Not able to generate certificate for nginix

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: keycloak.air.gi

I ran this command:sudo certbot -v --nginx -d keycloak.air.gi

It produced this output:
[root@nginxint01 ~]# sudo certbot -v --nginx -d keycloak.air.gi
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for keycloak.air.gi
Performing the following challenges:
http-01 challenge for keycloak.air.gi
Waiting for verification...
Challenge failed for domain keycloak.air.gi
http-01 challenge for keycloak.air.gi

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: keycloak.air.gi
Type: unauthorized
Detail: 185.75.80.126: Invalid response from http://keycloak.air.gi/.well-known/acme-challenge/zIpUHlgbJFABPKlgut8V8BKIWpbC8caWM1V_SN0uKpQ: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version):
Centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @Aklesh, and welcome to the LE community forum :slight_smile:

Please show the nginx configuration, with:
nginx -T

5 Likes

[root@nginxpub01 ~]# nginx -T

nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user  nginx;
worker_processes  4;
worker_rlimit_nofile 32768;
error_log  /var/log/nginx/error.log crit;
pid        /var/run/nginx.pid;
load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
events {
    worker_connections  4096;
    use epoll;
    multi_accept on;
}
http {
    server_tokens off;
    sendfile    on;
    tcp_nopush  on;
    tcp_nodelay on;
    keepalive_timeout  30;
    keepalive_requests 10000;
    reset_timedout_connection on;
#   open_file_cache max=2000 inactive=10s;
#   open_file_cache_valid 15s;
#   open_file_cache_min_uses 2;
#   open_file_cache_errors on;
    proxy_connect_timeout 10;
    proxy_read_timeout 45;
    proxy_send_timeout 45;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_buffers 16 16k;
    proxy_buffer_size 16k;
    client_max_body_size 100M;
    include       /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type  application/octet-stream;
    #gzip  on;
    log_format alepo    '"$time_local" client=$remote_addr '
                        'method=$request_method request="$request" '
                        'request_length=$request_length '
                        'status=$status bytes_sent=$bytes_sent '
                        'body_bytes_sent=$body_bytes_sent '
                        'referer=$http_referer '
                        'user_agent="$http_user_agent" '
                        'upstream_addr=$upstream_addr '
                        'upstream_status=$upstream_status '
                        'request_time=$request_time '
                        'upstream_response_time=$upstream_response_time '
                        'upstream_connect_time=$upstream_connect_time '
                        'upstream_header_time=$upstream_header_time';
    access_log  /var/log/nginx/access.log  alepo;
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    application/font-woff                            woff;
    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/default.conf:
server {
  listen       80;
  server_name  localhost;
#modsecurity on;
#modsecurity_rules_file "/etc/nginx/modsec/modsec_includes.conf";
  location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
  }
  location /nginx_status {
    stub_status on;
    access_log off;
#   allow 127.0.0.1;
#   deny all;
  }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

# configuration file /etc/nginx/conf.d/selfcare.conf:
upstream aleposelfcare {
        server selfcare01.int.alepo.gfs:9090 max_fails=3 fail_timeout=60 weight=1;
        server selfcare02.int.alepo.gfs:9090 backup;

}

#### For WSCR External 9443 SSL

server {
  listen 10.128.230.46:9443 ssl;
  ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
  ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
  ssl_session_cache shared:SSL:20m;
  ssl_session_timeout 30m;
  error_page 497  https://$host:$server_port$request_uri;

  location / {
   sub_filter 'http://10.128.230.46:9443'  'https://10.128.230.46:9443';
   sub_filter_once off;
   proxy_next_upstream error timeout http_502 http_504;
   proxy_pass http://aleposelfcare;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_set_header      X-Real-IP  $remote_addr;
   proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header      Host $host;
   proxy_redirect        http:// https://;
   proxy_set_header      X-Forwarded-Proto https;
   proxy_set_header      X-Forwarded-Proto http;
   add_header            Front-End-Https         on;
   add_header Access-Control-Allow-Origin *;
   real_ip_recursive     on;
  #proxy_set_header Connection "";
   proxy_set_header Accept-Encoding "";
   #add_header            X-Forwarded-For $proxy_add_x_forwarded_for;
   #add_header            X-Real-IP  $remote_addr;
  }
}

#### For WSCR 80 to 443 redirect

server {
  listen 10.128.230.46:9090;
  if ($request_uri = "/") {
     return 301 https://$host:9443;
  }
#  location / {
#   proxy_pass http://aleposelfcare;
#   proxy_set_header X-Real-IP $remote_addr;
#   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#   proxy_set_header Host $host:$server_port;
#   proxy_set_header X-Forwarded-Proto http;
#   real_ip_recursive on;
#  }
}

please find the details as requested

I don't see an HTTP server block that handles the name "keycloak.air.gi".
You should have a working HTTP site before trying to secure it via HTTP-01 authentication.

