Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
[Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line
[Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
It actually gives us a good clue that at last one component of our cert is invalid/improperl........
How to kill a docker swarm
Assign way more replicas than you have of memory on all nodes and watch the Swarm crash which can easily reproduce in a small VMfor testing.
root@Deb11Docker01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAM........
[error] (28)No space left on device: Cannot create SSLMutex Apache Solution Linux CentOS Ubuntu Debian Mint
Have you got this error from Apache?
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[error] (28)No space left on device: Cannot create SSLMutex
At first glance it appears that you may be out of disk space but the issue is ipc or interprocess communication.
This will clear out the ipcs processes so things can work, this often happens during high traffic and may be a sign of DDOS.
The command below will fix it, it will list al........
How To Upgrade Debian 8,9,10 to Debian 12 Bookworm
Step 1.) Upgrade to Debian 11 first
The process to go to Debian 12 is not as smooth as 11, when trying to upgrade from Debian 10. In fact, it doesn't work directly, so you'll first need to follow this guide to update to Debian 11, reboot and come back here if successful.
Step 2.) Update sources.list
Update your /etc/apt/sources.list like this:
deb http://........
apache2 httpd apache server will not start [pid 22449:tid 139972160445760] AH00052: child pid 23248 exit signal Aborted (6) solution Mint Debian Ubuntu Redhat
If you get this error, it is often because you have configured Apache with modules that weren't actually installed. Eg. you try to load the PHPmodule but didn't actually install the apache2 php module, so the server can't start. In general, this error can often be caused by issues with problematic modules and/or Apache being configured for modules that have not actually be installed (eg. libapache2-mod-php) is missing.
The above results in this less than obv........
How To Setup Python3 in Ubuntu Docker Image for AI Deep Learning
The issue is that Docker images are stripped down, so many tools and even python3 is missing, so you'll have to build or update the actual image yourself.
I assume you have started an image with something like this and that you have the Nvidia Toolkit installed (assuming you are using GPUs). If you're not using nvidia just remove --runtime=nvidia --gpus all.
docker run -it --runtime=nvidia --gpus all ubuntu bash
These works for most images li........
How to Configure NVIDIA GPUs with Docker on Ubuntu: A Comprehensive Guide for AI Deep Learning CUDA Solution
Welcome to our in-depth guide on configuring NVIDIA GPUs with Docker on Ubuntu. This post is tailored for developers, data scientists, and IT professionals who are looking to leverage the power of NVIDIA's GPU acceleration within Docker containers.
Whether you're working on machine lea........
How to upgrade to the latest Python version on Linux Ubuntu Debian Mint 3.11
A lot of developers want to go to 3.11 because of the speed improvements, but most distros never have the latest Python version.
Using the deadsnakes third party repo is the easiest way aside from compiling it yourself (which is safer and recommended):
Step 1 - Add the repo
apt-add-repository ppa:deadsnakes/ppa
If you get an error about requests then install it:........
How to install and configure haproxy on Linux Ubuntu Debian
haproxy is one of the best known and widely used Open Source load balancers out there and a strong competitor to nginx.
haproxy is used by many large sites per Wikipedia:
HAProxy is used by a number of high-profile websites including GoDaddy, GitHub,........
debootstrap how to install Ubuntu, Mint, Debian install
In this example we install debian 10 with --variant=minbase which gives us a minimal/tiny install. Don't use variant if you want the full size install.
mkdir /tmp/deb10files
debootstrap --variant=minbase buster /tmp/deb10files/
Did you get an error?
debootstrap --variant=minbase buster /home/theuser/VMs/deb10files/
You'll get this error if you make a directory in your home........
How To Upgrade Linux Mint 18.2 to 18.3 to 19.x and 20.x
Linux Mint offers an easy and painless upgrade path through the last 3 versions, which means no more reinstalling to stay current with the latest version.
The only catch is that you need the latest of each version, so for 18, you need 18.3 before you can go to 19, and then 19.3 (or latest), until you go to 20. However, it's really a small price to pay and on the machines we've tested, the upgrade went seamlessly each time (although sometimes video drivers/custom kernel modules l........
GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory.
Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage.
One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
ssh-keygen id_rsa private key howto remove the passphrase so no password is required and no encryption is used
The key is that you need to know the passphrase to do it, if you don't know the password for the key then you can't remove the key since it cannot be decrypted.
ssh-keygen is the easiest method and openssl can be used to manually remove the key and output it to a new file, which you can then copy back over top of the encrypted file.
After that your public key authentication will work without any password prompt because it is no longer encrypted. Make sure you understand........
Linux how to compile binary with static sharedobjects embedded instead of dynamic to use on multi-distributions and avoid glibc compatiblity issues
One simple flag to configure will create a makefile that statically links all the shared objects and embeds them instead the binary execute. This means as long as you have the same architecture that things should run.
Eg. if you have an old version of Debian with a different version of glibc, then this will solve that problem.
./configure LDFLAGS="-static"
To test that it is really statically linked run ldd:
ldd src/wget........
How To Replace Audio Track of Video using ffmpeg
A very common use case is that you don't want to waste time using a video editor that requires you to open it up and manually import the video clip and audio clip, then manually delete the old audio track and import the video and new audio. That's too much work and time since we don't want to go through the hassle.
ffmpeg is our solution, all we have to do is specify 3 variables and we're done!
-i Windows2019-Server-Noaudio.mp4 is our in........
How To Password Reset, Recover, Bypass, Remove and Unlock on Windows 10,8,7,Vista,XP,NT,2000,2003,2008,2012,2016,2019 Administrative Login Programs
If you've come here, don't be embarraassed, working in IT, this is the MOST common computer problem that almost everyone will encounter. The reason why I'm doing this post is because I've seen an increase from colleagues and admins having this problem and many times it's not even your fault. A common scenario is that someone acquires a new or used computer which they weren't given the password for. Fortunately Ihave a detailed list of all the options whether free or pa........
How To Get Started on Ubuntu with gpt-2 OpenAI Text Prediction
apt install software-properties-common
add-apt-repository ppa:deadsnakes/ppa
apt update
apt install python3-pip
apt install python3.7 curl gnupg python3.7-dev git
ln -s /usr/bin/python3.7 /usr/bin/python3
pip3 install numpy keras_preprocessing
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel........
How To Install NextCloud on Centos 7 and Centos 8
yum -y install wget unzip
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip
unzip nextcloud-18.0.2.zip
yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server
Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT.
Dependencies resolved.
===================================================================........
How To Install OpenProject on Centos 7 Step-by-Step Guide
There are a few caveats that may not be obvious to everyone so I am going to cover them here but keep this in mind before starting.
Before starting install epel or you will be missing tesseract:
yum -y install epel-release
#1) When you specify your SSL certificate with a full path, it really needs to exist where you tell it to (including the default location of /etc/ssl/certs and /etc/ssl/c........
httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/libphp5.so into server: /lib64/libresolv.so.2: symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.s
httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load modules/libphp5.so into server: /lib64/libresolv.so.2: symbol __h_errno, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference
This is usually caused by a mismatch in OpenSSLversion. Interestingly enough a lot of times if it has happened during an update of your system, or after, usually just restarting httpd........
Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
It is really simple using .htaccess with mod_rewrite.
Here is all you need:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://site.com/$1 [R=301,L]
Another more graceful way is to use the %{SERVER_NAME}variable to make it dynamic. Just be careful that the server name will always match what you expect. (eg. if you are doing load balancing or clustering what if the server name may be somethi........
How To Use Letsencrypt SSL/TLS Encryption to Create Certificates without installing on the target machine
For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server.
There is a way to use it like a normal CSR/CA setup in manual mode.
./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com
Eventually you will get prompted to create a certain path and file with certain data:
Create a file containing just this data:
Casdfasfadsfsad........
Firefox An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT Solution
An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
**Solution**
Go to about:config........
