Welcome to Centmin Mod Community
Become a Member

Prestashop SSL CA bundle not found

Discussion in 'Ecommerce / Shopping cart usage' started by adamus007p, Oct 13, 2019.

  1. adamus007p

    adamus007p Premium Member Premium Member

    104
    5
    18
    Feb 8, 2019
    Ratings:
    +6
    Local Time:
    10:29 PM
    • CentOS Version: CentOS Linux release 7.6.1810 (Core)
    • Centmin Mod Version Installed: i.e. 123.09beta01.b290
    • Nginx Version Installed: 1.17.3
      PHP Version Installed: i.e. 7.3.8
    I have installed a new server and I have errors, i installed Prestashop and payment module Stripe and I have got followin error:

    Code:
    Fatal error: Uncaught Stripe\Error\ApiConnection: Could not connect with Stripe: InvalidArgumentException: SSL CA bundle not found: /home/myshopdomain2/domains/myshopdomain.com/tools/cacert.pem in /home/myshopdomain2/domains/myshopdomain.com/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:337 Stack trace: #0 /home/myshopdomain2/domains/myshopdomain.com/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(43): GuzzleHttp\Handler\CurlFactory->applyHandlerOptions(Object(GuzzleHttp\Handler\EasyHandle), Array) #1 /home/myshopdomain2/domains/myshopdomain.com/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(39): GuzzleHttp\Handler\CurlFactory->create(Object(GuzzleHttp\Psr7\Request), Array) #2 /home/myshopdomain2/domains/myshopdomain.com/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke(Object(GuzzleHttp\Psr7\Request), Array) #3 /home/myshopdomain2/domains/myshopdomain.com/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(51): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object in /home/myshopdomain2/domains/myshopdomain.com/modules/stripe/classes/GuzzleClient.php on line 245
    interesting thing that in my local centminmode is ok, the problem is on VPS.

    How to fix the problem?
     
  2. adamus007p

    adamus007p Premium Member Premium Member

    104
    5
    18
    Feb 8, 2019
    Ratings:
    +6
    Local Time:
    10:29 PM
    I was trying to upgrade ngix and php to newest version.

    during compilation i see

    Code:
    Cannot load module 'redis' because required module 'igbinary' is not loaded in Unknown on line
    i have changed a localization of webstie.

    I was trying to install openssl and certbot and after it i have problems

    Code:
    Cannot load module 'redis' because required module 'igbinary' is not loaded in Unknown on line
     File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.38.0', 'console_scripts', 'certbot')()
    File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
    File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
    return ep.load()
    File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
    entry = import(self.module_name, globals(),globals(), ['name'])
    File "/usr/lib/python2.7/site-packages/certbot/main.py", line 20, in <module>
    from certbot import client
    File "/usr/lib/python2.7/site-packages/certbot/client.py", line 14, in <module>
    from acme import client as acme_client
    File "/usr/lib/python2.7/site-packages/acme/client.py", line 37, in <module>
    requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()  # type: ignore
    File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
    _validate_dependencies_met()
    File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 160, in _validate_dependencies_met
    "'pyOpenSSL' module missing required functionality. "
    ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    how did you install openssl and certbot ? openssl is already installed on centmin mod and certbot isn't needed. You could inadvertently messed up CentOS depending on how you installed them
     
  4. Simon Brown

    Simon Brown Premium Member Premium Member

    45
    5
    8
    Feb 9, 2017
    Ratings:
    +17
    Local Time:
    9:29 PM
    1.11.9
    I have the same issue.
    I've run cmupdate, opened centmin, run option 15, then the script to update Python, then the yum updates.