5 Likes

Hi Ryan

Thanks for the input.

I am very new and would like your support how to add and where to add

1 Like

? ? ?

You will need a working HTTP site before trying to secure it via HTTP-01 authentication and --nginx.

5 Likes

Hi Ryan

Can you please help me with the configuration ?

http://keycloak.air.gi/

It did display the page.

Thanks for the support

1 Like

There is no "Ryan".

4 Likes

I see you got two certs yesterday so maybe this is not helpful anymore. But, when you use the certbot nginx plug-in you should have a server block for the domain name you request.

There are various ways to do this. In your case, you might create a new file for example /etc/nginx/conf.d/keycloak.conf with this in it:

server {
  listen       80;
  server_name  keycloak.air.gi;
  root         /usr/share/nginx/html;
}

then, the certbot command in your first post will use this server block to verify your domain. If success, you will get a cert and certbot will create another server block for HTTPS for that domain (with a listen for port 443, the certs configured, and so on). It can also setup redirects from http to https.

sudo certbot -v --nginx -d keycloak.air.gi

As more info, your nginx was responding to HTTP (port 80) requests because you had a server block listening on that port. But, the server name was localhost. Because there was only one port 80 server block it was your default for all HTTP requests. Making the new server block for keycloak will have HTTP requests for keycloak domain sent to the new one and not the default.

3 Likes

Something is listening on Port 80.

$ curl -I http://keycloak.air.gi
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 19:03:19 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 03 Oct 2022 07:41:17 GMT
Connection: keep-alive
ETag: "633a921d-264"
Accept-Ranges: bytes

$ curl -I http://keycloak.air.gi/.well-known/acme-challenge/zIpUHlgbJFABPKlgut8V8BKIWpbC8caWM1V_SN0uKpQ
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 04 Dec 2022 19:07:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

$ curl http://keycloak.air.gi/.well-known/acme-challenge/zIpUHlgbJFABPKlgut8V8BKIWpbC8caWM1V_SN0uKpQ
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
$ nmap keycloak.air.gi
Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-04 10:58 PST
Nmap scan report for keycloak.air.gi (185.75.80.126)
Host is up (0.18s latency).
rDNS record for 185.75.80.126: 126.80.75.185.in-addr.arpa
Not shown: 955 filtered ports
PORT      STATE SERVICE
49/tcp    open  tacacs
80/tcp    open  http
90/tcp    open  dnsix
119/tcp   open  nntp
541/tcp   open  uucp-rlogin
1060/tcp  open  polestar
1068/tcp  open  instl_bootc
1091/tcp  open  ff-sm
1104/tcp  open  xrl
1117/tcp  open  ardus-mtrns
1121/tcp  open  rmpp
1152/tcp  open  winpoplanmess
1218/tcp  open  aeroflight-ads
1494/tcp  open  citrix-ica
1700/tcp  open  mps-raft
2035/tcp  open  imsldoc
2196/tcp  open  unknown
2393/tcp  open  ms-olap1
2500/tcp  open  rtsserv
3001/tcp  open  nessus
3030/tcp  open  arepa-cas
3889/tcp  open  dandv-tester
4279/tcp  open  vrml-multi-use
4446/tcp  open  n1-fwp
5214/tcp  open  unknown
5961/tcp  open  unknown
6101/tcp  open  backupexec
6543/tcp  open  mythtv
6789/tcp  open  ibm-db2-admin
7007/tcp  open  afs3-bos
7512/tcp  open  unknown
7676/tcp  open  imqbrokerd
8007/tcp  open  ajp12
8193/tcp  open  sophos
8649/tcp  open  unknown
8873/tcp  open  dxspider
9111/tcp  open  DragonIDSConsole
9876/tcp  open  sd
13782/tcp open  netbackup
22939/tcp open  unknown
25735/tcp open  unknown
35500/tcp open  unknown
44176/tcp open  unknown
44443/tcp open  coldfusion-auth
52848/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 49.84 seconds
1 Like

Hello @MikeMcQ
The server block for keycloak has been added already with the following configuration:

server {
  listen 9500 ssl;
  server_name keycloak.air.gi;
}

As on executing this command: certbot -v --nginx -d keycloak.air.gi
Certbot is taking port 80 by default to check the domain configuration and giving this issue:

So is there any way to define port?

Thanks in advance.