VMWare ESXi 6.7 SSH/PowerShell CLI Commands
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
VMWare Vsphere VCSA Graphical Install Creates json
yes it does create its own json
============================================
cat /tmp/vcsaUiInstaller/ovftool-20180809-175238948-20180809-175603497.log |grep -i json
2018-08-09T17:56:04.238-07:00 verbose OVFTool[30966] [Originator@6876 sub=Default] Manifest file entry: SHA1(VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10-file1.json) = 1deb658c724767697587d5909c4051c01813e6a1
--> ........
Debian Mint Ubuntu compiling xmr-stak
sudo apt-get install libcurl4-openssl-dev git build-essential autotools-dev autoconf libcurl3
sudo apt-get install libcurl4-gnutls-dev
git clone https://github.com/wolf9466/cpuminer-multi
sudo apt-get install cmake libpthread-* libmicrohttpd-dev libssl-dev libhwloc-dev
git clone https://github.com/fireice-uk/xmr-stak-cpu.git
make install
cd bin
chmod +x xmr-stak-cpu
./xmr-stak -O xmr........
[warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive
[root@thetor2017 conf]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers,
lowering MaxClients to 300. To increase........
linux mint image convert menu option missing solution
Ialready have the caja-image-converter option installed but it shows nothing.
Weirdly enough if you install nemo and nautilus converter it does show and work inside caja:
The solution is to install *-image-converter
sudo apt-get install *-image-converter
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'n........
OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror
Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled:
cat /sys/module/kvm_intel/parameters/nested
Y
cat /sys/module/kvm_intel/parameters/ept
Y
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
OVF Tool: Task p........
VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI
#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path
#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64
#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
Cannot create gradle for conversations
The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location.
Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
export ANDROID_HOME=/home/user/Downloads/tools/
Conversations-master$ ./gradlew
Downloading https://services.gradle.org/distributions/grad........
Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) Dovecot Solution
This happens because Dovecot limits the maximum IMAPconnections per IPto just 10. This may be fine for a single client side IPbut if an entire office or multiple users are behind one IPor a single heavy user is active then you will get bizarre errors in your e-mail clients such as "Password Incorrect" or similar in Thunderbird. It won't be obvious on the client side as to what the problem is and they will probably just think the server is misconfi........
curl: (35) Unknown SSL protocol error in connection Solution Centos
curl: (35) Unknown SSL protocol error in connection
The main solution is to update curl and nss. If you are having an issue with curl through Apache/PHPyou will need to restart PHPafter.
It's important to remember that this error could mean a lot of things but most often it simply means that curl and openssl may be outdated and only allow newer secure ways of connecting to SSL.
In general here is how you would fix it in most c........
Installing SSL Certificate with Chain Intermediary CA File
Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).
In the Apache vhost conf for the domain here is what you add:
SSLCACertificateFile /path/to/your/cafile.pem
Here is a full example of an SSL Vhost config in Apache using a CA Certificate file
........
Unable to load dynamic library /usr/lib64/php/modules/php_openssl
Unable to load dynamic library '/usr/lib64/php/modules/php_openssl'
not sure how to fix this........
M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua
You are using Centos 5 which is deprecated so nothing in yum will work until you follow this post to use the vault:
http://realtechtalk.com/Centos_59_Working_Vault_Repo_file-1921-articles
yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: fedora-archive.ip-connect.vn.ua
Traceback........
[Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Err
[Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt
[Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error........
