Opened 4 years ago
Closed 4 years ago
#2470 closed task (fixed)
osgeo6 issue with docs.geotools.org ssl
| Reported by: | robe | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Sysadmin Contract 2020-I |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description (last modified by )
Looking into this now
note from neteler
I tried to update a redirect link in the (old) grass server but cannot reload the apache config:
Jun 03 13:15:24 osgeo6 systemd[1]: Reloading LSB: Apache2 web server.
Jun 03 13:15:24 osgeo6 apache2[29872]: Reloading web server: apache2 failed!
Jun 03 13:15:24 osgeo6 apache2[29872]: The apache2 configtest failed.
Not doing anything. ... (warning).
Jun 03 13:15:24 osgeo6 apache2[29872]: Output of config test was:
Jun 03 13:15:24 osgeo6 apache2[29872]: apache2: Syntax error on line
219 of /etc/apache2/apache2.conf: Syntax error on line 20 of /etc/apache2/sites-enabled/docs.geotools.o...or directory Jun 03 13:15:24 osgeo6 apache2[29872]: Action 'configtest' failed.
Jun 03 13:15:24 osgeo6 apache2[29872]: The Apache error log may have more information.
Jun 03 13:15:24 osgeo6 systemd[1]: apache2.service: control process exited, code=exited status=1 Jun 03 13:15:24 osgeo6 systemd[1]: Reload failed for LSB: Apache2 web server.
The reason is:
cat /etc/apache2/sites-enabled/docs.geotools.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost 140.211.15.3:443>
ServerAdmin sac@lists.osgeo.org
ServerName docs.geotools.org
ErrorLog ${APACHE_LOG_DIR}/docs.geotools.org-error.log
...
Include /etc/letsencrypt/options-ssl-apache.conf <==== does not exist
</VirtualHost>
</IfModule>
I don't know which one would be right:
locate options-ssl-apache.conf
/etc/apache2/includes/options-ssl-apache.conf
...
/root/etc/osgeo6/apache2/includes/options-ssl-apache.conf
/root/etc/osgeo6/letsencrypt/options-ssl-apache.conf
Change History (3)
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 years ago
comment:3 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Okay for now to fix I did
ln -s /root/etc/osgeo6/letsencrypt /etc/letsencrypt
Also deleted the gdal (which is on osgeo7) and drone (also deleted the drone.osgeo.org site) certs and removed them
certbot-auto delete
which showed
1: docs.geotools.org 2: drone.osgeo.org 3: gdal.org 4: geos.osgeo.org 5: geotools.org 6: grass.osgeo.org 7: grasswiki.osgeo.org 8: lists.osgeo.org 9: mapserver.org 10: osgeo6.osgeo.osuosl.org
2,7
Also needed to reinstall grass.osgeo.org cert, for some reason was missing
certbot-auto certonly specified grass.osgeo.org
Then reran below to make sure no issues left
certbot-auto renew systemctl restart apache2
Note:
See TracTickets
for help on using tickets.
okay this is a very odd set up. All the certs are in /root/etc/osgeo/letsencrypt. Only thing I can think of is maybe someone create a link letsencrypt to put /letsencrypt to that folder
I didn't check before hand, but when I ran certbot-auto it upgraded to a new version of certbot and the /etc/letsencrypt folder is now empty. All the websites are pointing at the /etc/letsencrypt path giving that the include file was already missing, I'm tempted to think this folder was empty before.
Does anyone know why the certs were installed in /root/etc/osgeo6?
I'm tempted to just move everything back to /etc/letsencrypt