    When I close centmin (24) I don't see that any updates are needed:

    Code:
     checking for YUM updates... please wait...
     no YUM updates available
    Code:
     Centmin Mod local code is up to date at /usr/local/src/centminmod
     no available updates at this time...
    I have an older site that was setup using certbot (before you released the awesome acmetool.sh.
    When I try to renew the cert with 'certbot renew' I get this error:

    Code:
    Traceback (most recent call last):
      File "/usr/bin/certbot", line 9, in <module>
        load_entry_point('certbot==0.39.0', 'console_scripts', 'certbot')()
      File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 572, in load_entry_point
        return get_distribution(dist).load_entry_point(group, name)
      File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2755, in load_entry_point
        return ep.load()
      File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2408, in load
        return self.resolve()
      File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2414, in resolve
        module = __import__(self.module_name, fromlist=['__name__'], level=0)
      File "/usr/lib/python2.7/site-packages/certbot/main.py", line 20, in <module>
        from certbot import client
      File "/usr/lib/python2.7/site-packages/certbot/client.py", line 14, in <module>
        from acme import client as acme_client
      File "/usr/lib/python2.7/site-packages/acme/client.py", line 37, in <module>
        requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()  # type: ignore
      File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
        _validate_dependencies_met()
      File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 160, in _validate_dependencies_met
        "'pyOpenSSL' module missing required functionality. "
    ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
    Is there an easy way to update a vhost that's already using https to use the new acmetool.sh.
    I have searched the docs but the instructions are only for converting http to https or creating a new vhost. Neither of these options applies to an already running https vhost.

    Many thanks for any help.
     
  5. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    is the https site working with valid ssl cert right now though ? or ssl certs have expired ?

    If SSL certs haven't expired yet and HTTPS works, what you can do is sort of partial manual steps from Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates starting with step 1 of guide

    Then follow manual steps 2, 3, 4, 5 and 6 of guide at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates where step 6 instead you adjust your existing /usr/local/nginx/conf/conf.d/domain.com.ssl.conf nginx vhost with the acmetool.sh issued letsencrypt ssl certification paths.

    Then you can test your domain at Let's Debug to ensure future renewals work.
     
  6. Simon Brown

    Simon Brown Premium Member Premium Member

    45
    5
    8
    Feb 9, 2017
    Ratings:
    +17
    Local Time:
    9:29 PM
    1.11.9
    Thanks for your reply. The cert is live and about to expire in 7 days.
    It doesn't look like the steps you've pointed out will work with a vhost that already exists and it using a live cert.
     
    Last edited: Oct 31, 2019
  7. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    if you have working HTTPS, then steps I outlined in post at Prestashop - SSL CA bundle not found should work - have you actually tried it ?
     
  8. Simon Brown

    Simon Brown Premium Member Premium Member

    45
    5
    8
    Feb 9, 2017
    Ratings:
    +17
    Local Time:
    9:29 PM
    1.11.9
    Sorry if I'm not being clear.
    I have a host that's already working in centmin. It was created a while ago, before your acmetool.sh.
    I setup certbot to create and auto-renew the LetsEncrypt certs.

    All my other websites use your acmetool.sh so it's already installed. I don't want to take down all the other websites by accident by overwriting all the settings. I already have settings like LETSENCRYPT_DETECT='y' setup.

    I just want to add the ssl cert to acmetool.sh way of doing things and update the vhist with the new location of the ssl.
     
  9. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You should be able to follow Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates still just skip step 1 actually creating the domain.conf non-https and keep your domain.com.ssl.conf vhost intact and just start from step 2 to 5 and then for step 6, you manually adjust your domain.com.ssl.conf vhost ssl cert paths to the ones outlined in step 6
     
  10. adamus007p

    adamus007p Premium Member Premium Member

    104
    5
    18
    Feb 8, 2019
    Ratings:
    +6
    Local Time:
    10:29 PM
  11. Simon Brown

    Simon Brown Premium Member Premium Member

    45
    5
    8
    Feb 9, 2017
    Ratings:
    +17
    Local Time:
    9:29 PM
    1.11.9
    Hi, yes thanks.
    The instruction indicated that the SSL's are here:
    ssl_certificate /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com-acme.key;

    They're actually in the /root/.acme.sh/newdomain.com

    Apart from that, it seems to work :)
     
  12. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:29 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    They're meant to be copied there with centmin.sh menu option 2, 22 or nv or via 2nd command outlined at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates which is mentioned in my above post here.