/usr/bin/ld: cannot find -lboost_system-mt-s /usr/bin/ld: cannot find -lboost_filesystem-mt-s /usr/bin/ld: cannot find -lboost_program_options-mt-s /usr/bin/ld: cannot find -lboost_thread-mt-s collect2: error: ld returned 1 exit status make: *** [cag
cagecoin linux compile:
sudo apt-get install qt4-qmake libqt4-dev build-essential libboost-dev libboost-system-dev
libboost-filesystem-dev libboost-program-options-dev libboost-thread-dev
libssl-dev libdb++-dev libminiupnpc-dev
Solution:
sed -i s/"BOOST_LIB_SUFFIX=-mt-s"/"#BOOST_LIB_SU........
ffmpeg Linux Mint download, compile and install howto
#if you have nvidia make sure you install the nvidia-cuda-toolkit so hardware acceleration can be used
wget http://ffmpeg.org/releases/ffmpeg-3.3.2.tar.bz2
tar -jxvf ffmpeg-3.3.2.tar.bz2
cd ffmpeg-3.3.2/
./configure --disable-yasm
install prefix /usr/local
source path ........
Centos 7 Cudaminer Nvidia setup guide
I am using a GTX 1060 but replace the download for the driver with the correct/current version for your particular card by visiting: http://www.nvidia.com/Download/index.aspx?lang=en-us
yum install automake curl openssl-devel libcurl-devel gcc gcc-c++
yum -y install kernel-devel-`uname -r`
yum -y install unzip
#the........
Apache SSL very slow response with Firefox Freezes/Loads Very slow when checking self-signed SSL certificate
I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP. I tried everything but nothing helped. One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server).
When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze. This bu........
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution
Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
How can you fix it and do it properly?
Step 1.) Make a new Private KeyCreate server pass key:........
ssh forward multiple ports in the same connection and command even works with NAT!
You can actually just pass multiple "-L" statements to achieve this.
An example is as below:
ssl -L 80:192.168.10.5:80 -L443:192.168.10.5:443 -L2068:192.168.10.5:2068 -L 8192:192.168.10.5:8192 user@remotehost.com
The above essentially is saying forward ports 80,443,2068,8192 to the remote IPof 192.168.10.5 (even though it is behind NAT). Essentially SSH will do the NAT part even if the........
How to create openssl md5 password hash to use in /etc/shadow using bash
Very useful in embedded and other non-standard deployments. The above makes a random salt of 14 random characters from /dev/urandom (you can change the -14 to whatever number of characters you want for your salt).
openssl passwd -1 -salt `< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-14};echo;` YourPassword
Output:
$1$eW-ScuyL$f/iKMJ5mbJ..7bSzvX6EO0
How To Create Password Has........
Avocent DSR8020 KVM/IP - Network Connect Error - Solution
This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it.
1. Java Security/TLS Settings issue:
This article has the solution to change them all in Linux automatically
2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks
This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually.
So your e-mail/web client will show you an SHA-1 fingerprint like this:
"Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain.
It will also show you........
Centos 5 OpenSSL does not support TLS 1.2 Apache Error
[Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down
[Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert'
[Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled
[Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME
Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker.
Use the following setings in /etc/httpd/conf.d/ssl.conf
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
astrachat connection problems in Android 5.01 Lollipop
I wanted to use Astrachat because it seems to be the only app that has video, pic and file sharing for Jabber butI cannot even connect despite any other client working fine including Xabber and others.
astrachat "Oops.. We can't connect to the account that you provide above. Please recheck your account detail".
Unfortunately to make it worse there doesn't seem to be any error log or more details about the issue.
The jab........
sed how to avoid escaping
sed gets to be a pain and a real mess and is hard to read and understand when you have to escape things like / etc.
Idid not realize until recently that you don't need to use / as a separator, you can use virtually any non letter or number character.
Eg we have used # as the separator to avoid having to escape the forward slashes and in this way the command is plain, easy to understand, edit and saves time/hassle without the need for escaping.
sed -i s#http........
Centos and obfsproxy install errors
pip install obfsproxy
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 7.1.0, however version 8.1.1 i........
curl: (35) SSL connect error solution
curl -k https://somesite.org
curl: (35) SSL connect error
The site used to work until I got a new SSL cert
Updating curl with (yum -y install curl) made it work again.
........
Apache SSL Reverse Proxy Very Slow Solution
This is a simple fix but not a simple problem and it still doesn't make sense to me.
But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.
