couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Aquilina <jaquil...@eagleeyet.net.INVALID>
Subject RE: letsencrypt SSL certs break when updated
Date Sat, 24 Oct 2020 01:50:30 GMT
Hi Bill,

I have in the past on linode VPS created a script to run the apache cert bot to renew them
for me. Why don’t you do something similar and add the below command you mentioned to it
and have it run after the auto renew process? And setup the renewal script to then run as
a cron job.

Regards,
Jonathan

-----Original Message-----
From: Bill Stephenson <bill@cherrypc.com.INVALID> 
Sent: 23 October 2020 21:48
To: user@couchdb.apache.org
Subject: letsencrypt SSL certs break when updated

Awhile back I’d mentioned I was having a problem with letsencrypt certs not working after
being auto-updated.

This happened again yesterday and the issue is caused by the certs ownership settings. 

My CouchDB is installed on a DigitalOcean VPS running Ubuntu 16.04

You can see the difference between the old and new certs below:

	-rw-r--r-- 1 couchdb root 1903 Jul 23 22:12 cert6.pem
	-rw-r--r-- 1 root    root 1903 Oct 22 18:10 cert7.pem

	-rw-r--r-- 1 couchdb root 1647 Jul 23 22:12 chain6.pem
	-rw-r--r-- 1 root    root 1647 Oct 22 18:10 chain7.pem

	-rw-r--r-- 1 couchdb root 3550 Jul 23 22:12 fullchain6.pem
	-rw-r--r-- 1 root    root 3550 Oct 22 18:10 fullchain7.pem

	-rw------- 1 couchdb root 1708 Jul 23 22:12 privkey6.pem
	-rw------- 1 root    root 1708 Oct 22 18:10 privkey7.pem


After the letsencrypt update the new certs ownership need to be reset like so:

	sudo chown couchdb:root /opt/couchdb/letsencrypt/archive/cherrypc.com/cert7.pem

And should look like something like this:

	-rw-r--r-- 1 couchdb root 1903 Oct 22 18:10 cert7.pem

	-rw-r--r-- 1 couchdb root 1647 Oct 22 18:10 chain7.pem

	-rw-r--r-- 1 couchdb root 3550 Oct 22 18:10 fullchain7.pem

	-rw------- 1 couchdb root 1708 Oct 22 18:10 privkey7.pem


( Hopefully sharing this here will help me remember this 3 months from now :D )

--

Kindest Regards,

Bill Stephenson



Mime
View raw message