Ken Robinson's picture

I was creating a web gateway on AWS using TKL Core v17. I removed webmin and shellinabox as I do not need them. I noticed the stunnel services where still hanging around and I removed them as well. I tried to use the Lets Encrypt script and get an error referencing these services. I assume they are hard coded maybe? I did not have the time to muck around in the source yet. 


[2023-02-14 21:42:05] dehydrated-wrapper: FATAL:         │  
                                                │ dehydrated exited with a non-zero exit code.             │  
                                                │ Job for stunnel4@webmin.service failed because the       │  
                                                │ control process exited with error code.                  │  
                                                │ See "systemctl status stunnel4@webmin.service" and       │  
                                                │ "journalctl -xe" for details.                            │  
                                                │ Job for stunnel4@shellinabox.service failed because the  │  
                                                │ control process exited with error code.                  │  
                                                │ See "systemctl status stunnel4@shellinabox.service" and  │  
                                                │ "journalctl -xe" for details.       
Jeremy Davis's picture

I don't recall exactly but I suspect that you are correct!

Have a look in the hook script (should be in /etc/dehydrated) or perhaps the wrapper script (in /usr/lib/confconsole/plugins.d/Lets_encrypt or something like that).

And even if they were to remain hardcoded (which I don't think they should), they should still only be warnings, not fatal.

Ken Robinson's picture

I found it in the file `/etc/dehydrated/`

# space separated list of systemd services to restart
SERVICES_TO_RESTART="stunnel4@webmin.service stunnel4@shellinabox.service"


Maybe this can be a setting instead of hard coded? 



Jeremy Davis's picture

Good idea Ken. Then users can configure it to restart whatever services they like!

Also, I think even if the service restarts fail, so long as the webserver restarts, it should only be a warning rather than a failure. What do you think? Or maybe that could be in the conf file too?

Add new comment