It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long). Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.........
esniper error on Linux Mint 17.2 Debian/Ubuntu: Cannot connect to URL : SSL connect error: gnutls_handshake() failed: Illegal parameter Retrying... esniper encountered a bug. It looks like your esniper version is not current. You have version 2.28
Auction 262382440107: Cannot connect to URL : SSL connect error: gnutls_handshake() failed: Illegal parameter
Retrying...
esniper encountered a bug. It looks like your esniper version is not
current. You have version 2.28.0, the newest version is 2.31.0.
Please go to http://esniper.sf.net/ and update your copy of esniper.........
Apache Vhost HowTo Serve Same Content using a different domain and IP
There are a few ways of doing this and all basically involve using the reverse proxy or "ProxyPass" feature of Apache to accomplish it.
1.) Create a normal vhost and simply symlink the root directory of the site you want to mirror.
Eg. originalsite.com and newsite.com
/vhosts/originalsite.com/httpdocs
You would symlink like this:
ln -s /vhosts/originalsite.com/httpdocs vhosts/originalsite.com/........
Force SSL for all URLs Apache htaccess modrewrite
The best way is as below in .htaccess using modrewrite, any request that is not SSL will be redirected to https://domain.com and the exact same URL
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]........
Avocent 8020 KVM Java Icedtea Viewer
This command in Debian/Ubuntu/Mint will get everything need installed for most Java based KVM viewers:
sudo apt install icedtea-netx
The following additional packages will be installed:
ca-certificates-java icedtea-netx-common openjdk-8-jre openjdk-8-jre-headless
It seems every other updated version of Java or Icedtea breaks things and I will save the frustration of Java for another post.........
CPanel SNI error
Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate.........
openvz yum problem Centos 6.5 cannot find file on mirror:
#solution
Edit /etc/yum.repos.d/openvz.repo
For the first two entries comment out #mirrorlist and uncomment #baseurl and then it worked
openvz yum problem Centos 6.5 cannot find file on mirror:
yum update
Loaded plugins: fastestmirror
Determining fastest mirrors
* openvz-kernel-rhel6: mirrors.ustc.edu.cn
* openvz-utils: mirrors.ustc.edu.cn
base ........
Installing zoneminder on Ubuntu/Debian Linux Howto
sudo apt-get install zoneminder
[sudo] password for one:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libuser-perl python-evince kdebase-apps kwrite unixodbc
libgnomeprint2.2-data python-soappy vgabios python-metacity hddtemp
python-mediaprof........
Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key
[Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
The above is an accurate description of what is wrong.
In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
Error code: ssl_error_rx_record_too_long
An error occurred during a connection to site.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
When the above happens in our experience it is a misconfiguration of........
cPanel How to set SSL and Dedicated IP in cPanel
Account Functions -> Change Site's IP Address
Choose the domain and then click "Change"
Choose the new IP
1.) Setup SSL Certificate in cPanel
Click on "SSL/TLS Manager" under the "Security" section.
2.) Under " Private Keys (KEY)"
Click "Generate, view, upload, or delete your private keys."
Choose "Key Size: 4096........
Directadmin compile error solution cc: Internal error: Killed (program cc1)
cc: Internal error: Killed (program cc1)
Please submit a full bug report.
See for instructions.
make: *** [ext/fileinfo/libmagic/apprentice.lo] Error 1
make: *** Waiting for unfinished jobs....
Stopping crond: ........
Asterisk VOIP Sipura/Linksys PAP2T Calls Not Being Received Solution
This problem seemed to happen recently but was likely causing issues before where the phone(s) do not ring.
Now there are a few reasons why this can happen especially if your adapter has DND mode enabled (disable it).
However that wasn't my issue and Ionly figured it out the other day when by fluke if you're on the phone (making a call) then calls will come in.
That's when Ifigured out the solution:
This likely app........
yum Centos 386 and 64 bit conflict resolution
This can happen when you install RPMForge or other repos with the wrong architecture and here's how you fix it (simply uninstalling won't usually fix it):
solution
yum clean all
yum -y install openvpn
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: mirror.its.sfu.ca
* extras: centos.mirror.nexicom.net
* rpmforge: mirror.cpsc.ucalgary.ca
* up........
