Letsencrypt wont renew
330 views
Skip to first unread message
Graeme Henderson
May 3, 2023, 2:40:49 AM5/3/23
to BigBlueButton-Setup
After 2.6 update I am not able to renew the certificate
Error I get is
/var/www$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bbb.jaken.com.au.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bbb.jaken.com.au
Using the webroot path /var/www/bigbluebutton-default/assets for all unmatched domains.
Waiting for verification...
Challenge failed for domain bbb.jaken.com.au
http-01 challenge for bbb.jaken.com.au
Cleaning up challenges
Attempting to renew cert (bbb.jaken.com.au) from /etc/letsencrypt/renewal/bbb.jaken.com.au.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bbb.jaken.com.au/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bbb.jaken.com.au/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bbb.jaken.com.au
Type: connection
Detail: 52.63.199.84: Fetching
https://bbb.jaken.com.au/.well-known/acme-challenge/cIrkcWjmdfCL6wpHyo8TyJkux3t1xYo5V6PYkFEaYRY:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
$
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bbb.jaken.com.au.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bbb.jaken.com.au
Using the webroot path /var/www/bigbluebutton-default/assets for all unmatched domains.
Waiting for verification...
Challenge failed for domain bbb.jaken.com.au
http-01 challenge for bbb.jaken.com.au
Cleaning up challenges
Attempting to renew cert (bbb.jaken.com.au) from /etc/letsencrypt/renewal/bbb.jaken.com.au.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bbb.jaken.com.au/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bbb.jaken.com.au/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bbb.jaken.com.au
Type: connection
Detail: 52.63.199.84: Fetching
https://bbb.jaken.com.au/.well-known/acme-challenge/cIrkcWjmdfCL6wpHyo8TyJkux3t1xYo5V6PYkFEaYRY:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
$
distancelearning.cloud
May 3, 2023, 6:22:00 AM5/3/23
to BigBlueButton-Setup
bbb-install.sh should fix this if you rerun and update to 2.6.5
basically need this added to /etc/bigbluebutton/nginx/sites-available/bigbluebutton
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
Regards,
Stephen
Graeme Henderson
May 3, 2023, 7:05:34 PM5/3/23
to BigBlueButton-Setup
This didnt work
I note there is no sites-available in the directory
/etc/bigbluebutton/nginx
as follows
root@ip-10-0-40-8:/etc/bigbluebutton/nginx# ls -la
total 8
drwxr-xr-x 2 root root 4096 Feb 9 00:23 .
drwxr-xr-x 5 root root 4096 May 3 22:56 ..
lrwxrwxrwx 1 root root 46 Feb 9 00:23 include_default.nginx -> /usr/share/bigbluebutton/include_default.nginx
total 8
drwxr-xr-x 2 root root 4096 Feb 9 00:23 .
drwxr-xr-x 5 root root 4096 May 3 22:56 ..
lrwxrwxrwx 1 root root 46 Feb 9 00:23 include_default.nginx -> /usr/share/bigbluebutton/include_default.nginx
Graeme
Graeme Henderson
May 3, 2023, 7:29:50 PM5/3/23
to BigBlueButton-Setup
There is a directory /etc/nginx/sites-available containing file bigbluebutton
root@ip-10-0-40-8:/etc/nginx/sites-available# cat bigbluebutton
With following contents
=====================
server_tokens off;
server {
listen 80;
listen [::]:80;
server_name bbb.jaken.com.au;
location ^~ / {
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name bbb.jaken.com.au;
location ^~ / {
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
real_ip_recursive on;
server {
# this double listenting is intended. We terminate SSL on haproxy. HTTP2 is a
# binary protocol. haproxy has to decide which protocol is spoken. This is
# negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
listen 127.0.0.1:82 http2 proxy_protocol;
listen [::1]:82 http2;
listen 127.0.0.1:81 proxy_protocol;
listen [::1]:81;
server_name bbb.jaken.com.au;
# nginx does not know its external port/protocol behind haproxy, so use relative redirects.
absolute_redirect off;
# HSTS (uncomment to enable)
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/bigbluebutton.access.log;
# This variable is used instead of $scheme by bigbluebutton nginx include
# files, so $scheme can be overridden in reverse-proxy configurations.
set $real_scheme "https";
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default/assets;
try_files $uri @bbb-fe;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
}
real_ip_header proxy_protocol;
real_ip_recursive on;
server {
# this double listenting is intended. We terminate SSL on haproxy. HTTP2 is a
# binary protocol. haproxy has to decide which protocol is spoken. This is
# negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
listen 127.0.0.1:82 http2 proxy_protocol;
listen [::1]:82 http2;
listen 127.0.0.1:81 proxy_protocol;
listen [::1]:81;
server_name bbb.jaken.com.au;
# nginx does not know its external port/protocol behind haproxy, so use relative redirects.
absolute_redirect off;
# HSTS (uncomment to enable)
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/bigbluebutton.access.log;
# This variable is used instead of $scheme by bigbluebutton nginx include
# files, so $scheme can be overridden in reverse-proxy configurations.
set $real_scheme "https";
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default/assets;
try_files $uri @bbb-fe;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
}
Message has been deleted
Graeme Henderson
May 3, 2023, 7:42:27 PM5/3/23
to BigBlueButton-Setup
oot@ip-10-0-40-8:/etc/nginx/sites-available# bbb-conf --check
BigBlueButton Server 2.6.5 (1153)
Kernel version: 5.15.0-1033-aws
Distribution: Ubuntu 20.04.6 LTS (64-bit)
Memory: 15909 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://bbb.jaken.com.au
defaultGuestPolicy: ALWAYS_ACCEPT
defaultMeetingLayout: CUSTOM_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: bbb.jaken.com.au
port: 80, [::]:80127.0.0.1:82 http2 proxy_protocol, [::1]:82 http2127.0.0.1:81 proxy_protocol, [::1]:81
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 10.0.40.8
external_rtp_ip: 52.63.199.84
external_sip_ip: 52.63.199.84
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
ws-binding: 52.63.199.84:5066
wss-binding: 52.63.199.84:7443
UDP port ranges
FreeSWITCH: 16384-24576
kurento: 24577-32768
bbb-webrtc-sfu: 24577-32768
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: bbb.jaken.com.au
playback_protocol: https
ffmpeg: 4.2.7-0ubuntu0.1
/usr/share/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: 52.63.199.84
protocol: http
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (bbb-webrtc-sfu)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (bbb-webrtc-sfu - override)
mediasoup.webrtc.*.announcedIp: 52.63.199.84
mediasoup.plainRtp.*.announcedIp: 52.63.199.84
kurento.ip: 52.63.199.84
kurento.url: ws://127.0.0.1:8888/kurento
freeswitch.sip_ip: 52.63.199.84
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 574
kurentoUrl: wss://bbb.jaken.com.au/bbb-webrtc-sfu
defaultFullAudioBridge: sipjs
defaultListenOnlyBridge: fullaudio
sipjsHackViaWs: true
# Potential problems described below
root@ip-10-0-40-8:/etc/nginx/sites-available#
BigBlueButton Server 2.6.5 (1153)
Kernel version: 5.15.0-1033-aws
Distribution: Ubuntu 20.04.6 LTS (64-bit)
Memory: 15909 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://bbb.jaken.com.au
defaultGuestPolicy: ALWAYS_ACCEPT
defaultMeetingLayout: CUSTOM_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: bbb.jaken.com.au
port: 80, [::]:80127.0.0.1:82 http2 proxy_protocol, [::1]:82 http2127.0.0.1:81 proxy_protocol, [::1]:81
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 10.0.40.8
external_rtp_ip: 52.63.199.84
external_sip_ip: 52.63.199.84
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
ws-binding: 52.63.199.84:5066
wss-binding: 52.63.199.84:7443
UDP port ranges
FreeSWITCH: 16384-24576
kurento: 24577-32768
bbb-webrtc-sfu: 24577-32768
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: bbb.jaken.com.au
playback_protocol: https
ffmpeg: 4.2.7-0ubuntu0.1
/usr/share/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: 52.63.199.84
protocol: http
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (bbb-webrtc-sfu)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (bbb-webrtc-sfu - override)
mediasoup.webrtc.*.announcedIp: 52.63.199.84
mediasoup.plainRtp.*.announcedIp: 52.63.199.84
kurento.ip: 52.63.199.84
kurento.url: ws://127.0.0.1:8888/kurento
freeswitch.sip_ip: 52.63.199.84
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 574
kurentoUrl: wss://bbb.jaken.com.au/bbb-webrtc-sfu
defaultFullAudioBridge: sipjs
defaultListenOnlyBridge: fullaudio
sipjsHackViaWs: true
# Potential problems described below
root@ip-10-0-40-8:/etc/nginx/sites-available#
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
0 new messages