Donald's picture

Hi

 

I've found an issue in relation to the 'fix' for Lets Encrypt issue

This happen on my production server and I've recreated on a vanilla test server I created today.

Following these instructions to fix the Lets Encrypt issue

https://github.com/turnkeylinux/confconsole/releases/tag/v1.1.1

After the update detailed above the python process is using tcp port 80 thus stopping apache2 / Redmine from starting.

At the moment to get round it in production I'm killing the python process then starting apache2. Fortunatley I manage to get a cert meaning I can do without LetsEncrypt at the minute.

 

I have another issue as well I found re the smtp relay config - going to do a bit more testing before I post to make sure I have the details.

 

Some screen shots attached showing the port in use.

 

Thanks

 

Donald

 

Forum: 
Jeremy Davis's picture

Hi Donald. Unfortunately, it appears that the spam filter may have eaten the body of your post?! I really need to investigate what is going on there...

If you'd like to try again (as a reply) then please do so. In the meantime, all I can do is point you towards the Confconsole v1.1.1 release notes and install instructions. Following those instructions should resolve the issue and get certificates working again...

Donald's picture

Hi Jeremy

Unfortunately the instructions you have linked below are the source of the issue.....

Let me try to explain.

I migrated / Upgraded my Redmine appliance to the latest build on your site, I got the LetsEncrypt issue and had a search on your site and found those instructions and everything was fine.....or so I thought.

A day or so later I had to reboot the appliance and upon the restart apache2 wouldn't start - port 80 was already in use was the error. After some poking about I find the python process used for LetsEncrypt is binding to port 80 which in turn prevents apache2 from using that port.

I got a vanilla build from your site and went through the process again and the same thing happened.

As a work around at the moment I'm killing the python process and manually starting the apache2 service. I don't see any visible issues with killing the python process.

This issue only happens after following the instruction to fix LetsEncrypt

The process is /usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water.srv ......

I've also come across an issue with setting the smtp relay settings in Confconsole - I'm going to do some testing around that today and I'll post another issue if I need to.

I'll attach the files seperatley showing the issue - maybe the cause of the posting issue?

Thanks

Donald

Donald's picture

Hi Jeremy

I was going to add attachments....but I can't see how....maybe I'm on a go slow today and missing something?

All they showed was apache2 not starting ......port already in use

Netstat showing python was using port 80

and the final one showing the process in webmin I killed to allow apache2 to start 

/usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water.srv ......

 

Thanks

 

Donald

Jeremy Davis's picture

The mini challenge server that we provide (add-water) is provided as a service now, but it shouldn't be auto starting on boot! Can you give me the out put (just copy/paste) of:

systemctl status add-water

To stop it and start Apache:

systemctl stop add-water
systemctl start apache2

To ensure it doesn't auto start again:

systemctl disable add-water
Donald's picture

I just ran the command on a Vanilla test machine witht the Lets-Encrypt fix. So this is straight after booting up the appliance

root@redmine ~# systemctl status add-water
* add-water.service - Add Water
   Loaded: loaded (/lib/systemd/system/add-water.service; enabled; vendor preset
   Active: active (running) since Fri 2019-11-29 10:51:53 UTC; 1min 23s ago
 Main PID: 556 (python)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/add-water.service
           `-556 /usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add

Nov 29 10:51:53 redmine systemd[1]: Started Add Water.
Nov 29 10:51:53 redmine python[556]: Bottle v0.12.13 server starting up (using W
Nov 29 10:51:53 redmine python[556]: Listening on http://0.0.0.0:80/
Nov 29 10:51:53 redmine python[556]: Hit Ctrl-C to quit.
lines 1-12/12 (END)...skipping...
* add-water.service - Add Water
   Loaded: loaded (/lib/systemd/system/add-water.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-11-29 10:51:53 UTC; 1min 23s ago
 Main PID: 556 (python)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/add-water.service
           `-556 /usr/bin/python /usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water-srv -l /var/log/

Nov 29 10:51:53 redmine systemd[1]: Started Add Water.
Nov 29 10:51:53 redmine python[556]: Bottle v0.12.13 server starting up (using WSGIRefServer())...
Nov 29 10:51:53 redmine python[556]: Listening on http://0.0.0.0:80/
Nov 29 10:51:53 redmine python[556]: Hit Ctrl-C to quit.
~

Thanks

Donald

Jeremy Davis's picture

Yeah, it appears that the service is being auto-enabled (which is not what we want). We'll have to work out why that is and do an update package. Please note that assuming that you ran the disable line I posted before, you should not hit this issue anymore.

Jeremy Davis's picture

So long as you have run "systemctl disable add-water" there is no need to install the latest v1.1.2 Confconsole update. That's because it's exactly the same as v1.1.1, but with the add-water service not enabled to auto start when installed. It doesn't explicitly disable the service though, so it has no value for people who have already run the previous update (you still need to manually disable add-water if you installed v1.1.1).

However, for users who haven't yet updated, the newer version is recommended (as it removes the need to manually disable the add-water service). So even though it's irrelevant to you, I thought it worth noting here just in case someone else stumbles across this thread looking for a solution...

Donald's picture

Hi Jeremy

 

Thaks for all your work on this. All sorted now.

 

D/

Add new comment