Cant access site (ssl) after hostname change

[rkymtnhigh]

I was attempting to change the CentOS hostname so our Nagios server would quit getting blacklisted by Microsoft, when after a reboot I could no longer access the https webpage.
After checking the httpd error logs, I see where it's telling me the certificate name does not match the hostname.
I've reversed all my changes, but the issue remains after another reboot.

Any ideas where I need to put the old hostname back?

Thank you.

[rkennedy]

Why was your server getting blacklisted from Microsoft? I don't believe changing the hostname would have much affect with this.

When you initially changed your hostname, what method did you use?

Also, can you post the exact error logs you are seeing in your ssl_error_log?

[rkymtnhigh]

I came across something from Microsoft saying that the emails being sent from nagios werent matching the hostname of the server. Something like that.

Anyways, I set the new hostname in /etc/sysconfig/network and also /etc/hosts. I also changed it in /etc/hostname.

That's when the site became inaccessible. Chrome hangs on establishing secure connection.

So I removed all my changes, restarted, and still inaccessible. Here is what ssl_error_log says:

Code: Select all

[Fri Feb 26 11:34:50.937758 2016] [ssl:warn] [pid 6196] AH01909: RSA certificate configured for ip-X-XX-X-XX.example.compute.internal:443 does NOT include an ID which matches the server name

Thank you.

[rkennedy]

What is the output from these commands? It seems like something still isn't lining up properly.

Code: Select all

hostname
openssl x509 -in yourcert.crt -noout -subject

Replace yourcert.crt with the full path to your certificate file that XI is using.

[rkymtnhigh]

it's the same now.
when I first started troubleshooting this issue it was different, so I made a new cert with the correct hostname copied from the hostname command.
Still having the same issue.

[rkennedy]

Did you update the apache configuration to use the new certificate? At this point I believe the new certificate you created was not exactly correct, or something is still referencing the old one.

[rkymtnhigh]

I updated ssl.conf to use the new keys, but I think you are right, something is still referencing the old one.

After updating to the new cert, the messages about RSA certs not including an ID that matches the server name seem to have stopped.

Still not accepting port 443!

At this point , I'm going thru this tutorial https://assets.nagios.com/downloads/nag ... s%20XI.pdf
And just trying to build all the SSL elements from scratch. Still no luck!

A netstat -tulpn says both 80 and 443 are LISTENING, but i cannot telnet to either port. 22 works fine.

EDIT: Starting and Stopping iptables seems to have opened the connections up.
Now I am getting Forbidden :You don't have permission to access /nagiosxi on this server.

EDIT2:
Getting this in the httpd error_log:

Code: Select all

[Fri Feb 26 14:20:19.687940 2016] [authz_core:error] [pid 23380] [client XX.XX.XXX.XXX:58844] AH01630: client denied by server configuration: /usr/local/nagiosxi/html
[Fri Feb 26 14:20:23.608042 2016] [authz_core:error] [pid 23381] [client ::1:54348] AH01630: client denied by server configuration: /usr/local/nagiosxi/html/backend/
[Fri Feb 26 14:20:31.843146 2016] [authz_core:error] [pid 23378] [client XX.XX.XXX.XXX:58895] AH01630: client denied by server configuration: /usr/local/nagiosxi/html
[Fri Feb 26 14:20:43.763923 2016] [authz_core:error] [pid 23379] [client XX.XX.X.XX:36681] AH01630: client denied by server configuration: /usr/local/nagiosxi/html/backend/
[Fri Feb 26 14:20:43.851205 2016] [authz_core:error] [pid 23386] [client ::1:54351] AH01630: client denied by server configuration: /usr/local/nagiosxi/html/backend/
[Fri Feb 26 14:21:02.810781 2016] [authz_core:error] [pid 23381] [client ::1:54355] AH01630: client denied by server configuration: /usr/local/nagiosxi/html/backend/

[rkymtnhigh]

Iptables needed to be started and stopped for it to actually be stopped? wut

Then I had to put my original config back in the nagiosxi.conf file (I had overwritten it trying to troubleshoot and it broke some perms)

Thanks you guys!

Got it working.

[lmiltchev]

It's nice to hear that! I will be locking this thread now. If you have any more issues/questions, please start a new one.