1 Like

No; HTTP-01 authentication is only done on port 80.
You've made changes to nginx.
Please show the later configuration, with:
nginx -T

2 Likes

Please find the output:

[root@nginxint01 conf.d]# nginx -T
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: [warn] could not build optimal proxy_headers_hash, you should increase either proxy_headers_hash_max_size: 512 or proxy_headers_hash_bucket_size: 64; ignoring proxy_headers_hash_bucket_size
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user  nginx;
worker_processes  4;
worker_rlimit_nofile 32768;
error_log  /var/log/nginx/error.log crit;
pid        /var/run/nginx.pid;
load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
events {
    worker_connections  4096;
    use epoll;
    multi_accept on;
}
http {
    server_tokens off;
    sendfile    on;
    tcp_nopush  on;
    tcp_nodelay on;
    keepalive_timeout  30;
    keepalive_requests 10000;
    reset_timedout_connection on;
#   open_file_cache max=2000 inactive=10s;
#   open_file_cache_valid 15s;
#   open_file_cache_min_uses 2;
#   open_file_cache_errors on;
    proxy_connect_timeout 10;
    proxy_read_timeout 45;
    proxy_send_timeout 45;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_buffers 16 16k;
    proxy_buffer_size 16k;
    client_max_body_size 100M;
    include       /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type  application/octet-stream;
    #gzip  on;
    log_format alepo    '"$time_local" client=$remote_addr '
                        'method=$request_method request="$request" '
                        'request_length=$request_length '
                        'status=$status bytes_sent=$bytes_sent '
                        'body_bytes_sent=$body_bytes_sent '
                        'referer=$http_referer '
                        'user_agent="$http_user_agent" '
                        'upstream_addr=$upstream_addr '
                        'upstream_status=$upstream_status '
                        'request_time=$request_time '
                        'upstream_response_time=$upstream_response_time '
                        'upstream_connect_time=$upstream_connect_time '
                        'upstream_header_time=$upstream_header_time';
    access_log  /var/log/nginx/access.log  alepo;
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    application/font-woff                            woff;
    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}
# configuration file /etc/nginx/conf.d/default.conf:
server {
  listen       80;
  server_name  localhost;
#modsecurity on;
#modsecurity_rules_file "/etc/nginx/modsec/modsec_includes.conf";
  location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
  }
  location /nginx_status {
    stub_status on;
    access_log off;
#   allow 127.0.0.1;
#   deny all;
  }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

# configuration file /etc/nginx/conf.d/keycloak.conf:
upstream alepokeycloak {
            server campaign01.int.alepo.gfs:8090 max_fails=3 fail_timeout=60 weight=1;
            server campaign02.int.alepo.gfs:8090 backup;
}

upstream alepokc {
            server campaign01.int.alepo.gfs:9500 max_fails=3 fail_timeout=60 weight=1;
            server campaign02.int.alepo.gfs:9500 backup;
}

server {
  listen 10.128.230.42:9500 ssl;
  server_name keycloak.air.gi;
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec/modsec_includes.conf;
  ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
  ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
  ssl_session_cache shared:SSL:20m;
  ssl_session_timeout 30m;
  error_page 497  https://$host:$server_port$request_uri;

  location / {
   proxy_pass http://alepokc;
   proxy_http_version 1.1;
   proxy_set_header Connection "";
   proxy_set_header Accept-Encoding "";
   proxy_set_header      X-Real-IP  $remote_addr;
   proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header      Host $host:$server_port;
   proxy_redirect        http:// https://;
   proxy_set_header      X-Forwarded-Proto https;
   add_header            Front-End-Https         on;
   real_ip_recursive     on;
   add_header            X-Forwarded-For $proxy_add_x_forwarded_for;
   add_header            X-Real-IP  $remote_addr;
  }
}

server {
  listen 10.128.230.42:8090;
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec/modsec_includes.conf;
  location / {
   proxy_pass http://alepokeycloak;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header Host $host:$server_port;
   proxy_set_header X-Forwarded-Proto http;
   real_ip_recursive on;
  }
}


Certbot does not "take port 80". With the --nginx plug-in it will temporarily modify your nginx config and then request a cert from Let's Encrypt. The LE servers make an HTTP request to your domain looking for the value setup by Certbot in nginx. You can redirect the HTTP request to HTTP (port 80) or HTTPS (port 443) but you cannot use non-standard ports for this challenge. If you plan to use this cert on non-standard ports you will have to configure those server blocks manually.

You should refer back to my post #9

You can learn more about how HTTP Challenges work at this topic

3 Likes

I don't see any significant change.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.