Any tips enabling HTTPS on Ironwood

I’m configuring a native install of Open Edx on Google Cloud and so far so good. My recurring challenge has been Certbot trashing the application. I don’t think Certbot can be relied upon in a production environment .

I am seeking tips on any other (commercial) option that works and especially on the procedure to manually install it Open Edx.

Thanks

Hey @startoffs

We currently use certbot in production without issues. Can you provider further information on how certbot is trashing? We certainly don’t observe issues with it.

When asking for help to debug an issue, it’s usually a good idea to include the relevant logs or error messages.

I’ll let others comment on commercial options.

Cheers!

After the implementation, I get this (error) message.

nginx: [warn] server name “/server/server-error.html” has suspicious symbols in /etc/nginx/sites-enabled/cms
:11
nginx: [warn] server name “/server/server-error.html” has suspicious symbols in /etc/nginx/sites-enabled/lms
:15
nginx: [warn] conflicting server name “error_page” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “504” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “/server/server-error.html” on 0.0.0.0:443, ignored"service nginx start"


Congratulations! You have successfully enabled https://cesedu.ng,
https://studio.cesedu.ng, https://www.studio.cesedu.ng, and
https://www.cesedu.ng
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=cesedu.ng
https://www.ssllabs.com/ssltest/analyze.html?d=studio.cesedu.ng
https://www.ssllabs.com/ssltest/analyze.html?d=www.studio.cesedu.ng
https://www.ssllabs.com/ssltest/analyze.html?d=www.cesedu.ng


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/cesedu.ng/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/cesedu.ng/privkey.pem
    Your cert will expire on 2020-03-09. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”
  • If you like Certbot, please consider supporting our work by:
    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Then I did a renew dry run and it broke Nginx

sudo certbot renew --dry-run

command “service nginx start” returned error code 1
Error output from service:
Job for nginx.service failed because the control process exited with error code. See
systemctl status nginx.service" and “journalctl -xe” for details.

nginx: [error] invalid PID number “” in “/var/run/nginx.pid”

Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx
.service” and “journalctl -xe” for details.

systemctl status nginx.service

root@testingsomething:/home/adelekesays_gmail_com# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx
.service” and “journalctl -xe” for details.
root@testingsomething:/home/adelekesays_gmail_com# systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2019-12-10 19:08:29 UTC; 1min 14s ago
Docs: http://nginx.org/en/docs/
Process: 1683 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 5074 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
Main PID: 12296 (code=exited, status=0/SUCCESS)
Dec 10 19:08:28 testingsomething nginx[5074]: nginx: [emerg] bind() to 0.0.0.0:18381 failed (98: Address already in use)
Dec 10 19:08:28 testingsomething nginx[5074]: nginx: [emerg] bind() to 0.0.0.0:18130 failed (98: Address already in use)
Dec 10 19:08:28 testingsomething nginx[5074]: nginx: [emerg] bind() to 0.0.0.0:18080 failed (98: Address already in use)
Dec 10 19:08:28 testingsomething nginx[5074]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Dec 10 19:08:28 testingsomething nginx[5074]: nginx: [emerg] bind() to 0.0.0.0:18040 failed (98: Address already in use)
Dec 10 19:08:29 testingsomething nginx[5074]: nginx: [emerg] still could not bind()
Dec 10 19:08:29 testingsomething systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 10 19:08:29 testingsomething systemd[1]: Failed to start nginx - high performance web server.
Dec 10 19:08:29 testingsomething systemd[1]: nginx.service: Unit entered failed state.
Dec 10 19:08:29 testingsomething systemd[1]: nginx.service: Failed with result ‘exit-code’.