What is the Best Way to Renew SSL Cert on BBB 2.0

[Tolu Okuboyejo]

Hi Team,

What is the best way to renew the SSL Certificate on a 2.0 BigBlueButton Server installed using the install.sh script?

I had a SSL certificate expire without being renewed on a server that was installed about 90 days ago and I'm trying to renew it the best way.

Regards.

Tolu Okuboyejo
Chief Technology Officer | ICT University
+1 (225) 221-1747

+234 (806) 733-9860 (WhatsApp)

https://ictuniversity.org

YouTube

[Tolu Okuboyejo]

Hello,

I found a way to resolve this issue by following the certificate installation steps at http://docs.bigbluebutton.org/install/install.html#using-lets-encrypt, but I think it will be nice if the bbb-install.sh script also includes the certificate renewal process and probably writes it into cron to automate certificate renewal.

Thank you!

Regards.

Tolu Okuboyejo
Chief Technology Officer | ICT University
+1 (225) 221-1747

+234 (806) 733-9860 (WhatsApp)

https://ictuniversity.org

YouTube

[Fred Dixon]

Hi Tolu,

We had an error in the earlier version of bbb-install.sh that didn't properly renew the Lets Encrypt certificate.  We've since fixed it, here's the proper code

  https://github.com/bigbluebutton/bbb-install/blob/master/bbb-install.sh#L620

If you run bbb-install.sh with the same parameters, it will install the correct script.

Regards,... Fred

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

--

BigBlueButton Developer

http://bigbluebutton.org/

@bigbluebutton

[Tolu Okuboyejo]

Hi Fred & Team,

Thank you for the great work you are doing, much appreciated. I will update the server to reflect this change.

Regards.

Tolu Okuboyejo
Chief Technology Officer | ICT University

+1 (225) 221-1747 | +234 1 440-6133
https://ictuniversity.org

[J G]

Thnaks for this post.

Off course what Fred said remains the best response as it may also help with additional improvements.

I just did following and it fixed for me in seconds. This is from the link provided by Tolu.

------------------------------------------------------------------

The Let’s Encrypte certificates are good for 90 days and can be automatically renewed. To automatically request a renewal once a week, edit the crontab file for root.

# sudo crontab -e

And add the following two lines at the bottom:

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
35 2 * * 1 /bin/systemctl reload nginx

These two directives will execute the letsencrypt-auto renew command every Monday at 2:30 am, and then reload Nginx at 2:35am (so the renewed certificate will be used). The output will be piped to a log file located at /var/log/le-renewal.log, so you can always check it later.

----------------------------------------------------------------------

If your certificate expired then first run following two commands as root to fix problem instantly and then add Crontab entries as advised by BBB team above in documentation.

/usr/bin/letsencrypt renew >> /var/log/le-renew.log
/bin/systemctl reload nginx

Hope it helps someone.

[Ivos Riti]

hi all, i've the problem on nginx that dont start after renew ssl. i update by sh file. my  versione is 2.2. Last year, i solved with the upper solution(suggested by Fred) ,  but this time there is no way.

SSH reply "Cert not yet due for renewal", bur Nginx dont start.

Any idea?

million tnx in advanced

[sd...@distancelearning.cloud]

What does “sudo nginx -t” display, will tell you the exact reason

 

Regards,

Stephen

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/f5e2c64c-643f-45c9-b482-ace13b9e85c1n%40googlegroups.com.

[Ivos Riti]

it display only "test failed". this may be because Nginx not started

It work only withiut ssl on port 80. If i anable https, it stop to work. 

My old ssl certificate will expires on 5 day,  but i allready renewed and now nothing works

[Raxit Sheth]

Try

nginx -t && nginx -s reload

Raxit

--

[Ivos Riti]

Thanks to all for support

i tryed raxitsh method but give me errot

nginx: [warn] invalid value "TLSv1.3" in /etc/nginx/sites-enabled/bigbluebutton:20
nginx: configuration file /etc/nginx/nginx.conf test failed

the file content is

  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name webinar.bonsaiclub.it;

    ssl_certificate /etc/letsencrypt/live/webinar.bonsaiclub.it/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/webinar.bonsaiclub.it/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE$
    ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;

i  can't  understand the error

I renewer 5 days before. now certbot  display 

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.29.0 renewal configuration file found at /etc/letsencrypt/renewal/webinar.bonsaiclub.it.conf with version 0.31.0 of Certbot. This might not work.

Cert not yet due for renewal

but, Nginx dont starts for an error ssl

there is a way to remove completly ssl ? so, i can renstall by .sh file in a second time

[sd...@distancelearning.cloud]

It’s telling you the error…   line 20 of config file.   Remove the TLSv1.3 and see what happens.  Looks like old nginx may not support

 

[warn] invalid value "TLSv1.3" in /etc/nginx/sites-enabled/bigbluebutton:20

 

Regards,

Stephen

 

 

From: bigbluebu...@googlegroups.com <bigbluebu...@googlegroups.com> On Behalf Of Ivos Riti

To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/4bb7622c-b804-460e-82f8-33adf10c3c16n%40googlegroups.com.

[Ivos Riti]

Hi all,

at the end I dont' found solution and i reinstalled 2,5 version on a new server.

Anyway, I would like to thanks for your support