You are here
Hi
I've found an issue in relation to the 'fix' for Lets Encrypt issue
This happen on my production server and I've recreated on a vanilla test server I created today.
Following these instructions to fix the Lets Encrypt issue
https://github.com/turnkeylinux/confconsole/releases/tag/v1.1.1
After the update detailed above the python process is using tcp port 80 thus stopping apache2 / Redmine from starting.
At the moment to get round it in production I'm killing the python process then starting apache2. Fortunatley I manage to get a cert meaning I can do without LetsEncrypt at the minute.
I have another issue as well I found re the smtp relay config - going to do a bit more testing before I post to make sure I have the details.
Some screen shots attached showing the port in use.
Thanks
Donald
It appears that the spam filter may have eaten your post?!
Hi Donald. Unfortunately, it appears that the spam filter may have eaten the body of your post?! I really need to investigate what is going on there...
If you'd like to try again (as a reply) then please do so. In the meantime, all I can do is point you towards the Confconsole v1.1.1 release notes and install instructions. Following those instructions should resolve the issue and get certificates working again...
I did reply back by email but I'll post here anyway
Hi Jeremy
Unfortunately the instructions you have linked below are the source of the issue.....
Let me try to explain.
I migrated / Upgraded my Redmine appliance to the latest build on your site, I got the LetsEncrypt issue and had a search on your site and found those instructions and everything was fine.....or so I thought.
A day or so later I had to reboot the appliance and upon the restart apache2 wouldn't start - port 80 was already in use was the error. After some poking about I find the python process used for LetsEncrypt is binding to port 80 which in turn prevents apache2 from using that port.
I got a vanilla build from your site and went through the process again and the same thing happened.
As a work around at the moment I'm killing the python process and manually starting the apache2 service. I don't see any visible issues with killing the python process.
This issue only happens after following the instruction to fix LetsEncrypt
The process is /usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water.srv ......
I've also come across an issue with setting the smtp relay settings in Confconsole - I'm going to do some testing around that today and I'll post another issue if I need to.
I'll attach the files seperatley showing the issue - maybe the cause of the posting issue?
Thanks
Donald
I was going to add attachments.......
Hi Jeremy
I was going to add attachments....but I can't see how....maybe I'm on a go slow today and missing something?
All they showed was apache2 not starting ......port already in use
Netstat showing python was using port 80
and the final one showing the process in webmin I killed to allow apache2 to start
/usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water.srv ......
Thanks
Donald
Hmmm, that's not good!
The mini challenge server that we provide (add-water) is provided as a service now, but it shouldn't be auto starting on boot! Can you give me the out put (just copy/paste) of:
To stop it and start Apache:
To ensure it doesn't auto start again:
Output from systemctl status add-water
I just ran the command on a Vanilla test machine witht the Lets-Encrypt fix. So this is straight after booting up the appliance
root@redmine ~# systemctl status add-water
* add-water.service - Add Water
Loaded: loaded (/lib/systemd/system/add-water.service; enabled; vendor preset
Active: active (running) since Fri 2019-11-29 10:51:53 UTC; 1min 23s ago
Main PID: 556 (python)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/add-water.service
`-556 /usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add
Nov 29 10:51:53 redmine systemd[1]: Started Add Water.
Nov 29 10:51:53 redmine python[556]: Bottle v0.12.13 server starting up (using W
Nov 29 10:51:53 redmine python[556]: Listening on http://0.0.0.0:80/
Nov 29 10:51:53 redmine python[556]: Hit Ctrl-C to quit.
lines 1-12/12 (END)...skipping...
* add-water.service - Add Water
Loaded: loaded (/lib/systemd/system/add-water.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-11-29 10:51:53 UTC; 1min 23s ago
Main PID: 556 (python)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/add-water.service
`-556 /usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water-srv -l /var/log/
Nov 29 10:51:53 redmine systemd[1]: Started Add Water.
Nov 29 10:51:53 redmine python[556]: Bottle v0.12.13 server starting up (using WSGIRefServer())...
Nov 29 10:51:53 redmine python[556]: Listening on http://0.0.0.0:80/
Nov 29 10:51:53 redmine python[556]: Hit Ctrl-C to quit.
~
Thanks
Donald
Thanks Donald
Yeah, it appears that the service is being auto-enabled (which is not what we want). We'll have to work out why that is and do an update package. Please note that assuming that you ran the disable line I posted before, you should not hit this issue anymore.
FWIW, I have just made a new release...
So long as you have run "systemctl disable add-water" there is no need to install the latest v1.1.2 Confconsole update. That's because it's exactly the same as v1.1.1, but with the add-water service not enabled to auto start when installed. It doesn't explicitly disable the service though, so it has no value for people who have already run the previous update (you still need to manually disable add-water if you installed v1.1.1).
However, for users who haven't yet updated, the newer version is recommended (as it removes the need to manually disable the add-water service). So even though it's irrelevant to you, I thought it worth noting here just in case someone else stumbles across this thread looking for a solution...
Thanks
Hi Jeremy
Thaks for all your work on this. All sorted now.
D/
Add new comment