Directadmin Install Error Cannot find /usr/include/openssl/ssl.h. Did you run the pre-install commands?
Cannot find /usr/include/openssl/ssl.h.
Did you run the pre-install commands?
http://help.directadmin.com/item.php?id=354
yum -y install openssl*........
Apache SNI is not needed what is the issue?
Iread this article and still don't understand the issue.
If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
B........
Apache SSL Change Default SSL Vhost and Listening Port for SSL
vi /etc/httpd/conf.d/ssl.conf
Change the following from "Listen 443" to something like below
Listen 2243
Then find the SSLVirtual Host Context and edit like below (to your new listening port)
##
## SSL Virtual Host Context
##
........
postfix/dovecot Sent emails missing sometimes
On occassion and from a variety of networks and clients, Sent messages don't get saved.
I'm wondering if these log messages could be why:
May 3 14:16:39 mail.box postfix/smtpd[5195]: connect from 192.168.1.58
May 3 14:16:39 mail.box postfix/smtpd[5195]: SSL_accept error from 192.168.1.58: -1
May 3 14:16:39 mail.box postfix/smtpd[5195]: lost connection after CONNECT from 192.168.1.58
May 3 14:16:39 mail.box postfix/smtpd[5195]:........
SSH Can't Login/Hang
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
Directadmin Log File Locations
This is a handy link and list of all the relevant Directadmin log files and related servers.
http://help.directadmin.com/item.php?id=11
DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/system.log
/var/log/directadmin/security.log
Apache:........
Directadmin error/** Found 7 pre-existing rpmdb problem(s), 'yum check' output follows: e2fsprogs-devel-1.41.12-3.el6.i686 has missing requires of e2fsprogs-libs = ('0', '1.41.12', '3.el6') e2fsprogs-devel-1.41.12-3.el6.i686 has missing requires of l
Solution To The Following:
yum -y install zlib-devel
yum -y install e2fsprogs*
*** Cannot find /usr/include/et/com_err.h. (yum install libcom_err-devel) ***
Installation didn't pass, halting install.
Once requirements are met, run the following to continue the install:
cd /usr/local/directadmin/scripts
./install.sh
Common pre-install commands:
http://help.directadmin.com/it........
Thunderbird How-To Copy/Backup/Restore Accounts and Settings to Another Computer
The best way is to use rsync, I've set it up so it doesn't copy unnecessary files, or at least ones I'm sure aren't needed.
Here is the rsync command Iused (adapt to your specific Thunderbird profile location):
rsync -hazv user@remotehost.com:/home/user/.thunderbird/sbrer.default/* /home/user/.thunderbird/4nyb0.default/ --exclude=global* --exclude=Cache --exclude=ImapMail --exclude=Mail
This is a great way to get your e-mail accounts going on a new c........
CPanel error: "Your SSL certificate failed to install on your site."
This error in my experience is user error although CPanel doesn't help, this message doesn't give you much to go on.
Let's talk more about the process of setting up SSL with CPanel.
Your site must have a dedicated/non-shared IP to even have the option of creating an SSL Certificate.
You must create a Private Key (do not delete this private key!)
You must create a CSR (Certificate Signing Request)
Use CSR to create cert........
Error code: sec_error_unknown_issuer Solution Valid SSL Certificate Throwing Error in Firefox
So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error.
This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
Directadmin Enable SSL
It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel.
Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds:
*setup SSL
openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
That creates the public certificate and private key pair in the location Directadmin expects to fi........
How To Install CPanel
wget -N http://httpupdate.cpanel.net/latest;sh latest
That one command above will do it all (and it takes a long time to install/compile). After that you can access CPanel with your root login information by visiting https://yourdomain-or-ip.com:2087
I personally don't like CPanel (bloated, full of bugs, no shared SSL, difficult to use etc..)but I admit it's easier to install than........
