After I renewed my certificate I cant’t access couchdb through https. Nothing changed in the configuration file. Only the renewal was done. It works over port 5984 without https but not on 6984 with https
My domain is: hotelbee.tk
I ran this command: sudo certbot --config-dir /opt/couchdb/letsencrypt renew
My web server is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: Digitalocean
Hi @neli95,
Welcome to the community forum!
I couldn’t find explicit documentation stating what to do when replacing a certificate in CouchDB, but have you tried issuing a SIGHUP or reloading the process assuming CouchDB has a reload function. If all of that fails, the CouchDB docs state that when configuring a TLS cert you should restart the process, but that can lead to a temporary outage every 90 days https://docs.couchdb.org/en/1.3.0/ssl.html. Worst case scenario you might want to look into fronting CouchDB with HAProxy or Nginx.
Is it absolutely critical for you to use a Let’s Encrypt cert for this service instead of something like https://github.com/cloudflare/cfssl or https://github.com/FiloSottile/mkcert ?
Do your logs give any insight as to why the new cert hasn’t been picked up?
$ echo | openssl s_client -connect hotelbee.tk:6984 -servername hotelbee.tk 2>/dev/null
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
$ telnet hotelbee.tk 5984
Trying 46.101.112.224...
Connected to hotelbee.tk.
Escape character is '^]'.
^]
telnet> \q
Connection closed.
$ telnet hotelbee.tk 6984
Trying 46.101.112.224...
Connected to hotelbee.tk.
Escape character is '^]'.
Connection closed by foreign host.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.