Ssl_certificate.pem- too many levels of symbolic links

mjoy · August 8, 2018, 3:00pm

Woke up this morning to no email, and no web status available. After connecting in to the server via ssh, and running ‘sudo mailinabox’ gives the following errors:

Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters...
ln: failed to access ‘/home/user-data/ssl/ssl_certificate.pem’: Too many levels of symbolic links

and at the end:

Your Mail-in-a-Box is running.

 Please log in to the control panel for further instructions at:

Traceback (most recent call last):
  File "management/status_checks.py", line 986, in <module>
   tls_cert = get_domain_ssl_files(domain, ssl_certificates, env)
File "/home/dabre/mailinabox/management/ssl_certificates.py", line 153, in get_domain_ssl_files
"certificate_object": load_pem(load_cert_chain(ssl_certificate)[0]),
File "/home/dabre/mailinabox/management/ssl_certificates.py", line 600, in load_cert_chain
with open(pemfile, "rb") as f:
OSError: [Errno 40] Too many levels of symbolic links: '/home/user-data/ssl/ssl_certificate.pem'

Looking at /home/user-data-ssl/ssl_certificate.pem, it’s a symlink to itself:

lrwxrwxrwx 1 root      root        39 Aug  8 03:00 ssl_certificate.pem -> /home/user-data/ssl/ssl_certificate.pem

I had updated to v0.28 earlier this week, but hadn’t noticed any issues before this. What would ssl_certificate.pem be symlinked to in this case? I have made no modifications to the system other than running multiple domains.

Thank you for any assistance.

mrcbrown · August 8, 2018, 5:39pm

I had the same thing happen on a recent upgrade, I went ahead and cleared the file itself and copied the primary SSL pem to ssl_certificate and rebooted it to get services running again.

Nothing odd done on this box, been running like a champ for a while now, but it had that hang up - but not all servers brought up to the latest .28 have had this issue. Unsure what was different.

mjoy · August 8, 2018, 6:51pm

This has everything up and running again, thank you. I did the following:

sudo cp box.mydomain.email-20181106-67f6c4b1.pem ssl_certificate.pem

I’m guessing ‘ssl_certificate.pem’ is supposed to symlink to whatever the most recent Let’s Encrypt cert for the box. domain is. I’ve gotten rid of the symlink for the moment, and copied my primary .pem file over as shown above.

erik · August 14, 2018, 6:16am

I got the same issue. I thought I fixed it last night with:

sudo ln -s /home/user-data/ssl/box.mydomain.email-20181111-5835a18e.pem ssl_certificate.pem

with box.mydomain.email-20181111-5835a18e.pem being the most recent pem-file in the ssl-directory.

But after tonight I got the same error back. I now copied the certificate using the command from above.

Would like to fix this issue withou the hack from above, any suggestions?

brycefisherfleig · September 12, 2019, 4:34am

I’ve run into the same issue after upgrading to 0.43 and then migrating to a new box. I noticed that removing the /home/user-data/ssl/ssl_certificate.pem and rerunning sudo mailinabox regenerated a self-signed certificate, however clicking on the button in the UI to provision a new cert for the main domain triggered this issue and so did running the status checks cd /root/mailinabox/management && sudo ./status_checks.py. My traceback is slightly different:

"""
Traceback (most recent call last):
  File "/usr/lib/python3.6/multiprocessing/pool.py", line 119, in worker
    result = (True, func(*args, **kwds))
  File "/usr/lib/python3.6/multiprocessing/pool.py", line 47, in starmapstar
    return list(itertools.starmap(args[0], args[1]))
  File "./status_checks.py", line 352, in run_domain_checks_on_domain
    check_web_domain(domain, rounded_time, ssl_certificates, env, output)
  File "./status_checks.py", line 659, in check_web_domain
    check_ssl_cert(domain, rounded_time, ssl_certificates, env, output)
  File "./status_checks.py", line 711, in check_ssl_cert
    tls_cert = get_domain_ssl_files(domain, ssl_certificates, env, allow_missing_cert=True)
  File "/root/mailinabox/management/ssl_certificates.py", line 153, in get_domain_ssl_files
    "certificate_object": load_pem(load_cert_chain(ssl_certificate)[0]),
  File "/root/mailinabox/management/ssl_certificates.py", line 600, in load_cert_chain
    with open(pemfile, "rb") as f:
OSError: [Errno 40] Too many levels of symbolic links: '/home/user-data/ssl/ssl_certificate.pem'
"""

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "./status_checks.py", line 976, in <module>
    run_checks(False, env, ConsoleOutput(), pool)
  File "./status_checks.py", line 64, in run_checks
    run_domain_checks(rounded_values, env, output, pool)
  File "./status_checks.py", line 322, in run_domain_checks
    ret = pool.starmap(run_domain_checks_on_domain, args, chunksize=1)
  File "/usr/lib/python3.6/multiprocessing/pool.py", line 274, in starmap
    return self._map_async(func, iterable, starmapstar, chunksize).get()
  File "/usr/lib/python3.6/multiprocessing/pool.py", line 644, in get
    raise self._value
OSError: [Errno 40] Too many levels of symbolic links: '/home/user-data/ssl/ssl_certificate.pem'

I also found that removing the self-symlinked ssl cert and replacing it with a symlink to the last known good cert solved the immediate problem. However, trying to provision new certificates causes this problem again reliably.