Recently did an SSL cert change and we are now unable to save any changes to both new and old pages. We can create new pages but as soon as we try to update them, it just hangs on the ‘saving’ icon and never proceeds past that.
We are running “XWiki Debian 15.2”.
I have some log outputs below, if there are better places to find relevant logs then let me know because I am a bit unfamiliar with XWiki and where to find relevant logs.
If I look at /var/log/nginx/error_ssl.log.1. This is what I see:
# tail -100 /var/log/nginx/error_ssl.log.1
2023/04/06 16:13:10 [error] 1058#1058: *1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.217.134.60, server: xwiki.somedomain.com, request: "GET /xwiki/bin/view/Main/ HTTP/1.1", upstream: "http://127.0.0.1:8080/xwiki/bin/view/Main/", host: "xwiki.somedomain.com"
2023/04/06 16:14:10 [error] 1059#1059: *4 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.217.134.60, server: xwiki.somedomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "xwiki.somedomain.com", referrer: "https://xwiki.somedomain.com/xwiki/bin/view/Main/"
2023/04/06 16:14:15 [error] 1059#1059: *7 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.217.134.60, server: xwiki.somedomain.com, request: "GET /xwiki/bin/view/Main/ HTTP/1.1", upstream: "http://127.0.0.1:8080/xwiki/bin/view/Main/", host: "xwiki.somedomain.com"
2023/04/06 16:15:15 [error] 1059#1059: *7 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.217.134.60, server: xwiki.somedomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "xwiki.somedomain.com", referrer: "https://xwiki.somedomain.com/xwiki/bin/view/Main/"
Here is some errors we are seeing in the output from /var/log/syslog:
# tail -10000 /var/log/syslog | grep ERROR
Apr 11 10:41:51 xwiki tomcat9[961]: 2023-04-11 10:41:51,054 [http-nio-8080-exec-1 - https://xwiki.somedomain.com/xwiki/webjars/wiki%3Axwiki/application-ckeditor-webjar/1.62/skins/moono-lisa/editor_gecko.css?t=M3G7] ERROR ebJarsResourceReferenceHandler - Failed to read resource [application-ckeditor-webjar/1.62/skins/moono-lisa/editor_gecko.css]
Some things we tried doing is rebooting the server and redoing the cert renewal process.
Just for reference, here is the process we performed to add in the new certs:
SSH to the xwiki box - 172.20.53.6
Upload the new cert and the private key to the box via SCP.
Move the cert into the following location with the command below.
mv star_somedomain_com.crt /etc/nginx/
mv somedomain.com.key /etc/nginx/
Cd into the following directory
cd /etc/nginx/
Backup the current Nginx config.
cp nginx.conf to nginx.conf.bak
Update the following configuration file with these new lines
Vi nginx.conf
ssl_certificate /etc/nginx/star_somedomain_com.crt;
ssl_certificate_key /etc/nginx/somedomain.com.key;
Save the configuration.
Restart NGINX
systemctl restart nginx
Check the status of NGINX and confirm it is up.
systemctl status nginx
Proceed to validation plan (Validation included ensuring xwiki was accessible via HTTPS with the correct cert)
Once validation is completed, remove the old certificates.
rm wild.somedomain.com.crt
rm wild.somedomain.com.key
I am not sure where to get from here, its possible this has nothing to do with the new cert but I find that hard to believe.
Is anyone able to point me into the right direction to resolve this?
Thanks.