Nominet Help

[cs9dmt]

Hi...

 

Ours isnt working... we have tried the commands as above and keep getting back "you need a passphrase to unlock secret key for user: <OUR TAG NAME> 2048 bit RSA key" Although password in correct... if we type password in wrong it gives us: same as above plus "no default secret key: bad passphrase"

 

Any suggestions?

 

Dale

[othellotech]

create a file in the nominet/tmp/ folder called nominettest.txt , make sure there are no *.asc files in the folder and type:

gpg --no-tty --passphrase-fd 0 --clearsign ./tmp/nominettest.txt

it will then wait for you to type the passphrase

 

if that returns an error/fails then there's not a lot I can suggest except your gpg installation/keyring are not setup correctly, delete them, install again and work through the gpp website

[cs9dmt]

Hi Rob,

 

The gpg --no-tty --passphrase-fd 0 --clearsign ./tmp/nominettest.txt works fine. I have changed the email address to my email address so I can check the output (and so it doesnt renew domain names) and still not getting an email from the system. Its using SMTP to send the emails (or should be) and should authenticate against our primary exchange server... other emails are sending from whmcs ok so not sure why these ones are not.

 

Any help would be much appreciated.

 

Dale

[othellotech]

The gpg --no-tty --passphrase-fd 0 --clearsign ./tmp/nominettest.txt works fine

So the look at the passphrase itself -does it have spaces ? does it have characters that can be interpreted as commands liek > < & etc ?

[cs9dmt]

passphrase is alpha-numeric string nothing more...

[othellotech]

so what happens when you run the command

 

echo {passphrase} | gpg --no-tty --passphrase-fd 0 --clearsign ./tmp/nominettest.txt

 

anything in your error log ?

 

what user is running the apache/whmcs processes ? try the ssh commands when logged in as that user.

[cs9dmt]

hmmm.... works with root user but doesnt work with whmcs user?

 

gpg: failed to create temporary file `/var/www//.gnupg/.#lk0x81168c8.cayote.7294': Permission denied

gpg: keyblock resource `/var/www//.gnupg/secring.gpg': general error

gpg: failed to create temporary file `/var/www//.gnupg/.#lk0x8117930.cayote.7294': Permission denied

gpg: keyblock resource `/var/www//.gnupg/pubring.gpg': general error

gpg: no default secret key: secret key not available

gpg: nominettest.txt: clearsign failed: secret key not available

 

So how do I attribute rights for access to keys for the whmcs user in gpg?

[cs9dmt]

sorted it...

 

Had to:

create a directory under var/www//.gnupg

copy the secring and pubring generated under the main user account to this location

change the owner of the secring and pubring to whmcsadmin

then run the test again and it work....

 

D

[cs9dmt]

Right... ok...

 

So I no have got the:

 

echo <oursecret> | gpg --no-tty --passphrase-fd 0 --clearsign nominettest.txt

 

to work.... from the whmcsadmin user... but still when I hit the nominet renew button its not working.. any more suggestions?

 

Thanks

 

Dale

[othellotech]

Right... ok...

echo <oursecret> | gpg --no-tty --passphrase-fd 0 --clearsign nominettest.txt

to work.... from the whmcsadmin user... but still when I hit the nominet renew button its not working.. any more suggestions?

Set the email address for the plugin to yours and look at the generated mails

Did you send the test signed list request to nominet to check it was signed correctly ?

[cs9dmt]

Yup changed email address to me... thats how I know it isnt working...

Nope didnt send to nominet to check if sign was ok.. but not got that far yet...

 

D

[othellotech]

Yup changed email address to me... thats how I know it isnt working...

Not working is a bit broad - be *specific*

[cs9dmt]

Lol... ok when I press the "renew" button, nothing gets sent... dont know the code behind the renew button so cant be more specific as to technically why it isnt working...

[CSNM-Carl]

Renewal seems to be working for me Phew!

[isdoo]

Hi,

 

Need to join the 'it isn't working for me' group

 

I have run

 

echo {passphrase} | gpg --no-tty --passphrase-fd 0 --clearsign ./tmp/nominettest.txt

 

I get an asc file - which I have sent to Nominet and got back the list of domains.

 

That all seems fine

 

However my emails remain unsigned

 

My path is set to

 

/var/www/vhosts/isdoo.com/.gnupg

 

which is correct.

 

I ran the above script from the user isdoo - so as far as I can tell everything is working, yet the emails are coming through to me as unsigned when tested within whmcs.

 

I have PGP Sign the Email ticked as well.

 

If I try and do a renew for example - I get no errors in whmcs apart from the email to me is unsigned (I have set me as recipient whilst testing)

 

Have I missed something?

[othellotech]

what user is running the webserver app ?

can that user access gpg ?

is the .gnupg file in the right place for the webserevr user ?

have you worked through the gpg tutoral both from ssh and within webpages ?

 

to-date not a single one of these issues has been a problem with WHMCS or the module

[isdoo]

as far as I can tell yes to everything - I logged in via ssh with the user isdoo

 

I then ran the test with that user and got the signed email ok.

 

So as far as I can tell everything is in the correct place and has the correct permissions.

 

I can't find any errors - but obviously I have one somewhere

[othellotech]

ps auxf | grep httpd

is isdoo the user running the webserver ?

