Frédéric Hoffarth's picture

Hi there,

TL;DR: See topic title


In detail:

At first I want to apologize for probably having overseen some basic information but I glanced through the FAQ and used the search engine without finding a match for this topic:

I am running instances of Odoo 11 & 12 on proxmoxx behind a reverse proxy and I really appreciate your work. Now I want to use let's encrypt certificates for encrypting traffic. Certbot requires a docroot-folder so validation files can be placed in /.well-known/acme-challenge/<random filename>. I took a look at /etc/apache2/sites-available/odoo.conf but it only proxy passes to and there is no docroot-path configured. 

From there on I found out that python3 is using this port. Somehow it uses an odoo binary file and processes /etc/odoo/odoo.conf. And now I am lost. Since I am quite an linux&apache-beginner I did not manage to successfully solve this on the rerverseproxy (I dont want to reencrypt / offload SSL anyways). Also making changes to the apache-config on the real servers did not work out.

Could you give me a hint?

Thanks in advance!


Kind regards



Jeremy Davis's picture

Our Confconsole tool include a Let's Encrypt plugin. With the exception of GitLab, that is consistent across all appliances. So long as port 80 of your appliance is available from the internet via the desired domain name, then it should "just work".

If it doesn't and/or you have other considerations, please post back and give me as much info as possible.

If you'd rather proceed with Certbot, then that should work too, although I am personally unfamiliar with it. I assume that you would need to create a directory for it to use as docroot directory. TBH, I would have expected it to provide that itself, but as you note that's not the case, my guess is that any directory it can write do would do. If you need to create and note one, then my recommendation would be either /var/www if it's not already in use; if it is, then a new subdirectory. FWIW the default base docroot on TurnKey (i.e. what LAMP uses) is /var/www.

Peter's picture

Not sure if this is the correct positng spot but here is my issue:

Using automated console service to generate a Lets Encrypt certificate I getting the following:

[2020-12-16 23:14:51] dehydrated-wrapper: INFO: started

[2020-12-16 23:14:52] dehydrated-wrapper: INFO: found lighttpd listening on port 80

[2020-12-16 23:14:52] dehydrated-wrapper: INFO: stopping lighttpd

[2020-12-16 23:14:52] dehydrated-wrapper: INFO: running dehydrated

[2020-12-16 23:14:53] dehydrated-wrapper: INFO: dehydrated complete

[2020-12-16 23:14:53] dehydrated-wrapper: WARNING: Python is still listening on port 80

[2020-12-16 23:14:53] dehydrated-wrapper: INFO: attempting to kill add-water server

[2020-12-16 23:14:53] dehydrated-wrapper: INFO: Cleaning backup cert & key

[2020-12-16 23:14:54] dehydrated-wrapper: INFO: (Re)starting lighttpd

[2020-12-16 23:14:54] dehydrated-wrapper: INFO: (Re)starting stunnel4@shellinabox.service

Session closed.

The session keeps closing without the script completing. If trying to generate via Webmin also fails sayng Bind 8 not installed.

Thanking you in anticipation.




Jeremy Davis's picture

It's generally best to start a new thread, unless your issue appears to be EXACTLY the same issue. Even then, you're probably still better off starting a new thread and include a link to the thread that seems to match your issue.

It sounds like you are running this via Webshell (aka shellinabox). Assuming I'm right, the session is being closed by the restart of the service (to implement usage of the new certificate). It shouldn't matter and everything should be working.

However, if it doesn't appear to be working properly, then I suggest logging in via SSH. On Mac or Linux you can use the default built-in ssh client from the terminal; Windows users will need to install an SSH client. Either install the Windows build of openssh-client (and use via Windows CMD) or use a third party tool such as PuTTY.

Add new comment