[BlueOnyx:25271] Re: Nginx SSL-Proxy
K Richardson
kmrichardson at rogers.com
Sun Dec 26 13:05:11 -05 2021
HI Michael
Thanks for the quick reply
So following your steps for the SSL
I blew out the directory as you suggested
Redid the LetsEncrypt certificate
[root at mail certs]# ls -l
total 16
-rw-r--r-- 1 root root 1 Dec 26 12:56 blank.txt
-rw-r--r-- 1 root root 0 Dec 26 12:56 ca-certs
-rw-r----- 1 root root 2033 Dec 26 12:56 certificate
--w------T 1 root root 3247 Dec 26 12:56 key
-rw-r----- 1 root root 1756 Dec 26 12:56 request
This is the directory listing.
But the GUI still states the Project Blueonyx certificate with Date of Dec
29 2037
So it doesn't look like the GUI or admin server is seeing the new CERT's
rm /etc/admserv/certs/*
/usr/sausalito/sbin/cced.init restart
systemctl restart admserv
and I still have no access to domain.com:81 just tells me the site can't be
reached
looking at the systemctl status nginx
it shows me conflicting server names.
Running on 0.0.0.0: 443
-----Original Message-----
From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> On Behalf Of Michael
Stauber
Sent: December 26, 2021 12:40 PM
To: blueonyx at mail.blueonyx.it
Subject: [BlueOnyx:25270] Re: Nginx SSL-Proxy
Hello,
> We can get to https://domain.com:444 <https://domain.com:444> and just
> tells me it's not secure
Port 444 is GUI over HTTP. So the URL is http://domain.com:444 - not HTTPS
The HTTPS port of the GUI is 81.
> But we can't get the Nginx SSL server to run. Soon as we click on the
> box it fails and all the sites on the server go offline
>
> On top of that we can't get to https://domain_name.com:81
> <https://domain_name.com:81> after installing the LetsEncrypt
> Certificates
My guess is that the installation of the LE certificate for the AdmServ
didn't work as intended.
There are two ways to fix it:
1.) Use the GUI (via HTTP - port 444) and try again to request an SSL
certificate for the GUI via "Network Services" / "Security" / SSL. You can
either upload an exported SSL certificate, create a self signed one to get
out of the bend or request another LE cert via the GUI
Alternatively you can:
2.) Login to the server by SSH as "admin" and "su -" to gain root access.
First delete the admserv certificate data:
rm /etc/admserv/certs/*
Then restart CCEd to have a new self signed certificate generated:
/usr/sausalito/sbin/cced.init restart
Restart AdmServ:
systemctl restart admserv
Then go to the GUI (HTTP, port 444) and follow the steps outlined under #1.
> why the SSL Proxy server isn't working and how to fix it?
THAT is something that the server logfiles could shed some light on:
/var/log/nginx/error.log
/var/log/admserv/adm_error
Or the following command might also help to find out what went wrong:
systemctl status nginx
Let me know if this helps or if you need any further assistance.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list