Another Upgrade Failure

benmaynard · July 1, 2015, 8:46pm

Hi all,

I have faced the following issue when upgrading from version 0.10 to 0.11b and was wondering if anyone could help me out. It seems to be working fine since the upgrade, however the error I recieved concerned me and I rolled back my server to the pre-upgrade state.

Would anyone be able to advise if I should be concerned or not?

Thanks

Primary Hostname: xxx.xx-xx.com
Public IP Address: xxx.xxx.xxx.xxx
Mail-in-a-Box Version:  v0.11b

Updating system packages...
already installed: python3 (3.4.0-0ubuntu2), python3-dev (3.4.0-0ubuntu2), pytho                                                                                                                                                             n3-pip (1.5.4-1ubuntu1), netcat-openbsd (1.105-7ubuntu1), wget (1.15-1ubuntu1.14                                                                                                                                                             .04.1), curl (7.35.0-1ubuntu2.5), git (1:1.9.1-1ubuntu0.1), sudo (1.8.9p5-1ubunt                                                                                                                                                             u1.1), coreutils (8.21-1ubuntu5.1), bc (1.06.95-8ubuntu1), haveged (1.7c-1), una                                                                                                                                                             ttended-upgrades (0.82.1ubuntu2.3), cron (3.0pl1-124ubuntu2), ntp (1:4.2.6.p5+df                                                                                                                                                             sg-3ubuntu2.14.04.3), fail2ban (0.8.11-1)
already installed: ufw (0.34~rc-0ubuntu2)
Firewall is active and enabled on system startup
already installed: bind9 (1:9.9.5.dfsg-3ubuntu0.2), resolvconf (1.69ubuntu1.1)
already installed: openssl (1.0.1f-1ubuntu2.15)
already installed: nsd (4.0.1-1ubuntu0.1), ldnsutils (1.6.17-1), openssh-client                                                                                                                                                              (1:6.6p1-2ubuntu2)
already installed: postfix (2.11.0-1ubuntu1), postfix-pcre (2.11.0-1ubuntu1), po                                                                                                                                                             stgrey (1.35-1+miab1), ca-certificates (20141019ubuntu0.14.04.1)
already installed: dovecot-core (1:2.2.9-1ubuntu2.1), dovecot-imapd (1:2.2.9-1ub                                                                                                                                                             untu2.1), dovecot-pop3d (1:2.2.9-1ubuntu2.1), dovecot-lmtpd (1:2.2.9-1ubuntu2.1)                                                                                                                                                             , dovecot-sqlite (1:2.2.9-1ubuntu2.1), sqlite3 (3.8.2-1ubuntu2), dovecot-sieve (                                                                                                                                                             1:2.2.9-1ubuntu2.1), dovecot-managesieved (1:2.2.9-1ubuntu2.1)
installing dovecot-lucene ...
already installed: opendkim (2.9.1-1), opendkim-tools (2.9.1-1), opendmarc (1.2.                                                                                                                                                             0+dfsg-1)
already installed: spampd (2.30-22.2), razor (1:2.85-4build2), pyzor (1:0.5.0-2f                                                                                                                                                             akesync1), dovecot-antispam (2.0+20130822-2build1)
already installed: nginx (1.4.6-1ubuntu3.2), php5-fpm (5.5.9+dfsg-1ubuntu4.9)
