  • CPanel error: "Your SSL certificate failed to install on your site."


    This error in my experience is user error although CPanel doesn't help, this message doesn't give you much to go on. Let's talk more about the process of setting up SSL with CPanel. Your site must have a dedicated/non-shared IP to even have the option of creating an SSL Certificate. You must create a Private Key (do not delete this private key!) You must create a CSR (Certificate Signing Request) Use CSR to create cert........
  • Error code: sec_error_unknown_issuer Solution Valid SSL Certificate Throwing Error in Firefox


    So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error. This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
  • Directadmin Enable SSL


    It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel. Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds: *setup SSL openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes That creates the public certificate and private key pair in the location Directadmin expects to fi........
  • PayPal Solution - Error Detected Error Message We were unable to decrypt the certificate id. We were unable to decrypt the certificate id.


    Error Detected........
  • Dovecot Enable SSL/TLS with your certificate


    Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols) =================== Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Edit /etc/dovecot.conf ssl_cert_file = /etc/mailssl/server.crt s........
  • Postfix Enable SSL/TLS with your certificate


    Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Postfix SSL config Edit /etc/postfix/main.cf: #SSL stuff smtpd_tls_cert_file = /etc/mailssl/server.crt smtpd_tls_key_file = /etc/mailssl/server.key To make smtps w........
  • Installing Webmin & Enabling SSL


    Webmin Setup Centos 5: wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet [1] 24229 [2] 24230 [root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html Resolving downloads.sourceforge.net... 216.34.181.........
  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 * Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........
  • FUSE/Curlftpfs mount ftp account as drive partition in Linux


    This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc.. Name curlftpfs - mount a ftp host as a local directory Synopsis........
  • cPanel complaint - No Shared SSL! cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9


    I've recently used CPanel on the admin side for the first time and have to say I hate it. Everything from the layout to the functionality screams "hackish". It just lacks so many common sense features and way of working. I was never 100% impressed with Plesk but the basics were definitely laid out and done in a sensible manner, even though it is made by a Russian company, they definitely thought about how to make a Control Panel. I have no idea why people........
  • Apache/Mod_SSL not serving the right/expected certificate?


    There is actually by default a "Default SSL" vhost that can mess things up for you and can cause surprising and unexpected results. Default Apache SSL Cert in /etc/httpd/conf.d/ssl.conf there is a default SSL Virtual Host which screws things up by offering itself instead of the SSL cert I specify in my own vhosts........
  • Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian


    Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
  • Latest Articles

  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX in Linux Debian Ubuntu Mint Guide
  • How To Install Cisco's CUCM (Cisco Unified Communication Manager) 12 Guide
  • Linux Ubuntu Redhat How To Extract Images from PDF
  • Linux and Windows Dual Boot Issue NIC Won't work After Booting Windows
  • Cisco CME How To Enable ACD hunt groups
  • How to install gns3 on Linux Ubuntu Mint
  • How to convert audio for Asterisk .wav format
  • Using Cisco CME Router with Asterisk as a dial-peer
  • Cisco CME How To Configure SIP Trunk VOIP
  • Virtualbox host Only Network Error Failed to save host network interface parameter - Cannot change gateway IP of host only network
  • Cisco CME and C7200 Router Testing and Learning Environment on Ubuntu 20+ Setup Tutorial Guide
  • Abusive IP ranges blacklist
  • How to Install Any OS on a Physical Drive from Windows Using VMware Workstation (Linux, Windows, BSD)
  • CDN Cloudflare how to set and preserve the real IP of the client without modifying application code on Apache
  • CentOS 7 fix Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was 14: curl#6 -
  • Ubuntu Debian How To Install Recommended Packages Automatically
  • How to set Linux Ubuntu Redhat Debian Command Line http https socks proxy for yum apt