SMS desktop app
-
I am running into an issue with issue a cert from certbot.
First, I have never manually issued a cert from certbot before nor have I have nginx before.
So this is all a learning curve.
Below is my code
sudo certbot certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Plugins selected: Authenticator webroot, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): letsencrypt@domain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): domain.com, 2.domain.com Obtaining a new certificate Performing the following challenges: http-01 challenge for domain.com http-01 challenge for 2.domain.com Input the webroot for domain.com : (Enter 'c' to cancel): /var/www/letsencrypt/.well-known/acme-challenge/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /var/www/letsencrypt/.well-known/acme-challenge/ does not exist or is not a directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Input the webroot for domain.com: (Enter 'c' to cancel): sudo mkdir /var/www/letsencrypt/.well-known/acme-challenge/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - sudo mkdir /var/www/letsencrypt/.well-known/acme-challenge/ does not exist or is not a directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Input the webroot for domain.com: (Enter 'c' to cancel): /var/www/ Select the webroot for 2.domain.com: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Enter a new webroot 2: /var/www - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Waiting for verification... Challenge failed for domain domain.com Challenge failed for domain 2.domain.com http-01 challenge for domain.com http-01 challenge for 2.domain.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: domain.com Type: dns Detail: No valid IP addresses found for domain.com - The following errors were reported by the server: Domain: 2.domain.com Type: unauthorized Detail: Invalid response from http://2.domain.com/.well-known/acme-challenge/I0MKBgfBDsVANUdgpJpNkwAttlex9oev_DXaWCveCbU [ip.add.re.ss]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. obfuscateduser:~/VoIP$ 2.domain.com
My domain settings are like so
My
/etc/nginx/sites-available/<domain>.<tld>
file looks likeYour help/guidance would be greatly appreciated
-
Ok, so, another problem
Within the LXC container, I cant resolve to any external providers.
And not surprisingly, installing everything outside the container does nothing.
But to be clear, within the container, nothing works or install able, outside of the LXC container, it all works.
-
No worries!
Sadly, no.
I finally have
in my terminal via the LXC, but in my browser, all I am getting is
-
These are my logs
2021/11/03 13:17:06 [error] 47695#47695: *14 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: app.domain.com, request: "GET / HTTP/1.1", up> 2021/11/03 13:17:06 [error] 47695#47695: *14 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET /favicon.ico HT> 2021/11/03 13:17:27 [error] 47695#47695: *19 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u> 2021/11/03 13:17:27 [error] 47695#47695: *23 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u> 2021/11/03 13:17:27 [error] 47695#47695: *24 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u> 2021/11/03 13:17:59 [error] 47695#47695: *27 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u> 2021/11/03 13:19:08 [error] 47695#47695: *29 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx,, server: app.domain.com, request: "GET / HTTP/1.1", u> 2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored 2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on [::]:80, ignored 2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored 2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on [::]:80, ignored
-
@privsec it does take a moment or two before starting up
but if this persists, seems like it is not finding the appat the risk of basics for troubleshooting:
-
inside the container and inside the installation directory, you have done
node app.js &
to start it (I have forgotten a couple of times). I think you have because you gotdatabase connected
but maybe the program stopped for some other change -
outside the container, you have run
systemctl reload nginx
without errors ? and/or runnginx -t
without errors ? -
these errors suggest continuing nginx conf issue
2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored 2021/11/03 13:22:47 [warn] 48507#48507: conflicting server name "app.domain.com" on [::]:80, ignored 2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on 0.0.0.0:80, ignored 2021/11/03 13:23:14 [warn] 48554#48554: conflicting server name "app.domain.com" on [::]:80, ignored
what is latest / current nginx conf file ?
-
-
@privsec said in SMS desktop app:
@privsec
I have confirmed that the all three nginx files use the LXC IP address, not the VPS IP address.maybe I am having a brain outage, but why are there 3 nginx files ?
-
Well, I’m now unable to load the server. It seems that after the reboot I requested it is just frozen at the boot stage.
So I’m gonna have to start over.
However, I kept running into errors with certbot originally, until I made a .wellknown folder
-
@privsec all those difficulties doesn't seem right to me
What OS is on the VPS and what OS did you choose for the container ? (FYI on my installation it is Ubuntu 20.04 in both)
Given that we are dealing with a container here (and that it's not working), I would trash the containers and start over from the top.
lxc stop <container-name>
lxc rm <container-name>
Before creating the new container (can be same name as you used before if you prefer providing you remove it), I would make sure the VPS is up-to-date
sudo apt-get update && sudo apt-get upgrade -y
. And once the new container is created, I would do that same command again inside the new container. -
@privsec said in SMS desktop app:
@timconsidine are there tried and true steps you do to setup certbot with ngoni every time?
I never have a problem with certbot except when I try to create a new certificate too soon after setting up the DNS, i.e. before it is propagated. To restrain my impatience :
- I usually
ping -c 5 sub.domain.tld
until I get responses. - I always do
nginx -t
andsystemctl reload nginx
to ensure I get up-to-date nginx configs without any errors. Always have to resolve nginx errors before attempting a clean certbot certificate addition.
If you are having nginx or certbot issues, I would make sure system is up to date with
sudo apt-get update && sudo apt-get upgrade -y
Oh, and be sure that all nginx and certbot work is done on the VPS, not while you are in the container.
Feel free to ping me in chat if you wish to step through.
- I usually
-
@timconsidine said in SMS desktop app:
sudo apt-get update && sudo apt-get upgrade -y
I have wiped the VPS and started over.
But both had the ubuntu 20.04 version -
Ok, I got this working by following your guide, then for lets encrypt, I followed https://haydenjames.io/how-to-set-up-an-nginx-certbot/up to step 4
It is now live!
-
@timconsidine This also handles calls just fine