Apache High CPU Usage Enable Mod_Status Guide Solution - Find Cause of High CPU Usage Script/Domain
mod_status is a great way to track down the source of high CPU usage and to find what vhost/script is the cause of it.
It gives you a live view of bandwith usage, CPU usage, and memory usage broken down by domain/vhost and script/URI.
Enable mod_status
vi /etc/httpd/conf/httpd.conf
ExtendedStatus On
SetHandler server-status
Order Deny,Allow
Deny from all
All........
monit example tutorial how to enable status checking and manipulation
You need to enable the httpd daemon with monit to actually view the status and control, it's not only for the web interface since the httpd is theONLY way of controlling monit and viewing the status.
monit monitor all will also reinstate disabled services if they've timed out too much. Just restarting the service will do nothing to re-monitor a service that monit has stopped monitoring due to too many failures.
*Also note that /etc/monit.conf i........
Directadmin DA Install Guide
yum -y install openssl* gcc-c++ gcc flex g++ make;wget http://www.directadmin.com/setup.sh;chmod +x ./setup.sh;./setup.sh
#enable SSL
/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
sed -i "s/SSL=0/SSL=1/g" /usr/local/dire........
Dovecot Enable SSL/TLS with your certificate
Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols)
===================
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Edit /etc/dovecot.conf
ssl_cert_file = /etc/mailssl/server.crt
s........
Postfix Enable SSL/TLS with your certificate
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Postfix SSL config
Edit /etc/postfix/main.cf:
#SSL stuff
smtpd_tls_cert_file = /etc/mailssl/server.crt
smtpd_tls_key_file = /etc/mailssl/server.key
To make smtps w........
Installing Webmin & Enabling SSL
Webmin Setup Centos 5:
wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet
[1] 24229
[2] 24230
[root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html
Resolving downloads.sourceforge.net... 216.34.181.........
SSH delay problem UseDNS and disabling GSSAPI does not help
The normal solution doesn't help or apply here:
ssh -v user@192.168.5.41
OpenSSH_4.3p2 Debian-9etch3, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.5.41 [192.168.5.41] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: i........
VMWare Server cannot connect to web interface SSL Handshake on client connection failed: SSL Exception
VMWare log: /var/log/vmware/hostd.log
SSL Handshake on client connection failed: SSL Exception
sudo /etc/init.d/vmware-mgmt restart
Stopping VMware management services:
VMware Virtual Infrastructure Web Access
VMware Server Host Agent&nb........
VMWare Server is on SSL port 8333
I'm mentioning this because I keep forgetting what port the management is on for the web interface (since newer releases of VMWare server took away the superior stand alone client).
So remember it is port 8333 and sometimes you need to restart vmware-mgmt service and also enable sslv2 in your Firefox or it won't connect.........
yum in Centos 5/Xen halts and exits suddenly
yum exits in the middle
The problem is this VPS seems to be an OpenVZ template from HyperVM. The only way to make it work was to disable i386 packages since this was an x64 kernel. That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two. I couldn't find any issue by checking the logs either.
echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk
L........
PHP CURL SSL won't work or connect
I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself).
* About to connect() to ip.ip.ip.ip port 25000
* Trying ip.ip.ip.ip... * connected
* Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000
* succes........
FUSE/Curlftpfs mount ftp account as drive partition in Linux
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
cPanel complaint - No Shared SSL! cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
I've recently used CPanel on the admin side for the first time and have to say I hate it. Everything from the layout to the functionality screams "hackish". It just lacks so many common sense features and way of working.
I was never 100% impressed with Plesk but the basics were definitely laid out and done in a sensible manner, even though it is made by a Russian company, they definitely thought about how to make a Control Panel.
I have no idea why people........
Gigabyte GA-H57M-USB3 Complaint Review/Comments
I'm not impressed with this motherboard, I was impressed with my Gigabyte AM3 board which seems to work flawlessly.
