How to , and other stuff about linux, photo, php … A linux, photography blog. To remember some linux situation, and fix them quickly.

January 20, 2017

grub-install error: no such disk

Filed under: Linux — Tags: , , , — admin @ 6:42 pm

Well a new problem . After one hard failure in raid .. when I try to grub-install /dev/sda

This error appear

/usr/sbin/grub-probe: error: no such disk.
Auto-detection of a filesystem of /dev/md1 failed.
Please report this together with the output of “/usr/sbin/grub-probe –device-map=/boot/grub/device.map –target=fs -v /boot/grub” to <bug-grub@gnu.org>

So the fix is .. after you mount the partition like in this link http://matrafox.info/reinstall-grub-after-raid-crash.html

1. mv /boot/grub/device.map /boot/grub/device.map.old
2. grub-mkdevicemap
3. update-grub2 && grub-install /dev/sda && grub-install /dev/sdb

January 11, 2017

php 5.6 ssl verify error

Filed under: Linux — Tags: , , — admin @ 12:15 pm

New problem in town . A server could not send e-mail using php . But can connect using telnet .
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Some error from php class.
Well it appear that there is no cert on server
php -r “print_r(openssl_get_cert_locations());”

Array
(
[default_cert_file] => /etc/pki/tls/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /etc/pki/tls/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /etc/pki/tls/private
[default_default_cert_area] => /etc/pki/tls
[ini_cafile] =>
[ini_capath] =>
)

For me this file was not there
/etc/pki/tls/cert.pem
After I run
update-ca-trust
I have copy the file
/etc/pki/tls/certs/ca-bundle.crt to /etc/pki/tls/cert.pem and it worked .

 

UPDATE

Today facing same problem but more complicated. The cer.pem was there ..but mail was not sending . So how to debug it ?

Well first of all we need to see what root certificat is needed.

So I run

openssl s_client -crlf -connect mail.domain.com:465

depth=0 C = EN, CN = mail.domain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = EN, CN = mail.domain.com
verify error:num=21:unable to verify the first certificate
verify return:1

….


subject=/C=EN/CN=mail.domain.com
issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA

No client certificate CA names sent

 

From here we see that we need StartCom Class 1 DV Server CA

So I search on google and find it here

https://www.startssl.com/root

So I download the CA pem file into /etc/pki/ca-trust/source/anchors/

and after this run also

update-ca-trust extract

After this all was working fine.

 

 

More information can be found here

Trusting additional CAs in Fedora / RHEL / CentOS: an alternative to editing /etc/pki/tls/certs/ca-bundle.crt (or /etc/pki/tls/cert.pem)

and here

http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

January 4, 2017

Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

Filed under: Linux — Tags: , , , — admin @ 6:01 pm

Today I wanted to upgrade a php webserver with php5.6 . However the epel didn’t work .
After a yum clean all got this title error

Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

To fix this I needed to upgrade the ceritiface without epel .

yum upgrade ca-certificates –disablerepo=epel
After this all works.

Powered by WordPress