I want to setup a cert on port 443

RelyIz · October 10, 2019, 5:21pm

My domain is: raidhosting.nl (but want to use a subdomain panel.raidhosting.nl)

I ran this command:
acme.sh --issue --alpn --pre-hook “systemctl stop nginx” --post-hook “systemctl start nginx” -d panel.raidhosting.nl

It produced this output: https://hastebin.com/tacoxegano.cs

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu Server 16.04 (LTS)

My hosting provider, if applicable, is: no

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I want to setup pterodactyl on port 443 because my Isp uses port 80.
I’m following this guide to set this up but it doesn’t work for me but if there is another guide please lmk.

rg305 · October 10, 2019, 5:32pm

It seems that it was unable to run the pre and post hook commands.
Try running the command with sudo.

RelyIz · October 10, 2019, 5:33pm

If i run it with sudo it doesn’t find the command, that’s the same when i do it with root

rg305 · October 10, 2019, 5:42pm

Perhaps changing:

To something more like:
"sudo ./systemctl stop nginx"

RelyIz · October 10, 2019, 5:46pm

It’s still giving me an error

schoen · October 10, 2019, 5:54pm

Maybe try service nginx stop and service nginx start instead?

RelyIz · October 10, 2019, 6:33pm

I’m getting this when doing it your way @schoen i’m getting this in the log file:
https://hastebin.com/saduqavoha.cs
I don’t know it is an issue with cert bot or with nginx because nginx won’t even start now.

schoen · October 10, 2019, 6:41pm

Perhaps the OpenSSL server that acme.sh started is still running and still listening on port 443?

@Neilpang, would you be willing to advise about this?

RelyIz · October 10, 2019, 6:51pm

I can try restarting the host, but before that didn’t help maybe it’ll stop acme.sh.

schoen · October 10, 2019, 7:14pm

You could potentially run pidof openssl to find the OpenSSL server and then kill -9 that process ID (if that’s the problem). Or ss -plt.

RelyIz · October 10, 2019, 7:22pm

That probably isn't the problem because when i run

ss -plt

I get this:

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 70 127.0.0.1:mysql :
LISTEN 0 128 :ssh :
LISTEN 0 128 :::ssh :::
and get this when running

systemctl status nginx

What i get:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2019-10-10 20:52:48 CEST; 28min ago
Process: 1353 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Oct 10 20:52:43 pterodactyl systemd[1]: Starting A high performance web server and a reverse proxy server...
Oct 10 20:52:47 pterodactyl nginx[1353]: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/panel.raidhosting.nl/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/pane
Oct 10 20:52:47 pterodactyl nginx[1353]: nginx: configuration file /etc/nginx/nginx.conf test failed
Oct 10 20:52:48 pterodactyl systemd[1]: nginx.service: Control process exited, code=exited status=1
Oct 10 20:52:48 pterodactyl systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Oct 10 20:52:48 pterodactyl systemd[1]: nginx.service: Unit entered failed state.
Oct 10 20:52:48 pterodactyl systemd[1]: nginx.service: Failed with result 'exit-code'.

rg305 · October 10, 2019, 7:41pm

Did you delete a cert recently?

RelyIz · October 10, 2019, 9:25pm

I believe not. Why is that that problem? Then I prob did.

schoen · October 10, 2019, 9:49pm

If your certificate is mentioned in an nginx configuration file, then you have to delete or edit that nginx configuration file when deleting the referenced certificate. Neither Certbot nor nginx have features that will do this for you.

RelyIz · October 10, 2019, 10:03pm

Oh that could be the issue because yesterday I setup cloudflare wrong, so it couldn’t connect. But before I noticed it hit the limit of 5 per hour. Where would I change that?

schoen · October 10, 2019, 10:06pm

Try

grep -r /etc/letsencrypt/live/panel.raidhosting.nl/fullchain.pem /etc/nginx

to find where it’s referenced in your nginx configuration.

jmorahan · October 10, 2019, 10:12pm

acme.sh's installer sets up a shell alias for the current user when you install it. If you install it as a normal user it will set up the shell alias for that user, so it won't be set up for root. Maybe try installing it as root, then running it as root?

RelyIz · October 10, 2019, 10:17pm

@jmorahan if I try executing it as root it doesn’t find the command, when I do sudo it does the same thing.

jmorahan · October 10, 2019, 10:20pm

Yeah, but did you originally install it as root? eg.

$ sudo -i
# curl https://get.acme.sh | sh
# exit     # logout and login again to activate the shell alias
$ sudo -i
# acme.sh --issue --alpn --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d panel.raidhosting.nl

RelyIz · October 10, 2019, 10:20pm

I’ll try that tomorrow. And thanks for all the help! (all of you).