Everyone knows that the firmware is flawed, even though I have the F6, it still seems that the system doesn't reset properly or quickly enough.
Another HUGE problem is that in most Linux kernels the NIC won't work (if you try 10 times by rebooting it might). I also notice that you need to power down for it to work.
This board does not seem very com........
Compile PHP 5.3.2 on Centos 5 and CPanel/WHM because of error - Fatal error: Call to > undefined function imagecreatefromjpeg()
This function and others may not work with the stock PHPinstall on Centos/CPanel: Fatal error: Call to > undefined function imagecreatefromjpeg()
Even with libjpeg-devel installed it won't work because PHP was not compiled with jpeg support, so we have to do the dirty work ourselves :)
Here is the command/yum's I did to install missing libraries for PHP that configure will complain about (yes it is a one by one process).
yum install bzip2-........
Picking an FTPD (vsftpd) Server in Linux Centos/Debian
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
PHP cannot access /usr/bin/openssl
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
The New Chips on the Block
The New Chips on the BlockThe New Chips on the Block
By Bruce Gain
Story location: http://www.wired.com/news/infostructure/0,1377,67795,00.html
02:00 AM Jun. 13, 2005 PT
We have embarked upon a new era in x86 PC computing -- so say chip giants AMD and Intel following their launches of dual-core PC processors. So how will dual-core processing change your PC computing experience? Our FAQ should help you decide whether or when you sho........
Basic Port Listing
Basic Port ListingHopefully someone finds this useful or at least interesting.
http://www.sans.org/top20/#u9
Name Port Protocol Description
Small services ........
pound a Linux Load Balance and Reverse Proxy
I have played around with Pound a little bit. It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like. It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server.
It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format. Pound is very simple, fast a........
Apache/Mod_SSL not serving the right/expected certificate?
There is actually by default a "Default SSL" vhost that can mess things up for you and can cause surprising and unexpected results.
Default Apache SSL Cert
in /etc/httpd/conf.d/ssl.conf there is a default SSL Virtual Host which screws things up by offering itself instead of the SSL cert I specify in my own vhosts........
Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian
Shortcut/Easiest Way To Create A Self-Signed Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below.
If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
Tyan S2735-8M Maximum Hard Drive Limit/Not Working/Doesn't work with 1TB 1000GB hard drives
Inever saved any of the logs, but basically no matter what OS (Linux)I used, I could not get my 1000GB hard drive to work (Seagate SATA). The BIOS recognizes the drive and fdisk -l shows the hard drive as it should.
The tricky thing is that different OS's will give you different results, but don't be fooled. You can't use these larger drives for long. Iwas getting all kinds of seek/IOerrors and also messages that the port could not be read.........
iPhone 3GS Jailbreak Information & Benefits
Truly, the only way to unleash the capabilities and customization abilities of iPhone are to jailbreak, it's not just for hackers anymore.
A few days ago someone by the named of "geohot" released a single click application called "purplera1n", which does the entire operation smoothly and seamlessly.
In our case, the first time it went as far as "done, wait for reboot" on our Windows machine and for minutes we waited and saw the pic on the iPhone w........
Using a Mac OSX DMG Image in Windows and Converting to Standard ISO Format use dmg2iso
The dmg format is silly and annoying to work with, why couldn't Apple stick with the .iso standard? Anyway, there's an excellent Linux and Windows based tool to convert it back to a normal .iso Image called dmg2iso
I'll only cover theLinux version although the Windows pre-built binary works the same way.
Download dmg2iso here for free (from the author's website)
It's just silly and doesn't make sense that Ubuntu doe........
Writing/Burning a data CD-R/DVD-R or DVD+RW in Unix/Linux
There's a lot of outdated information and confusion for system administrator's out there.
One annoying task for many an Administrator has been backing up data in Linux. You don't need any GUI tools such as K3B or GnomeBaker. Both are excellent tools but for veteran command line users working remotely, using the keyboard is a great and possibly automated way to save yourself pain and hassle.
At a later date we'll cover how scripting can automatically backup certain........