The Problem:
There is an issue on CloudLinux 6.8 and CentOS 6.8 servers with the nss package version numbered 3.21.0-8. In general, if you see either:
curl https://google.com > /dev/null
Illegal instruction (core dumped)
or
rhn_check
Illegal instruction (core dumped)
In both cases, the fix that is being advised amounts to downgrading the nss packages to version 3.21.0-0.3.
The instructions are different between CloudLinux and CentOS.
CloudLinux
The older package is still in CloudLinux’s repositories, so this is easy. Run the following command and check that you are going to 3.21.0-0.3
NSS_DISABLE_HW_GCM=1 yum downgrade nss nss-util nss-tools nss-sysinit
Then edit the
vim /etc/yum.conf
file adding nss* to the end of the exclude= line like so
exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail* nss*
Then, check your work with the following command
curl https://google.com > /dev/null
CentOS
CentOS is a bit more difficult, since everything just upgraded to CentOS 6.8 and the older package is not in the system repositories.
Create the file
touch /etc/yum.repos.d/nss-fix.repo
with the following contents:
[nss-fix]
name=repository used solely to fix nss
baseurl=http://vault.centos.org/6.7/updates/x86_64/
enabled=0
includepkgs=nss*
#gpgcheck=1
priority=3
Then, run the following command and check that you are going to 3.21.0-0.3
yum --enablerepo=nss-fix downgrade nss nss-sysinit nss-util nss-tools
Next, change
vim /etc/yum.conf
adding nss* to the end of the exclude= line like so
exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail* nss*
Check your work with the following command
curl https://google.com > /dev/null
