IRC bot eggdrop with Let's encrypt

shinyrhino · July 9, 2023, 5:22pm

Dear all, I am trying to run IRC bot EGGDROP to connect via TSL to IRC network irc.dhub.chat:+6997, but I get this error:

My domain is: dhub.chat with subdomains irc.dhub.chat, web.dhub.chat

I ran this command: ./eggdrop -mnt dandelionhub_guard-basic.conf

It produced this output: ERROR: TLS: unable to load own certificate from cert.pem: error:80000002:system library::No such file or directory

My web server is (include version): nginx version: nginx/1.22.1

The operating system my web server runs on is (include version): Debian 12

My hosting provider, if applicable, is: hosting.de

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, just bash and certbot

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

Kr, Shiny

MikeMcQ · July 9, 2023, 8:13pm

I am not sure I understand your problem except that it looks like you need help configuring the Eggdrop IRC bot

I see you got a Let's Encrypt cert which includes all your domain names. That's great. And, your nginx server uses this cert with HTTPS - also very nice.

We often help people resolve problems with common servers. And, we sometimes help with unusual services. I have never seen Eggdrop on this forum and don't have any personal experience with it.

I am posting to suggest trying the Egghead site and their various support options - docs, forum, github. You will find more experts there who know this IRC service and how to configure it.
https://www.eggheads.org/

Osiris · July 9, 2023, 8:26pm

To me, it looks like Eggdrop is looking for a cert.pem in a locarion where there is no such file. That's all I can say/think of based on the information currently provided.

It's unknown how Eggdrop is configured, it's unknown why Eggdrop would require a certificate configured in the first place.

Also, is dhub.chat your domain or just a "random" IRC server you're trying to connect Eggbot to?

schoen · July 9, 2023, 10:20pm

Yes, why does your IRC bot require a certificate (or a domain name)? It seems like only the IRC server normally needs those things.

mcpherrinm · July 9, 2023, 11:28pm

I think it’s commonly supported to authenticate to IRC networks with a client cert, but I think it’s usually a self-signed cert that’s tied to an account. Eg, Using CertFP | Libera Chat

But it’s possible some networks require a publicly trusted client cert.

shinyrhino · July 10, 2023, 7:39am

Dear all, thanks for pointing me in the right direction. I solved the problem by pointing the eggdrop bot to the correct path with .pem files by defining "set ssl-capath "/etc/ssl/certs/" " (not /etc/ssl/ as in the default settings in the eggdrop.conf file).

Eggdrop is a bot to programmatically control an IRC network. At the moment the bot and the IRC server reside on the same host (ie my domain dhub.chat incl subdomains) so TSL-encryption would not be required, but I don't want to open a plain-text port for security reasons. Certification is a prequisit for encryption between client and server connection, AFAIK.

BTW, Eggdrop is a bot not a bouncer (proxy), like ZNC or QuasselCore, which keep a permanent connection with IRC even when a user is logged off so no messages are missed.

Thanks again!

Osiris · July 10, 2023, 7:41am

But usually only on the server side.

schoen · July 10, 2023, 7:51am

I'm still not sure that the Let's Encrypt certificate is really required for your application, but thank you for sharing your solution publicly so other people may be able to benefit from it in the future.

linkp · July 10, 2023, 12:08pm

It sounds like it needs that path for the trusted root CAs found there.

system · August 9, 2023, 12:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.