Düben, Christian writes
The error persists. See "certbot -v renew" or "cat /var/log/letsencrypt/letsencrypt.log". Do you have any idea why it does not work?
Is any other program interfering with the process?
Why? This looks like a nginx configuration issue as http://collec.repec.org/.well-known/acme-challenge/bAxCT6ZlfpzDBnGpvRY15P6IS... is not found. I know nothing about any of this. Never user certbot. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21109th day.
I do not know what broke this configuration. I will check how to fix it. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Dienstag, 21. März 2023 14:35 To: Düben, Christian <Christian.Dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] Reboot Düben, Christian writes
The error persists. See "certbot -v renew" or "cat /var/log/letsencrypt/letsencrypt.log". Do you have any idea why it does not work?
Is any other program interfering with the process?
Why? This looks like a nginx configuration issue as http://collec.repec.org/.well-known/acme-challenge/bAxCT6ZlfpzDBnGpvRY15P6IS... is not found. I know nothing about any of this. Never user certbot. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21109th day.
Düben, Christian writes
I do not know what broke this configuration. I will check how to fix it.
The last changes to the servers appear to be on Jan 4th. I recently edited root@helos /etc # ls -l /var/www/html/index.html -rw-r--r-- 1 root root 826 Mar 16 07:30 /var/www/html/index.html -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21109th day.
Does it have anything to do with (i) the "com" line in "/etc/nginx/sites-available/default~" or the difference between "/etc/nginx/sites-available/helos.openlib" and "/etc/nginx/sites-available/helos.openlib~"? I checked the general nginx configuration. It should be ok. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Dienstag, 21. März 2023 14:46 To: Düben, Christian <Christian.Dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] Reboot Düben, Christian writes
I do not know what broke this configuration. I will check how to fix it.
The last changes to the servers appear to be on Jan 4th. I recently edited root@helos /etc # ls -l /var/www/html/index.html -rw-r--r-- 1 root root 826 Mar 16 07:30 /var/www/html/index.html -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21109th day.
Düben, Christian writes
Does it have anything to do with (i) the "com" line in "/etc/nginx/sites-available/default~"
No, and I have removed that file.
or the difference between "/etc/nginx/sites-available/helos.openlib" and "/etc/nginx/sites-available/helos.openlib~"?
No, but we change the out now. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21109th day.
The issue might be worldbank.repec.org~. That file defines a server listening not just at port 80, but at port 80 default_server. That conflicts with what default defines and might be the reason why Certbot runs into a 404. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Dienstag, 21. März 2023 18:32 To: Düben, Christian <Christian.Dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] Reboot Düben, Christian writes
Does it have anything to do with (i) the "com" line in "/etc/nginx/sites-available/default~"
No, and I have removed that file.
or the difference between "/etc/nginx/sites-available/helos.openlib" and "/etc/nginx/sites-available/helos.openlib~"?
No, but we change the out now. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21109th day.
Düben, Christian writes
The issue might be worldbank.repec.org~.
I removed it. root@helos ~ # rm /etc/nginx/sites-available/*~
That file defines a server listening not just at port 80, but at port 80 default_server. That conflicts with what default defines and might be the reason why Certbot runs into a 404.
But that file was in /etc/nginx/sites-available, and not linked from /etc/nginx/sites-enabled, thus exceedingly unlikely to used by nginx. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
Sorry, I had not checked which of the available sites are enabled. I am running another website and compared its configuration to CollEc's configuration. Nginx and Certbot were set up identically. Apart from the domain name, the file in sites-enabled and nginx.conf were identical - line for line. The error source is somewhere outside of it. So, I reinstalled Certbot, but that turned out breaking it even more. I do not know what else to do. Since there are multiple websites deployed on Helos, I am not reinstalling Nginx. I have to say that I am somewhat fed up with deploying CollEc on Helos. I containerized all but two of CollEc's components: Nginx and Certbot. And Certbot keeps breaking all the time. It either gets uninstalled completely or just stops working. I have been running the same setup for a different website on another server for more than 1.5 years and have not had a single issue with Nginx or Certbot on that machine. Is there another server that I could deploy CollEc on? I am tired of repeatedly being confronted with expired certificates. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Samstag, 1. April 2023 06:02 To: Düben, Christian <Christian.Dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] Reboot Düben, Christian writes
The issue might be worldbank.repec.org~.
I removed it. root@helos ~ # rm /etc/nginx/sites-available/*~
That file defines a server listening not just at port 80, but at port 80 default_server. That conflicts with what default defines and might be the reason why Certbot runs into a 404.