already installed: dbconfig-common (1.8.47+nmu1), php5 (5.5.9+dfsg-1ubuntu4.9),                                                                                                                                                              php5-sqlite (5.5.9+dfsg-1ubuntu4.9), php5-mcrypt (5.4.6-0ubuntu5), php5-intl (5.                                                                                                                                                             5.9+dfsg-1ubuntu4.9), php5-json (1.3.2-2build1), php5-common (5.5.9+dfsg-1ubuntu                                                                                                                                                             4.9), php-auth (1.6.4-1), php-net-smtp (1.6.1-1), php-net-socket (1.0.14-1), php                                                                                                                                                             -net-sieve (1.3.2-4), php-mail-mime (1.8.8-1), php-crypt-gpg (1.3.2-1), php5-gd                                                                                                                                                              (5.5.9+dfsg-1ubuntu4.9), php5-pspell (5.5.9+dfsg-1ubuntu4.9), tinymce (3.4.8+dfs                                                                                                                                                             g0-1), libjs-jquery (1.7.2+dfsg-2ubuntu1), libjs-jquery-mousewheel (8-2), libmag                                                                                                                                                             ic1 (1:5.14-2ubuntu3.3)
installing Roundcube webmail 1.1.2...
already installed: dbconfig-common (1.8.47+nmu1), php5-cli (5.5.9+dfsg-1ubuntu4.                                                                                                                                                             9), php5-sqlite (5.5.9+dfsg-1ubuntu4.9), php5-gd (5.5.9+dfsg-1ubuntu4.9), php5-i                                                                                                                                                             map (5.4.6-0ubuntu5), php5-curl (5.5.9+dfsg-1ubuntu4.9), php-pear (5.5.9+dfsg-1u                                                                                                                                                             buntu4.9), php-apc (4.0.2-2build1), curl (7.35.0-1ubuntu2.5), libapr1 (1.5.0-1),                                                                                                                                                              libtool (2.4.2-1.7ubuntu1), libcurl4-openssl-dev (7.35.0-1ubuntu2.5), php-xml-p                                                                                                                                                             arser (1.3.4-6), php5 (5.5.9+dfsg-1ubuntu4.9), php5-dev (5.5.9+dfsg-1ubuntu4.9),                                                                                                                                                              php5-gd (5.5.9+dfsg-1ubuntu4.9), php5-fpm (5.5.9+dfsg-1ubuntu4.9), memcached (1                                                                                                                                                             .4.14-0ubuntu9), php5-memcache (3.0.8-4build1), unzip (6.0-9ubuntu1.3)
Migrating owncloud/config.php to new location.
installing ownCloud...
upgrading ownCloud to 8.0.4 (backing up existing ownCloud directory to /tmp/ownc                                                                                                                                                             loud-backup-3718)...
already installed: php-soap (0.13.0-1), php5-imap (5.4.6-0ubuntu5), libawl-php (                                                                                                                                                             0.53-1), php5-xsl (5.5.9+dfsg-1ubuntu4.9)
already installed: python3-flask (0.10.1-2build1), links (2.8-1ubuntu1), duplici                                                                                                                                                             ty (0.6.23-1ubuntu4.1), libyaml-dev (0.1.4-3ubuntu3.1), python3-dnspython (1.11.                                                                                                                                                             1-1), python3-dateutil (2.0+dfsg1-1), build-essential (11.6ubuntu6), libssl-dev                                                                                                                                                              (1.0.1f-1ubuntu2.15), python3-dev (3.4.0-0ubuntu2)
installing libffi-dev ...
installing munin munin-node ...