[isdoo]

isdoo 8022 0.0 0.0 3976 616 pts/0 S+ 18:50 0:00 \_ grep httpd

root 3508 0.0 1.2 44140 25616 ? Ss Oct09 0:11 /usr/sbin/httpd

root 6545 0.0 0.7 32884 15728 ? S Oct17 0:00 \_ /usr/sbin/httpd

apache 6547 0.0 0.7 33200 15796 ? S Oct17 0:00 \_ /usr/sbin/httpd

apache 21269 0.9 1.4 53404 29724 ? S 17:30 0:44 \_ /usr/sbin/httpd

apache 22941 0.8 1.4 53340 29444 ? S 17:38 0:38 \_ /usr/sbin/httpd

apache 23954 0.9 1.4 54820 30832 ? S 17:42 0:37 \_ /usr/sbin/httpd

apache 24021 0.9 1.4 53148 29144 ? S 17:42 0:36 \_ /usr/sbin/httpd

apache 24064 0.8 1.4 53236 29232 ? S 17:43 0:36 \_ /usr/sbin/httpd

apache 24068 0.9 1.5 54832 31272 ? S 17:43 0:37 \_ /usr/sbin/httpd

apache 24129 0.8 1.4 54600 31120 ? S 17:43 0:33 \_ /usr/sbin/httpd

apache 25622 0.8 1.5 55092 31192 ? S 17:47 0:34 \_ /usr/sbin/httpd

apache 27951 0.8 1.4 53972 30352 ? S 17:56 0:28 \_ /usr/sbin/httpd

apache 28955 0.8 1.3 53116 28860 ? S 17:59 0:24 \_ /usr/sbin/httpd

apache 29080 0.8 1.4 53156 29132 ? S 18:00 0:26 \_ /usr/sbin/httpd

apache 29242 0.8 1.4 54524 31080 ? S 18:00 0:25 \_ /usr/sbin/httpd

apache 29761 0.9 1.3 53064 28824 ? S 18:02 0:27 \_ /usr/sbin/httpd

apache 30469 0.8 1.3 53168 28836 ? R 18:05 0:23 \_ /usr/sbin/httpd

apache 3236 0.9 1.3 51660 27468 ? S 18:30 0:11 \_ /usr/sbin/httpd

apache 3304 0.8 1.3 52988 28580 ? S 18:30 0:10 \_ /usr/sbin/httpd

apache 3305 0.9 1.3 53048 28636 ? S 18:30 0:11 \_ /usr/sbin/httpd

apache 5855 0.9 1.3 52676 28252 ? S 18:41 0:05 \_ /usr/sbin/httpd

apache 7603 0.9 1.1 46936 24160 ? S 18:47 0:01 \_ /usr/sbin/httpd

apache 7611 0.8 1.3 52988 28492 ? S 18:47 0:01 \_ /usr/sbin/httpd

 

I assume it is apache - I ran that from the ssh login of isdoo.

 

I am really not sure what I am seeing - sorry

 

So if it is apache (all the files are owned by isdoo - so assumed it was isdoo and not apache) what do I need to do?

[othellotech]

you need to do your tests as user apache

[4uh]

I'm just setting this up - here is what I've done...

 

1. Uploaded pubring.pkr and secring.skr to the home/username/.gnupg directory for the user running whmcs.

 

This is a cpanel server and I know gnupg is installed correctly and working because I'm using it in another account with a different script.

 

2. Renamed these files with the gpg extension.

 

3. Ensured the permissions are set correctly on these files - owned by the user and chmod 0700

 

We are using suphp on this server so PHP is running as the owner of the files.

 

4. Configured the Nominet module in whmcs and set my email address for testing. I'm not using a passphrase on this currently so I didnt enter anythign in that field.

 

5. placed an order and attempted to register

 

The result I get is a totally blank email.

 

I have also done the following...

 

1. Removed the public and private keys form the home/username/.gnupg directory and added them in cpanel using the import option by pasting from the .asc file. I note that the gpg files are created correctly.

 

This produces the same result when I test it.

 

Does anyone have any ideas why this might not be working ? I'm scratching my head atm.

[4uh]

I ran the test...

 

echo | gpg --no-tty --passphrase-fd 0 --clearsign ./tmp/test.txt

 

 

And it correctly signed the file, leaving behind a test.txt.asc file containing the signed test text i had put in there.

 

So why is it coming up as a blank email when I send a test to myself via whmcs?

[othellotech]

4. Configured the Nominet module in whmcs and set my email address for testing. I'm not using a passphrase on this currently so I didnt enter anythign in that field.

you have to have a passphrase

 

The result I get is a totally blank email.

then you have a permisison problem - probably on the ./tmp/folder in the nominet module

[Adamski]

Howdy All.

 

Having problems myself with this.

 

The server commands from whmcs are being run as apache.

TMP file is 0777

gpug is in right place but is owned by siteadmin. I've tried various different users including apache and have also moved it into the public html directory

 

Email gets sent fine but is never signed. Driving me crazy! I know is isn't a WHMCS issue but I can't work it out for the life of me.

 

I can run the echo line fine from the command line which suggests a permission error for the apache user. Any pointer as to where to start looking?

 

Cheers,

 

Adam

[Adamski]

Just to add - log file shows this:

 

/modules/registrars/nominet/tmp/nominet1203073928.txt: clearsign failed: secret key not available

 

but all keys are present.