BBB 2.6 + Greenlightv3 - Let's Encrypt doesn't do automatic renewal
268 views
Skip to first unread message
Goodfred
Jul 26, 2023, 10:09:41 AM7/26/23
to BigBlueButton-Setup
Hello again everyone! :)
I've stopped "docker compose down" with the hope, that port 80 is free to use.
I've seen that the let's encrypt certificate only lasts to tomorrow (2o'clock pm)
Then I've tried following
----------
root@bigbluebutton:~/greenlight# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/subdomain.domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.tld
Using the webroot path /var/www/bigbluebutton-default for all unmatched domains.
Waiting for verification...
Challenge failed for domain subdomain.domain.tld
http-01 challenge for subdomain.domain.tld
Cleaning up challenges
Attempting to renew cert (subdomain.domain.tld) from /etc/letsencrypt/renewal/subdomain.domain.tld.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: subdomain.domain.tld
Type: unauthorized
Detail: xxx.xxx.xxx.xxx: Invalid response from
http://subdomain.domain.tld/.well-known/acme-challenge/###########################################:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
----------
Can you help me to fix this?
root@bigbluebutton:~/greenlight# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/subdomain.domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.tld
Using the webroot path /var/www/bigbluebutton-default for all unmatched domains.
Waiting for verification...
Challenge failed for domain subdomain.domain.tld
http-01 challenge for subdomain.domain.tld
Cleaning up challenges
Attempting to renew cert (subdomain.domain.tld) from /etc/letsencrypt/renewal/subdomain.domain.tld.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: subdomain.domain.tld
Type: unauthorized
Detail: xxx.xxx.xxx.xxx: Invalid response from
http://subdomain.domain.tld/.well-known/acme-challenge/###########################################:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
----------
Can you help me to fix this?
I've stopped "docker compose down" with the hope, that port 80 is free to use.
The same error message appears.
I've pinged the domain - domianname as ip address are correct
I'm wonerding why BBB does not automaticly renew the certificates. I thought its included to v2.6
(maybe the reason is that 2.5 was installed on the server before)
I will give you updates if I've a solution/more information!
Thank you!:)
Goodfred
Goodfred
Jul 26, 2023, 10:23:23 AM7/26/23
to BigBlueButton-Setup
Then the reason must be nginx after I saw this
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/subdomain.domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.tld
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
----------
root@bigbluebutton:~/greenlight# certbot renew --standalone --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/subdomain.domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.tld
Cleaning up challenges
Attempting to renew cert (subdomain.domain.tld) from /etc/letsencrypt/renewal/subdomain.domain.tld.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skip ping.
Attempting to renew cert (subdomain.domain.tld) from /etc/letsencrypt/renewal/subdomain.domain.tld.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skip ping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
----------
At the moment I'm waiting for the other administrator with access to the virtualisation, to make a snapshot, before I stop/start nginx
Thank you for reading!
If you have tips: thank you! :D
I will inform you of the outcome
Goodfred
Jul 26, 2023, 10:24:38 AM7/26/23
to BigBlueButton-Setup
btw. - it would be cool when in future certbot/bbb will update the certificates automaticly, without that I have to stop/start nginx automaticly.
Im thankful for answers! :D
(P.S.: Im waiting for snapshot. In this case I am a little bit feared to stop/start nginx! :D)
Goodfred
Jul 26, 2023, 10:43:25 AM7/26/23
to BigBlueButton-Setup
"docker-compose down"; "systemctl stop nginx"; "certbot renew
--standalone --dry-run"; "certbot renew --standalone"; "systemctl start
nginx"; "docker-compose up -d"
Then the browser said: 24.10.23
Now my final question is: How to install that it renews automaticly? :D
Thank you! :)
Goodfred
Adrian Betancourt Castillo
Jul 26, 2023, 2:02:15 PM7/26/23
to bigbluebu...@googlegroups.com
Googfred, no se podría generar un cron job que realice la tarea 0 0 * * * /usr/bin/certbot renew --quiet.
¿eso podría funcionar?
Disculpa la respuesta en español pero es que me cuesta un poco el ingles.
¿eso podría funcionar?
Disculpa la respuesta en español pero es que me cuesta un poco el ingles.
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/47d3d3d2-b74b-414c-b31c-88384e760d70n%40googlegroups.com.
Jean Pluzo
Jul 27, 2023, 8:35:58 AM7/27/23
to BigBlueButton-Setup
Hi,
@Goodfred:
I'm currently not using GLv3, but from within a container or to a container, certbot has problems updating an SSL certificate. Also, certbot can only update a certificate through ports 80 and 443. If ngnix is running on those ports... well, you get the picture.
You can safely stop nginx, run certbot and start/restart nginx.
If you really can't/don't want to stop nginx, you can modify the nginx/sites-available/<website_cfg_file> to allow that specific request (https://subdomain.domain.tld/.well-known...) to "pass through". You can search the internet for further instructions.
@Adrian:
Para eso tambien existe google translate y deepl. Dan muy buenos resultados. Please post in english next time so that others benefit from your response.
Regards,
J.
Reply all
Reply to author
Forward
0 new messages