(process:14062): Pango-WARNING **: error opening config file '/root/.config/pang                                                                                                                                                             o/pangorc': Permission denied

updated DNS: *VARIOUS REMOVED DOMAIN NAMES**                                                                                                                                                         
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your requ                                                                                                                                                             est.  Either the server is overloaded or there is an error in the application.</                                                                                                                                                             p>

-----------------------------------------------

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

Traceback (most recent call last):
  File "management/status_checks.py", line 982, in <module>
    cert_status, cert_status_details = check_certificate(domain, ssl_certificate                                                                                                                                                             , ssl_key, warn_if_expiring_soon=False)
  File "management/status_checks.py", line 641, in check_certificate
    sans = cert.extensions.get_extension_for_oid(OID_SUBJECT_ALTERNATIVE_NAME).v                                                                                                                                                             alue.get_values_for_type(DNSName)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/open                                                                                                                                                             ssl/x509.py", line 287, in extensions
    value = self._build_subject_alt_name(ext)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/open                                                                                                                                                             ssl/x509.py", line 502, in _build_subject_alt_name
    general_names = _build_general_names(self._backend, gns)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/open                                                                                                                                                             ssl/x509.py", line 86, in _build_general_names
    names.append(_build_general_name(backend, gn))
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/open                                                                                                                                                             ssl/x509.py", line 94, in _build_general_name
    return x509.DNSName(idna.decode(data))
  File "/usr/local/lib/python3.4/dist-packages/idna/core.py", line 383, in decod                                                                                                                                                             e
    result.append(ulabel(label))
  File "/usr/local/lib/python3.4/dist-packages/idna/core.py", line 298, in ulabe                                                                                                                                                             l
    check_label(label)
  File "/usr/local/lib/python3.4/dist-packages/idna/core.py", line 252, in check                                                                                                                                                             _label
    raise InvalidCodepoint('Codepoint {0} at position {1} of {2} not allowed'.fo                                                                                                                                                             rmat(_unot(cp_value), pos+1, repr(label)))
idna.core.InvalidCodepoint: Codepoint U+002A at position 1 of '*' not allowed
https://xxx.xxx.xxx.xxx/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

93:F0:1D:52:35:B7:D6:5F:3D:ED:F6:7A:B2:6D:64:94:B7:87:B6:04

Then you can confirm the security exception and continue.

root@pms01:/home/benmaynard#

PortableTech · July 2, 2015, 1:36am

Try this, I think you have the same issue I did.

benmaynard · July 2, 2015, 12:41pm

Thanks for the tip!

Unfortunately it didn’t work for me, getting a consistent “Something went wrong” error message on all pages of the admin panel.

Had to roll back to a pre-install snapshot.

Hopefully this will be fixed at some point

JoshData · July 2, 2015, 12:54pm

The problem in your post is definitely the same one in that issue. You may have a second problem. Please see /var/log/syslog to see if you see any errors when accessing the control panel. Thanks.

benmaynard · July 2, 2015, 2:16pm

I tried the solution again and got the same issue. I have had a look in the syslog and can see a few things that stand out to me, but I am no expert.

These errors are after upgrading, running the command to fix the SSL issue, and even restarting the box.

Jul  2 10:00:39 pms01 Exception on /web/domains [GET]#012Traceback (most recent call last):#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1817, in wsgi_app#012    response = self.full_dispatch_request()#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1477, in full_dispatch_request#012    rv = self.handle_user_exception(e)#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1381, in handle_user_exception#012    reraise(exc_type, exc_value, tb)#012  File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise#012    raise value#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1475, in full_dispatch_request#012    rv = self.dispatch_request()#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1461, in dispatch_request#012    return self.view_functions[rule.endpoint](**req.view_args)#012  File "/usr/local/bin/mailinabox-daemon", line 49, in newview#012    return viewfunc(*args, **kwargs)#012  File "/usr/local/bin/mailinabox-daemon", line 333, in web_get_domains#012    return json_response(get_web_domains_info(env))#012  File "/home/benmaynard/mailinabox/management/web_update.py", line 328, in get_web_domains_info#012    for domain in get_web_domains(env)#012  File "/home/benmaynard/mailinabox/management/web_update.py", line 328, in <listcomp>#012    for domain in get_web_domains(env)#012  File "/home/benmaynard/mailinabox/management/web_update.py", line 308, in check_cert#012    cert_status, cert_status_details = check_certificate(domain, ssl_certificate, ssl_key)#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 657, in check_certificate#012    priv_key = load_pem(open(ssl_private_key, 'rb').read())#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 756, in load_pem#012    raise ValueError("Unsupported PEM object type: " + pem_type.decode("ascii", "replace"))#012ValueError: Unsupported PEM object type: PRIVATE KEY

