Solution to Let's Encrypt ssl certificate renewal fail - BBB 2.4

1,045 views

Skip to first unread message

Daniel Rodriguez

unread,

Apr 6, 2022, 11:11:23 AM4/6/22

to BigBlueButton-dev

Fellows,

If you used the standard one command to install BBB 2.4 with Greenlight and SSL, after 3 months you will get a fail caused by the SSL certificate been expired.

If you try to renew the certificate with the command:

sudo certbot renew

You will get error messages including something like:

///////////START

# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/DOMAIN.EXT.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for DOMAIN.EXT
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (DOMAIN.EXT) from /etc/letsencrypt/renewal/DOMAIN.EXT.conf produced an unexpected error: Failed authorization procedure. meet.tecnosoluciones.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://DOMAIN.EXT/b [IP]: "\n<!DOCTYPE html>\n<html>\n <head>\n\n <title>Greenlight</title>\n <meta property=\"og:title\" content=\"BigBlueButton\" />\n <me". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/DOMAIN.EXT/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/DOMAIN.EXT/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: meet.tecnosoluciones.com
Type: unauthorized
Detail: Invalid response from https://DOMAIN.EXT/b
[IP]: "\n<!DOCTYPE html>\n<html>\n <head>\n\n
<title>Greenlight</title>\n <meta property=\"og:title\"
content=\"BigBlueButton\" />\n <me"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

//////////END

Well, the problem with this is caused by the fact the the one command installation of BBB 2.4 doesn't take into account the /b redirection that greenlight normally requires which affects the response of the Let's Encrypt Acme Validation Test.

To solve this you should execute:

nano /etc/nginx/sites-available/bigbluebutton

Look for this code:

location / {

#root /var/www/bigbluebutton-default;

#index index.html index.htm;

#expires 1m;

return 307 /b;

}

and just after that, add this new code:

location ^~ /.well-known/acme-challenge/ {

default_type "text/plain";

rewrite /.well-known/acme-challenge/(.*) /$1 break;

root /var/www/bigbluebutton-default/.well-known/acme-challenge;

}

Then, please restart nginx to reload the conf files:

/bin/systemctl reload nginx

Now you should be able to renew the certificate using:

sudo certbot renew

That's it.

Also, the one command installation forget to add to the crontab the required commands to renew the ssl certificate each 90 days. To fix that please edit the crontab with:

# sudo crontab -e

and add the following lines:

30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log

35 2 * * 1 /bin/systemctl reload nginx

Save the file and restart the cron service:

service cron restart

Done.

Reply all

Reply to author

Forward

0 new messages