OpenLiteSpeed Won't Start - Error with path for SSL files

[niallt]

I was trying to follow a tutorial and change the path of the private key and certificate file through the WebAdmin Settings. I changed it to $SERVER_ROOT/usr/local/lsws/admin/conf/ , performed a graceful restart and now OSL won't start. The relevant error log (Cyberpanel) points to this:

2019-09-04 18:14:06.999819 [ERROR] [SSL] Config SSL Context with Certificate File: /usr/local/lsws/usr/local/lsws/admin/conf/webadmin.crt and Key File:/usr/local/lsws/usr/local/lsws/admin/conf/webadmin.key get SSL error:
2019-09-04 18:14:06.999825 [ERROR] [config:admin:listener:adminListener:ssl] failed to create new SSLContext for *:7080
2019-09-04 18:14:06.999830 [ERROR] [config:admin:listener] No listener is available for admin virtual host!
2019-09-04 18:14:06.999846 [ERROR] Fatal error in configuration, exit!

I can access the server through SSH, but I've no idea which file to edit to correct the problem.

Which file should I edit?
What should the correct values be?

Thanks in advance for any advice.

 

[Cold-Egg]

Hi @niallt ,

$SERVER_ROOT here is equal to /usr/local/lsws , and if you set $SERVER_ROOT/usr/local/lsws/admin/conf/ will equal to /usr/local/lsws/usr/local/lsws/admin/conf/ which is Incorrect.
Please make sure you are using the right cert path.

Best,
Eric

 

[niallt]

Thanks Eric. Yes, there is a problem with the path, repeating the /usr/local/lsws/ . Problem is, I can't access the GUI to correct the mistake. I have SSH access only.

Which file should I edit in command line to correct the mistake?

 

[Cold-Egg]

You need to enable TCP port 7080 from firewall first, then you should be able to access https://IP:7080
By the way, if you don't know how to access the GUI why you want to change the cert for web admin (port 7080)?

 

[niallt]

I can't access the GUI because OLS won't start. I had made the above configuration errors using the GUI on port 7080, but as soon as I pressed graceful restart, the OLS wouldn't restart, and now I can't access the web interface.
I had already opened the 7080 in the firewall before this happened.
So which is the file to modify using CLI ?

 

[Cold-Egg]

Should be here `/usr/local/lsws/admin/conf/admin_config.conf` and you should see there's a section of "listener adminListener"

 

[niallt]

Great, found it. Thanks very much for your help - much appreciated.

I was able to use the backup config file and rename it to become active. Still don't have proper https on the OLS panel, but at least I know what to fix if I break it again.

I use letsencrypt to generate the cert and keys for the Cyberpanel GUI. Is there a tutorial or KB document that walks one through the process of using the LetsEncrypt keys for the OLS Panel?

 

[Cold-Egg]

Since you have key, cert and knowing where to set the path on the config file. Just make sure that these files can be read by lsadm. If not, run chown lsadm:lsadm on each file so that the Web Admin GUI can read these files, that's it.

Let us know if it works. thanks