Jul  2 10:00:46 pms01 Exception on /system/status [POST]#012multiprocessing.pool.RemoteTraceback: #012"""#012Traceback (most recent call last):#012  File "/usr/lib/python3.4/multiprocessing/pool.py", line 119, in worker#012    result = (True, func(*args, **kwds))#012  File "/usr/lib/python3.4/multiprocessing/pool.py", line 47, in starmapstar#012    return list(itertools.starmap(args[0], args[1]))#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 274, in run_domain_checks_on_domain#012    check_web_domain(domain, rounded_time, env, output)#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 527, in check_web_domain#012    check_ssl_cert(domain, rounded_time, env, output)#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 569, in check_ssl_cert#012    cert_status, cert_status_details = check_certificate(domain, ssl_certificate, ssl_key, rounded_time=rounded_time)#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 657, in check_certificate#012    priv_key = load_pem(open(ssl_private_key, 'rb').read())#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 756, in load_pem#012    raise ValueError("Unsupported PEM object type: " + pem_type.decode("ascii", "replace"))#012ValueError: Unsupported PEM object type: PRIVATE KEY#012"""#012#012The above exception was the direct cause of the following exception:#012#012Traceback (most recent call last):#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1817, in wsgi_app#012    response = self.full_dispatch_request()#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1477, in full_dispatch_request#012    rv = self.handle_user_exception(e)#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1381, in handle_user_exception#012    reraise(exc_type, exc_value, tb)#012  File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise#012    raise value#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1475, in full_dispatch_request#012    rv = self.dispatch_request()#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1461, in dispatch_request#012    return self.view_functions[rule.endpoint](**req.view_args)#012  File "/usr/local/bin/mailinabox-daemon", line 49, in newview#012    return viewfunc(*args, **kwargs)#012  File "/usr/local/bin/mailinabox-daemon", line 379, in system_status#012    run_checks(False, env, output, pool)#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 41, in run_checks#012    run_domain_checks(rounded_values, env, output, pool)#012  File "/home/benmaynard/mailinabox/management/status_checks.py", line 253, in run_domain_checks#012    ret = pool.starmap(run_domain_checks_on_domain, args, chunksize=1)#012  File "/usr/lib/python3.4/multiprocessing/pool.py", line 268, in starmap#012    return self._map_async(func, iterable, starmapstar, chunksize).get()#012  File "/usr/lib/python3.4/multiprocessing/pool.py", line 599, in get#012    raise self._value#012ValueError: Unsupported PEM object type: PRIVATE KEY

JoshData · July 2, 2015, 7:39pm

One of your private keys says --- BEGIN PRIVATE KEY ---- where it’s expecting --- BEGIN RSA PRIVATE KEY ---. That’s a bug on my part. You might be able to work-around this by using openssl rsa to read it in and write it out in the format we’re expecting. Otherwise you can see if you can update to the latest on github where I’ve just fixed this bug, or manually patch your installation for now:

Thanks for reporting the bug.

benmaynard · July 2, 2015, 7:42pm

Hi Josh,

Thanks for getting back to me on this, that really help out.

Will running the install command again automatically pull your change, or will I need to run an alternate command?

Could I just find my private key and change the heading to BEGIN RSA PRIVATE KEY or would that not work?

Thanks again,

Ben

JoshData · July 2, 2015, 8:01pm

Will running the install command again automatically pull your change, or will I need to run an alternate command?

No, it’s pegged to the v0.11b release. The best thing to do for now is follow that link and make the indicated change to your local copy of Mail-in-a-Box manually. (Before upgrading to the next version of Mail-in-a-Box, whenever that occurs, you’ll need to undo that change.)

Could I just find my private key and change the heading to BEGIN RSA PRIVATE KEY or would that not work?

I’m not sure. It may not.

benmaynard · July 2, 2015, 10:44pm

Thanks Josh, I really appreciate your help.

Would an alternate option be to wait for the next version and then run the upgrade as normal, would this fix all the issues?

JoshData · July 3, 2015, 12:30am

Probably, but I couldn’t say until I decide exactly what/when the release will be.

benmaynard · July 3, 2015, 3:17pm

Ok thanks.

Sorry, final question: What command would I need to run to undo the change before upgrading to the next version?

JoshData · July 6, 2015, 8:42pm

git checkout .

would do it. I’ve posted an update with this fix, btw.

benmaynard · July 11, 2015, 9:28am

Cheers Josh,

Got it installed by running the change to fix the wildcard ssl issue.