But that file was in /etc/nginx/sites-available, and not linked from /etc/nginx/sites-enabled, thus exceedingly unlikely to used by nginx. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
Düben, Christian writes
So, I reinstalled Certbot, but that turned out breaking it even more. I do not know what else to do. Since there are multiple websites deployed on Helos, I am not reinstalling Nginx.
The other site is just one page. I did it for t-online's email.
I have to say that I am somewhat fed up with deploying CollEc on Helos. I containerized all but two of CollEc's components: Nginx and Certbot. And Certbot keeps breaking all the time.
I can't figure out what I did to break it. I certainly don't use it in any way.
It either gets uninstalled completely or just stops working. I have been running the same setup for a different website on another server for more than 1.5 years and have not had a single issue with Nginx or Certbot on that machine.
All I have done is update the o/s on helos.
Is there another server that I could deploy CollEc on?
I can give you Debian machines, but we can't keep it there. We can move CollEc to a debian machine, reinstall Helos as debian, and then, if it works on debian, move it back to Helos. It's a big job but I would be willing to do it for you.
I am tired of repeatedly being confronted with expired certificates.
I understand. I use neither certbot nor nginx so I am not good at help with this. When I looked at it is seems that your certbot uses its own local python3.8. Weird. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
A quick check root@helos /etc/nginx/sites-enabled # aptitude search certbot | head -1 p certbot - automatically configure HTTPS using Let's Encrypt Certbot is not installed via the o/s. How did you install it!? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
And more root@helos ~ # aptitude search certbot | grep nginx p python3-certbot-nginx - Nginx plugin for Certbot Also not installed. I don't know where you got your certbot from but I suggest you completely uninstall it. Then install it from ubuntu. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
oh I see it is now installed via snap. well you will not get that easily on debian. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
Thomas Krichel writes
oh I see it is now installed via snap. well you will not get that easily on debian.
Well I ran the snap installed version, and got to the news Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/collec.repec.org/fullchain.pem Key is saved at: /etc/letsencrypt/live/collec.repec.org/privkey.pem Is this now correct? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
well http://collec.repec.org now points to the helos site. This needs a redirect. Thomas Krichel writes
Thomas Krichel writes
oh I see it is now installed via snap. well you will not get that easily on debian.
Well I ran the snap installed version, and got to the news
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/collec.repec.org/fullchain.pem Key is saved at: /etc/letsencrypt/live/collec.repec.org/privkey.pem
Is this now correct?
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
The links sends me to CollEc's correct site. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Samstag, 1. April 2023 19:07 To: Düben, Christian <Christian.Dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] Reboot well http://collec.repec.org now points to the helos site. This needs a redirect. Thomas Krichel writes
Thomas Krichel writes
oh I see it is now installed via snap. well you will not get that easily on debian.
Well I ran the snap installed version, and got to the news
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/collec.repec.org/fullchain.pem Key is saved at: /etc/letsencrypt/live/collec.repec.org/privkey.pem
Is this now correct?
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
_______________________________________________ CollEc-run mailing list CollEc-run@lists.openlib.org http://lists.openlib.org/cgi-bin/mailman/listinfo/collec-run
-- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
Düben, Christian writes
The links sends me to CollEc's correct site.
now it does for me too. Wonderful. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
Thanks. It is up again. Let us see how sustainable the current fix is. Maybe, we can talk about it at the next RePEc meeting. Christian Düben Doctoral Candidate Chair of Macroeconomics Hamburg University Germany christian.dueben@uni-hamburg.de https://www.christian-dueben.com -----Original Message----- From: Thomas Krichel <krichel@openlib.org> Sent: Samstag, 1. April 2023 18:53 To: Düben, Christian <Christian.Dueben@uni-hamburg.de> Cc: CollEc Run <collec-run@lists.openlib.org> Subject: Re: [CollEc] Reboot Thomas Krichel writes
oh I see it is now installed via snap. well you will not get that easily on debian.
Well I ran the snap installed version, and got to the news Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/collec.repec.org/fullchain.pem Key is saved at: /etc/letsencrypt/live/collec.repec.org/privkey.pem Is this now correct? -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
Düben, Christian writes
Thanks. It is up again.
Well I have trouble seening what problems you had with it. The issues regarding validation not working was trivially fixed by shuting down nginx, to use option 2 of the installer firing up it's own http server. That takes a minute. Then you can fire up nginx again.
Let us see how sustainable the current fix is.
I don't think it is a good idea to run this through snap. -- Written by Thomas Krichel http://openlib.org/home/krichel on his 21120th day.
participants (2)
-
Düben, Christian -
Thomas Krichel