SSL Protocl error - installation done with tutor

Hi Team,

I set up Open edX on Ubuntu 22.04 using Tutor. During the initial installation, I chose to proceed with HTTP instead of HTTPS. However, as I now wish to integrate Open edX with Google Workspace, I realize that obtaining an HTTPS certificate is essential. I possess a wildcard certificate from GoDaddy, and therefore, I am looking to convert my setup to HTTPS, which is why I executed the command.
tutor config save --set ENABLE_HTTPS="true"
I have restarted the entire tutor stack, but now when I attempt to access my Open edX instance, I encounter an SSL protocol error. As I am relatively new to Open edX, I have checked the Caddy logs, but they have not provided much assistance.
caddy-1 | {"level":"error","ts":1742787851.2446592,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"meilisearch.ilms.xxx.xxx","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)"} caddy-1 | {"level":"error","ts":1742787851.2447238,"logger":"tls.obtain","msg":"will retry","error":"[meilisearch.ilms.xxx.xxx] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)","attempt":5,"retrying_in":600,"elapsed":627.644554521,"max_duration":2592000} caddy-1 | {"level":"warn","ts":1742787851.2449462,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"} caddy-1 | {"level":"error","ts":1742787851.523533,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"apps.ilms.xxx.xxx","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)"} caddy-1 | {"level":"error","ts":1742787851.5235832,"logger":"tls.obtain","msg":"will retry","error":"[apps.ilms.xxx.xxx] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)","attempt":5,"retrying_in":600,"elapsed":627.924708148,"max_duration":2592000} caddy-1 | {"level":"warn","ts":1742787851.523603,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"} caddy-1 | {"level":"error","ts":1742787851.8227234,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"studio.ilms.xxx.xxx","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)"} caddy-1 | {"level":"error","ts":1742787851.8227775,"logger":"tls.obtain","msg":"will retry","error":"[studio.ilms.xxx.xxx] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)","attempt":5,"retrying_in":600,"elapsed":628.223417092,"max_duration":2592000} caddy-1 | {"level":"warn","ts":1742787851.822892,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"} caddy-1 | {"level":"error","ts":1742787852.12365,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"ilms.xxx.xxx","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)"} caddy-1 | {"level":"error","ts":1742787852.1237223,"logger":"tls.obtain","msg":"will retry","error":"[ilms.xxx.xxx] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)","attempt":5,"retrying_in":600,"elapsed":628.520565515,"max_duration":2592000} caddy-1 | {"level":"warn","ts":1742787852.123761,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"} caddy-1 | {"level":"error","ts":1742787852.4305463,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"preview.ilms.xxx.xxx","issuer":"acme.zerossl.com-v2-DV90","error":"account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)"} caddy-1 | {"level":"error","ts":1742787852.4305966,"logger":"tls.obtain","msg":"will retry","error":"[preview.ilms.xxx.xxx] Obtain: account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed (code 2977)","attempt":5,"retrying_in":600,"elapsed":628.828320206,"max_duration":2592000}

Ok - I resinstalled the OS and entire tutor local launch however due to my company policy I will not be able to use free ssl certificate and can only use certificate from godaddy. Can someone please guide me how to deploy custom third party ssl certificate in my open edx stack?

Hi @blason16 and welcome to the community! I’ve recategorized this to Site Operators > Site Operations Help to get the right eyes on it.

I had a similar use case where I wanted my own certs for HTTPS, here’s how I did it:

Copy certificate files to ~/.local/share/tutor/data/caddy/certs/*.pem
eg:

/home/tutor/.local/share/tutor/data/caddy/certs/fullchain.pem
/home/tutor/.local/share/tutor/data/caddy/certs/privkey.pem

set up a plugin to modify caddyfile

from tutor import hooks

hooks.Filters.ENV_PATCHES.add_item(
    (
        "caddyfile-cms",
        """tls /data/certs/fullchain.pem /data/certs/privkey.pem"""
    )
)
hooks.Filters.ENV_PATCHES.add_item(
    (
        "caddyfile-lms",
        """tls /data/certs/fullchain.pem /data/certs/privkey.pem"""
    )
)

Thanks for the information. How to write plugin? Modify the Caddyfile. I am sorry I am a bit novice with openedx

Hi @blason16 does searching the tutor docs help? Search — Tutor documentation

Thanks will do it appreciate your help

Just a small one - after enabling plugin do we need
tutor local restart
Or
tutor local launch

Ignore - This worked
I did tutor local launch