Symptoms
Odin Service Automation Linux-based Control Panel does not work, the following error message is shown in the browser when a customer is trying to open secure (HTTPS) connection to CP:
SSL_ERROR_RX_RECORD_TOO_LONG
or
cp.provider.com has sent an incorrect or unexpected message. Error Code: -12263
or
Invalid method in request \x16\x03\x01
The same error messages may be found in the Apache logs of the corresponding website on the branding server.
The problem appears if the Control Panel website works on a OA-managed legacy Linux Shared Hosting server, not on NG Hosting server.
The article is also valid for any type of website hosted on OA-managed Linux Shared Hosting server, not only for Control Panel server.
A similar issue can also appear on an NG cluster/hosting server. Please see the end of the article for the resolution.
Cause
The reason of the problem is misconfiguration of the Apache virtual host with SSL. The Apache server is trying to respond to a request on port 443 with unencrypted HTTP. The browser is expecting SSL, while the server is sending plain HTTP on port 443.
Resolution
Check the Apache configuration on the branding server where the Control Panel website is hosted.
Log into the branding server by SSH. You may log into the server using the hostname or IP address of the PA Control Panel.
Check if the Apache is running on the branding server in SSL and non-SSL modes.
Normally, on OA-managed Linux Sahred Hosting server (not NG Hosting server) two sets of Apache daemons must be running, like it may be seen in the example below:
5307 ? Ss 0:00 /usr/sbin/httpd -f /usr/local/pem/etc/apache/httpd.conf_pem 5310 ? S 0:00 \_ /usr/sbin/httpd -f /usr/local/pem/etc/apache/httpd.conf_pem 5311 ? S 0:00 \_ /usr/sbin/httpd -f /usr/local/pem/etc/apache/httpd.conf_pem 5318 ? Ss 0:00 /usr/sbin/httpd -DSSL_ONLY -f /usr/local/pem/etc/apache/httpd.conf_pem 5319 ? S 0:00 \_ /usr/sbin/httpd -DSSL_ONLY -f /usr/local/pem/etc/apache/httpd.conf_pem 5320 ? S 0:00 \_ /usr/sbin/httpd -DSSL_ONLY -f /usr/local/pem/etc/apache/httpd.conf_pemOne set of Apache processes serves non-SSL (plain HTTP) requests, another one serves SSL (HTTPS) requests - such processes have the -DSSL_ONLY parameter in the environment variables.
If you do not see SSL-enabled Apache processes it may mean that Apache was started incorrectly on the server. Apache server on POA-managed Linux Shared Hosting (not NG Hosting) server must be started using the special startup script /etc/init.d/pemhttpd, not using the stock /etc/init.d/httpd script. On a POA-managed Linux Shared Hosting server the stock Apache service httpd is disabled and the special system service pemhttpd must be enabled, see below:
# chkconfig --list| grep httpd httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off pemhttpd 0:off 1:off 2:on 3:on 4:on 5:on 6:offAs it may be seen above the stock service httpd is turned off on all runlevels, instead the pemhttpd service is enabled on runlevels 2, 3, 4, 5.
If the wrong Apache service is running, do the following:
Stop the Apache service:
# /etc/init.d/httpd stopStart the OA-managed Apache service:
# /etc/init.d/pemhttpd start
Check if the following directives are present in the /usr/local/pem/etc/apache/httpd.conf_pem file:
<IFDEFINE SSL_ONLY> LOADMODULE ssl_module modules/mod_ssl.so </IFDEFINE>Check if the virtual host configuration file of the Control Panel website is loaded by Apache.
Find the ID of the webspace where Control Panel website is hosted in OA Provider Control Panel at Service Director > Shared Hosting Manager > Websites:
Open the /usr/local/pem/etc/apache/httpd.conf_pem.vhosts file on the branding server.
Check if the configuration file of the webspace is present in the httpd.conf_pem.vhosts file like in the example below:
INCLUDE /usr/local/pem/vhosts/100001/webspace/conf/vhost.confReplace 100001 with the actual ID of the webspace where the Control Panel website is hosted.
If the INCLUDE directive for the needed webspace is absent, add it and restart the Apache service:
# /etc/init.d/pemhttpd restart
If the issue appears on an NG webcluster/hosting server, make sure that webcluster service is running on the corresponding servers:
# /etc/init.d/redis status
If it is not - start it:
# /etc/init.d/redis start
On NG hosts the issue also might be caused by failed post-upgrade tasks:
Install service-WebClusterExt-6.0.6.15 (pkg_id = 6981) on ng.provider.tld (host_id = 1908)
That error is related to incorrect repository configuration. Please, check task error message and file /etc/yum.repos.d/pa-central.repo. Ensure that repository is correctly configured, install packages, required by task and rerun it.