Troubleshooting Install Issues

Issue: SSL Certificate not updated

An SSL certificate allows you to access Enterprise Edition Web Client using HTTPS. You can either use a self-signed certificate or get a trusted certificate from a Certificate Authority (CA).

You must use utility.sh located at plantapps-enterprise-webclient-<buildno> folder to apply the certificate. If the certificate is not updated correctly, navigate to <Install file path>/plantapps-enterprise-webclient<buildno>/log/ansible.log to see the log files.

Refer to the below table, for issues related to certificates and corresponding resolutions.

Issue Reason Resolution
If utility fails Not a valid path
  1. Verify if the path for the below parameters mentioned in silentinstaller.yml are correct: 
    • SSL_CERT_PEM_PATH: ""
    • SSL_KEY_PEM_PATH: ""
  2. Ensure that the certificates are copied to the path mentioned in silentinstaller.yml
  3. Restart utility.sh.
Note: If the Certificate is signed by Enterprise CA, then it should contain all certificate levels: the Root CA, the Intermediate Enterprise Certificate, and the Server Certificate.
Expired certificate Replace the expired certificate with the new certificate.

If UAA certificate is expired, replace the public keys of the remote services.

If Web Client certificate is expired, refer to: Replace the SSL Certificate of Enterprise Edition Web Client.
Certificate not reflecting in the Web Client Self-signed certificate is not updated, or the certificate is expired This issue is fixed in PA2022.
The PApamymachinesservice stack was not removed which prevented the certificates to be configured properly. You must remove the PApamymachinesservice stack by running the command:
 sudo docker stack rm PApaMymachinesservice

For more information, refer to: Replace the Public Keys of Remote Services.
Un-authorization error Proficy server certificate failed Access the access control service and check for the PKIX errors, if found:
  • Run the command: 
    sudo docker service logs PAAccesscontrolService_accesscontrolservice
  • Restart utility.sh to trust the certificate.
HAProxy error Web Client application not accessible To verify the logs, run the command: 
sudo docker service logs PAHapoxy_haproxy
and check for the HAProxy error: [ALERT] (8) : config : parsing [/usr/local/etc/haproxy/haproxy.cfg:34] : 'bind *:5059': No Private Key found in '/usr/local/etc/haproxy/haserver.pem.key'

To troubleshoot the HAProxy error:

  1. Update the following parameters in silentinstaller.yml : 
    • SSL_CERT_PEM_PATH:"/docker/pathto/server_crt.pem"
    • SSL_KEY_PEM_PATH:"/docker/pathto/server_key.pem"
    Note: You should not provide the path of the entire chain of the certificate. You must only provide the server certificate and server key path.
  2. Ensure that the certificates are copied to the path mentioned in silentinstaller.yml.
  3. Restart utility.sh.

Issue: Unable to access the Enterprise Edition Web Client

Plant Applications Enterprise Edition Web Client is installed only on a Linux machine. After successful installation, application is not accessible and Haproxy service logs display the following errors:

[NOTICE] (6) : haproxy version is 2.5.1-86b093a

[NOTICE] (6) : path to executable is /usr/local/sbin/haproxy

[ALERT] (6) : [haproxy.main()] Cannot raise FD limit to 8251, limit is 1024

Note: This issue is specific to the Web Client that runs on Amazon Linux OS.

Follow the below steps to troubleshoot the issue:

  1. Modify the following parameter at: /etc/sysconfig/docker

    OPTIONS="--default-ulimit nofile=1024:4096"

    Replace with

    OPTIONS="--default-ulimit nofile=10000:15000"

  2. Restart the docker.