<html><head></head><body><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div></div>
<div><br></div><div dir="ltr" data-setdir="false">Hello, <br><br>I am so exhausted with SSL with pacemaker.. I tried my level best and I did found the solution.</div><div dir="ltr" data-setdir="false"><br></div></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i> wget --no-check-certificate https://localhost/server-status</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>--2021-01-12 11:25:06-- https://localhost/server-status</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>Resolving localhost (localhost)... ::1, 127.0.0.1</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>Connecting to localhost (localhost)|::1|:443... connected.</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>WARNING: The certificate of 'localhost' is not trusted.</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>WARNING: The certificate of 'localhost' hasn't got a known issuer.</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>The certificate's owner does not match hostname 'localhost'</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>HTTP request sent, awaiting response... 200 OK</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>Length: 4236 (4.1K) [text/html]</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>Saving to: 'server-status.3'</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i><br></i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>server-status.3 100%[============================================================================>] 4.14K --.-KB/s in 0s</i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i><br></i></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><i>2021-01-12 11:25:06 (404 MB/s) - 'server-status.3' saved [4236/4236]</i></div></div></div></div></blockquote></blockquote><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div><div><br></div></div><div dir="ltr" data-setdir="false">Status.conf</div><div dir="ltr" data-setdir="false"><br></div></div></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><div><div><i> <Location /server-status></i></div></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><div><div><i> SetHandler server-status</i></div></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><div><div><i> Require local</i></div></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><div><div><i> </i></div></div></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><div><div><i> </Location></i></div></div></div></div></div></blockquote></blockquote><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><div dir="ltr" data-setdir="false"><div><div><br></div></div><br></div>And I tried </div></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><span><i>pcs resource create Apache ocf:heartbeat:apache configfile=/etc/apache2/apache2.conf statusurl="--no-check-certificate https://localhost/server-status" op monitor interval=1min</i></span></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><span><i><br></i></span></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><span><span><i>pcs resource create Apache ocf:heartbeat:apache configfile=/etc/apache2/apache2.conf statusurl=" https://localhost/server-status" op monitor interval=1min</i></span></span></div></div></blockquote></blockquote><div dir="ltr" data-setdir="false">And I tried to change config <span><span style="color: rgb(36, 39, 41); font-family: Arial, Helvetica Neue, Helvetica, sans-serif; font-size: 15px;"> (ocf/resource.d/heartbeat/tomcat)</span></span></div><div dir="ltr" data-setdir="false"><span><span style="color: rgb(36, 39, 41); font-family: Arial, Helvetica Neue, Helvetica, sans-serif; font-size: 15px;"><br></span></span></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><span><div><div><i>isrunning_tomcat()</i></div></div></span></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><span><div><i>{</i></div></span></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><span><div><i> $WGET --no-check-certificate --tries=20 -O /dev/null $RESOURCE_STATUSURL >/dev/null 2>&1</i></div></span></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><span><div><i>}</i></div></span></div></blockquote></blockquote><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><br></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydpf544702ayahoo-style-wrap" style="font-family: verdana, helvetica, sans-serif; font-size: 13px;"><div dir="ltr" data-setdir="false"><span><span><br></span></span></div></div></blockquote></blockquote><div>Error I received </div><div><br></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><div><div><i>Failed Resource Actions:</i></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><div><div><i>* Apache_start_0 on server1 'unknown error' (1): call=401, status=complete, exitreason='Failed to access httpd status page.',</i></div></div></div></blockquote><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div dir="ltr" data-setdir="false"><div><div><i> last-rc-change='Tue Jan 12 11:19:23 2021', queued=1ms, exec=3439ms</i></div></div><div><br></div><div><br></div></div></blockquote></blockquote><br><div dir="ltr" data-setdir="false"><div><div dir="ltr" data-setdir="false">Please help me </div></div><br></div><div id="yahoo_quoted_1425642734" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, 27 October, 2020, 04:44:16 pm GMT+1, Timo Schöler <timo@kroenchenstadt.de> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div dir="ltr">On 10/27/20 11:33 AM, John Karippery wrote:<br clear="none"><br clear="none">> I have problem on my pacemaker setup while config SSL certificate on my <br clear="none">> server.<br clear="none"><br clear="none">Can you access <a shape="rect" href="https://localhost/server-status " target="_blank">https://localhost/server-status </a>(which you use to check <br clear="none">your web server's health) using wget from the same host?<br clear="none"><br clear="none">Will it throw an error because of the certificate (chain)? If so, this <br clear="none">will also be the problem regarding the health check.<br clear="none"><br clear="none">wget will ignore certificate woes using the ``--no-check-certificate'' <br clear="none">option, which you could use to verify it actually is the problem.<br clear="none"><br clear="none">Timo<div class="yqt5484381721" id="yqtfd66197"><br clear="none"><br clear="none">> Before using SSL everything was working fine but as soon as I added the <br clear="none">> (self-signed) SSL certificate, the cluster won't start the web server again.<br clear="none">> <br clear="none">> error message is like this.<br clear="none">> <br clear="none">> |/Failed Resource Actions: * mb-web_start_0 on node01 'unknown error' <br clear="none">> (1): call=128, status=complete, exitreason='Failed to access httpd <br clear="none">> status page.', last-rc-change='Mon May 18 12:32:05 2020', queued=0ms, <br clear="none">> exec=3402ms * mb-web_start_0 on node02 'unknown error' (1): call=130, <br clear="none">> status=complete, exitreason='Failed to access httpd status page.', <br clear="none">> last-rc-change='Mon May 18 12:31:35 2020', queued=0ms, exec=3425ms /and <br clear="none">> I tried to create apache resource in:<br clear="none">> <br clear="none">> |<br clear="none">> <br clear="none">> |pcs resource create Website1 ocf:heartbeat:apache <br clear="none">> configfile=/etc/apache2/apache2.conf <br clear="none">> statusurl="<a shape="rect" href="http://localhost/server-status" target="_blank">http://localhost/server-status</a>" op monitor interval=1min|<br clear="none">> <br clear="none">> |pcs resource create Website1 ocf:heartbeat:apache <br clear="none">> configfile=/etc/apache2/apache2.conf <br clear="none">> statusurl="<a shape="rect" href="https://localhost/server-status" target="_blank">https://localhost/server-status</a>" op monitor interval=1min|<br clear="none">> <br clear="none">> my Apache server status file<br clear="none">> <br clear="none">> |cat <<-END >/etc/apache2/status.conf <Location /server-status> <br clear="none">> SetHandler server-status Order Deny,Allow Deny from all Require local <br clear="none">> </Location> END|<br clear="none">> <br clear="none">> Please help me|</div><br clear="none">> <br clear="none">> |<br clear="none">> <br clear="none">> <br clear="none">> _______________________________________________<br clear="none">> Manage your subscription:<br clear="none">> <a shape="rect" href="https://lists.clusterlabs.org/mailman/listinfo/users" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br clear="none">> <br clear="none">> ClusterLabs home: <a shape="rect" href="https://www.clusterlabs.org/" target="_blank">https://www.clusterlabs.org/</a><br clear="none">> <br clear="none">_______________________________________________<br clear="none">Manage your subscription:<br clear="none"><a shape="rect" href="https://lists.clusterlabs.org/mailman/listinfo/users" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br clear="none"><br clear="none">ClusterLabs home: <a shape="rect" href="https://www.clusterlabs.org/" target="_blank">https://www.clusterlabs.org/</a><div class="yqt5484381721" id="yqtfd04787"><br clear="none"></div></div></div>
</div>
</div></body></html>