#dev | Logs for 2019-06-28
« return
[07:49:38] -!- NotSanguine [NotSanguine!~notsangui@xmf-69-640-580-028.nyc.res.rr.com] has joined #dev
[07:49:57] -!- NotSanguine has quit [Client Quit]
[09:42:46] <Bytram> possibly futile attempt, but am trying the low-hanging-fruit attempts to get things copacetic
[09:43:23] <Bytram> bounced servers with bob's bounce script; no joy that I could tell (could not open https://chat.soylentnews.org )
[09:44:17] <Bytram> trying a restart of slash, on fluorine: /etc/init.d/slash restart
[09:59:09] <Bytram> ditto on lithium
[10:07:59] <Bytram> okay, I'm getting the *strong* impression that updated certs may not have been properly pushed out across all the places they were needed... but that was back on... 2019-06-13(?) certainly we would have noticed any weirdness before now?
[10:09:59] <Bytram> maybe not; looks like the problematic stuff all runs on beryllium
[10:16:35] <Bytram> looking at: https://tech.soylentnews.org
[10:27:18] <Bytram> BEGIN PASTE
[10:27:20] <Bytram> [root@beryllium etc]# getfacl letsencrypt
[10:27:20] <Bytram> # file: letsencrypt
[10:27:20] <Bytram> # owner: root
[10:27:20] <Bytram> # group: root
[10:27:20] <Bytram> user::rwx
[10:27:21] <Bytram> user:apache:r-x
[10:27:23] <Bytram> user:postfix:r-x
[10:27:25] <Bytram> user:dovecot:r-x
[10:27:27] <Bytram> user:slash:rwx
[10:27:29] <Bytram> user:sylnt:r-x
[10:27:31] <Bytram> group::r-x
[10:27:33] <Bytram> mask::rwx
[10:27:34] <Bytram> other::r--
[10:27:36] <Bytram> [root@beryllium etc]#
[10:27:39] <Bytram> END PASTE
[13:40:06] <Bytram> that's about as far as I dare take things; I'd rather not chance messing things up even more.
[13:40:33] <Bytram> Woke up way to early and need to be at work in 4 hours, so heading back to bed.
[18:35:36] <SemperOSS> I think I have solved the problem — at least for now.
[18:38:12] <SemperOSS> When trying to start the web server (service httpd start), I received an error message that "file '/etc/letsencrypt/live/sylnt.us/cert.pem' does not exist or is empty".
[18:41:26] <SemperOSS> I found that there was a file "/etc/letsencrypt/live/soylentnews.org/cert.pem". I checked that this file would also serve soylnt.us with the following command: openssl x509 -in /etc/letsencrypt/live/soylentnews.org/cert.pem -text.
[18:43:30] <SemperOSS> It had the following domains in it: DNS:*.soylentnews.org, DNS:*.sylnt.us, DNS:soylentnews.org, DNS:sylnt.us, so that would be appropriate for our purposes.
[18:45:50] <SemperOSS> I the created a symbolic link from /etc/letsencrypt/live/soylentnews.org to /etc/letsencrypt/live/sylnt.us/, started httpd and Jane's your uncle.
[18:46:35] <SemperOSS> Beware in the future if the Letsencrypt update method does not expect a symbolic link in this place.