failed to enable c2s encrytion with prosody

[zinwa lin]

I followed with these instructions, and use self-signed certificate,  https://prosody.im/doc/certificates and https://prosody.im/doc/modules/mod_tls

notice: I have enabled mod_tls and set  c2s_require_encryption = true

I use prosody 0.9.1 on Ubuntu.

after restart prosody,  Adium(Mac XMPP client) can't connected with info "You require encryption, but it is not available on this server.", 

maybe self-signed certificates is the root of issue, i guess. can u give some help?

thanks for your reply.

[deoren]

What do you see in the log file(s)?

[zinwa lin]

Mar 27 17:25:26 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for *)

Mar 27 17:25:26 general info    Hello and welcome to Prosody version 0.9.1

Mar 27 17:25:26 general info    Prosody is using the select backend for connection handling

Mar 27 17:25:26 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for localhost)

Mar 27 17:25:26 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for localhost)

Mar 27 17:25:26 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269

Mar 27 17:25:26 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222

Mar 27 17:25:26 portmanager     info    Activated service 'legacy_ssl' on no ports

Mar 27 17:25:26 mod_posix       info    Prosody is about to detach from the console, disabling further console output

Mar 27 17:25:26 mod_posix       info    Successfully daemonized to PID 19759

Mar 27 17:41:55 mod_posix       warn    Received SIGTERM

Mar 27 17:41:55 general info    Shutting down: Received SIGTERM

Mar 27 17:41:55 general info    Shutting down...

Mar 27 17:41:55 general info    Shutdown status: Cleaning up

Mar 27 17:41:55 general info    Shutdown complete

Mar 27 17:42:58 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for *)

Mar 27 17:42:58 general info    Hello and welcome to Prosody version 0.9.1

Mar 27 17:42:58 general info    Prosody is using the select backend for connection handling

Mar 27 17:42:58 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for localhost)

Mar 27 17:42:58 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for localhost)

Mar 27 17:42:58 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269

Mar 27 17:42:58 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222

Mar 27 17:42:58 portmanager     info    Activated service 'legacy_ssl' on no ports

Mar 27 17:42:58 mod_posix       error   Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!

Mar 27 17:42:58 mod_posix       error   For more information on running Prosody as root, see http://prosody.im/doc/root

Mar 27 17:42:58 general info    Shutting down: Refusing to run as root

Mar 27 17:42:58 mod_posix       info    Prosody is about to detach from the console, disabling further console output

Mar 27 17:42:58 mod_posix       info    Successfully daemonized to PID 20010

Mar 27 17:42:58 general info    Shutting down...

Mar 27 17:42:58 general info    Shutdown status: Cleaning up

Mar 27 17:42:58 general info    Shutdown complete

Mar 27 17:43:22 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for *)

Mar 27 17:43:22 general info    Hello and welcome to Prosody version 0.9.1

Mar 27 17:43:22 general info    Prosody is using the select backend for connection handling

Mar 27 17:43:22 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for localhost)

Mar 27 17:43:22 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for localhost)

Mar 27 17:43:22 portmanager     info    Activated service 's2s' on [::]:5269, [*]:5269

Mar 27 17:43:22 portmanager     info    Activated service 'c2s' on [::]:5222, [*]:5222

Mar 27 17:43:22 portmanager     info    Activated service 'legacy_ssl' on no ports

Mar 27 17:43:22 mod_posix       error   Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!

Mar 27 17:43:22 mod_posix       error   For more information on running Prosody as root, see http://prosody.im/doc/root

Mar 27 17:43:22 general info    Shutting down: Refusing to run as root

Mar 27 17:43:22 mod_posix       info    Prosody is about to detach from the console, disabling further console output

Mar 27 17:43:22 mod_posix       info    Successfully daemonized to PID 20047

Mar 27 17:43:22 general info    Shutting down...

Mar 27 17:43:22 general info    Shutdown status: Cleaning up

Mar 27 17:43:22 general info    Shutdown complete

Mar 27 17:48:03 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.crt': Check that the path is correct, and the file exists. (for *)

Mar 27 17:48:03 general info    Hello and welcome to Prosody version 0.9.1

[zinwa lin]

hi, deoren

I have set ssl key and crt manually, why it still load localhost.key and localhost.crt?

ssl = {

        key = "/etc/prosody/certs/zinwa.cn.key";

        certificate = "/etc/prosody/certs/zinwa.cn.crt";

}

On Sunday, March 29, 2015 at 2:46:51 AM UTC+8, deoren wrote:

[zinwa lin]

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/localhost.cert': Check that the path is correct, and the file exists. (for *)

Mar 29 10:06:21 general info Hello and welcome to Prosody version 0.9.1

Mar 29 10:06:21 general info Prosody is using the epoll backend for connection handling

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/localhost.cert': Check that the path is correct, and the file exists. (for localhost)

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/localhost.cert': Check that the path is correct, and the file exists. (for localhost)

Mar 29 10:06:21 portmanager error Failed to open server port 5582 on ::1, Cannot assign requested address

Mar 29 10:06:21 portmanager info Activated service 'console' on [127.0.0.1]:5582

Mar 29 10:06:21 portmanager info Activated service 'c2s' on [::]:5222, [*]:5222

Mar 29 10:06:21 portmanager info Activated service 'legacy_ssl' on no ports

Mar 29 10:06:21 portmanager info Activated service 's2s' on [::]:5269, [*]:5269

Mar 29 10:06:21 mod_posix info Prosody is about to detach from the console, disabling further console output

Mar 29 10:06:21 mod_posix info Successfully daemonized to PID 830

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/example.com.key': Previous error (see logs), or other system error. (for conference.zinwa.cn)

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/example.com.key': Previous error (see logs), or other system error. (for conference.zinwa.cn)

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/example.com.key': Check that the path is correct, and the file exists. (for zinwa.cn)

Mar 29 10:06:21 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/example.com.key': Previous error (see logs), or other system error. (for zinwa.cn)

[zinwa lin]

I found the cause of issue.   i need to set ssl key and cert in virtual host. 

thanks.

On Sunday, March 29, 2015 at 2:46:51 AM UTC+8, deoren wrote: