Certbot did not renew cert

Hi,
I have messed up renewing a cert. It was dues to expire on August 4th and I renewed it (I thought) manually by "certbot renew" I am now trying to see the server and its not visible.
I am using Jitsi and duchdns.org and when I try restarting prosody service and looking at status, it cannot find a cert:
peter@cider123:~$ sudo systemctl status prosody.service
● prosody.service - Prosody XMPP Server
Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-08-07 21:29:33 UTC; 30s ago
Docs: Documentation – Prosody IM
Main PID: 24366 (lua5.2)
Tasks: 1 (limit: 9160)
Memory: 13.9M
CGroup: /system.slice/prosody.service
└─24366 lua5.2 /usr/bin/prosody

Aug 07 21:29:33 cider123.duckdns.org systemd[1]: Started Prosody XMPP Server.
Aug 07 21:29:33 cider123.duckdns.org prosody[24366]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
Aug 07 21:29:33 cider123.duckdns.org prosody[24366]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281
peter@cider123:~$

I am only a casual user of the server but thought I set up a cron job to renew the cert however I have read that systenctl timers is now used and cannot be used with cron!?
Could someone confirm how to clean out my system and get a new certificate or my server?
A pointer to relevant info would suffice.

Thanks

1 Like

Apologies, I am using Jitsi meet on an Ubuntu 20.4 server via duckdns.org and the IP lookup still point to my IP address

Thanks

1 Like

Please show the output of:
certbot certificates

2 Likes

There seems to be a certificate:

peter@cider123:~$ sudo certbot certificates
[sudo] password for peter:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: cider123.duckdns.org
Domains: cider123.duckdns.org
Expiry Date: 2022-10-19 19:18:16+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/cider123.duckdns.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/cider123.duckdns.org/privkey.pem


peter@cider123:~$

But this is also what I get:

peter@cider123:~$ sudo systemctl status prosody.service
● prosody.service - Prosody XMPP Server
Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-08-08 15:12:41 UTC; 44min ago
Docs: Documentation – Prosody IM
Main PID: 1015 (lua5.2)
Tasks: 1 (limit: 9160)
Memory: 22.3M
CGroup: /system.slice/prosody.service
└─1015 lua5.2 /usr/bin/prosody

Aug 08 15:12:41 cider123.duckdns.org systemd[1]: Started Prosody XMPP Server.
Aug 08 15:12:59 cider123.duckdns.org prosody[1015]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS conf>
Aug 08 15:12:59 cider123.duckdns.org prosody[1015]: portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS conf>
lines 1-13/13 (END)

Could this be to do with ignx config thats been changed/lost!?

I don't know what ignx is but your Prosody server is failing due to faulty config

You could try reviewing

https://prosody.im/doc/letsencrypt
and this starting at section named Installing the Certificate
https://prosody.im/doc/certificates

3 Likes

Can we see that "SSL/TLS conf" file?

3 Likes

Excuse my ignorance but not sure where the SSL/TLS conf is!
but in the ubuntu server at /etc/ssl/certs there is an "auth.cider123.duckdns.org.pem file amoung about 50 others. In the terminal as user it is coloured red which i assume is becase it has root permissions.
Assuming its the prosody config I checked and it gives:

peter@cider123:/$ prosodyctl check certs


Prosody was unable to find the configuration file.
We looked for: /etc/prosody/prosody.cfg.lua
A sample config file is included in the Prosody download called prosody.cfg.lua.dist
Copy or rename it to prosody.cfg.lua and edit as necessary.
More help on configuring Prosody can be found at Configuring Prosody – Prosody IM
Good luck!


peter@cider123:/$

It seems that during up dating prosody lost links to the cert.

When I originally installed Jitsi I did it via a "Quick Install" and I think it may have run scripts to configure prosody.

Can I assume the pem file is correct and I just need properly configured prosody conf to get it to work or is it more complicated!?

PS ignore reference to ignx.
Thanks

1 Like

Yes, pem cert files look fine.

Also see Prosody config links from my earlier post

3 Likes

Thanks for the info, I am a little busy ATM but need to read exactly what to do as I am not familiar with configuring Prosody.. Will come back when I make some progress later in the week I hope!

1 Like

Apologies for not replying, I have had had ISP/comms/health problems and have not been able to get back, so need to double check prosody config so have posted to keep the thread open.
Before checking config, if prosody is faulty but the certs are OK, is there a time limit on my domain name or is it completely separate and I still have time to sort my problem out!?
Thanks

Not exactly sure what you meant to ask.
But if it is related to LE, there are only few limits:
[which I don't think have anything to do with your situation]

1 Like

Thanks for your quick reply.
I just had a quick look and Prosody cannot find a config file but I do have one:
peter@cider123:/etc/prosody$ prosodyctl check certs


Prosody was unable to find the configuration file.
We looked for: /etc/prosody/prosody.cfg.lua
A sample config file is included in the Prosody download called prosody.cfg.lua.dist
Copy or rename it to prosody.cfg.lua and edit as necessary.
More help on configuring Prosody can be found at Configuring Prosody – Prosody IM
Good luck!


peter@cider123:/etc/prosody$ cd /etc/prosody
peter@cider123:/etc/prosody$ ls
certs conf.avail conf.d migrator.cfg.lua prosody.cfg.lua README
peter@cider123:/etc/prosody$

but it looks as though it is the original sample!
I need to double check but it seems as though my original has been ovewritten - but I might be wrong!
There are no references to my domain which I assume there should be?
Will have to read some more over the weekend but don't know why it has changed because i have not done anything except update the server (Ubuntu 20.4)
Thanks

1 Like

Try finding the config file, with:
grep -Ri cider123.duckdns.org /etc/prosody

1 Like

I seem to have a lot of cert references, seems to be duplicated!?

and the certs are in the folders quoted:
prosodycerts3Sep.txt (6.7 KB)

Does the above look OK?

Should I try removing and re-installing prosody if so would I need to get new certs?

Thanks

1 Like

I see what looks like two certs referenced twice:
[once in conf.avail and once in conf.d]

/etc/prosody/conf.avail/cider123.duckdns.org.cfg.lua:                key = "/etc/prosody/certs/cider123.duckdns.org.key";
/etc/prosody/conf.avail/cider123.duckdns.org.cfg.lua:                certificate = "/etc/prosody/certs/cider123.duckdns.org.crt";
/etc/prosody/conf.avail/cider123.duckdns.org.cfg.lua:        key = "/etc/prosody/certs/auth.cider123.duckdns.org.key";
/etc/prosody/conf.avail/cider123.duckdns.org.cfg.lua:        certificate = "/etc/prosody/certs/auth.cider123.duckdns.org.crt";
/etc/prosody/conf.d/cider123.duckdns.org.cfg.lua:                key = "/etc/prosody/certs/cider123.duckdns.org.key";
/etc/prosody/conf.d/cider123.duckdns.org.cfg.lua:                certificate = "/etc/prosody/certs/cider123.duckdns.org.crt";
/etc/prosody/conf.d/cider123.duckdns.org.cfg.lua:        key = "/etc/prosody/certs/auth.cider123.duckdns.org.key";
/etc/prosody/conf.d/cider123.duckdns.org.cfg.lua:        certificate = "/etc/prosody/certs/auth.cider123.duckdns.org.crt";

I don't know enough about Prosody to know.

My aim was only for you to be able to find the config file.

2 Likes

OK thanks I will read about Prosody config/look up my old install notes and approach the Prosody forum as thats where the problem seems to be, failing all that I think I will have to do a fresh Jitsi install which I was trying to avoid.
Regards

1 Like