Problem generating certificate for PeerTube

MarkusAllen · Octobre 7, 2020, 11:45

I followed these excellent installation instructions:

But when I got to the end of the install using this command:
sudo systemctl reload nginx

I got this error:
nginx.service is not active, cannot reload.

During Let’s Encrypt install, I got this error:
post-hook command « systemctl start nginx » returned error code 1

Error output from post-hook command systemctl:

Job for nginx.service failed because the control process exited with error code.

See « systemctl status nginx.service » and « journalctl -xe » for details.

If it matters, I am using CloudFlare to point to my website.

Can you help point me in the right direction to complete this install?

houdini · Octobre 8, 2020, 6:30

There is something wrong with your nginx configuration.
« sudo nginx -t » command will give you some clues about your issue.

MarkusAllen · Octobre 8, 2020, 10:42

Thank you for this… here is the error:

nginx: [emerg] cannot load certificate « /etc/letsencrypt/live/myxclavetv/fullchain.pem »: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‹ /etc/letsencrypt/live/myxclavetv/fullchain.pem ›,‹ r ›) error:2006D080:BIO routines:BIO_new_file:no such file)

nginx: configuration file /etc/nginx/nginx.conf test failed

houdini · Octobre 8, 2020, 11:46

So your let’encrypt certificates aren’t correctly set in nginx configuration files. I don’t know much CloudFlare so I can’t help you further
Look also with these commands « systemctl status nginx.service » and « journalctl -xe » as indicated.

PaliPalo · Octobre 8, 2020, 12:13

Hello,

I guess you use certbot to get let’s encrypt certificate, isn’t it ?

So, check first if any error occurred in the file /var/log/letsencrypt/letsencrypt.log.

Remember that, by default, certbot uses a simple http connection to your server to validate the certificate’s transaction. So you need to have your web server (clearly your virtual host) listening on port 80 (and that port to be opened in the firewall system).

MarkusAllen · Octobre 8, 2020, 1:06

Here is a link to my letsencrypt.log:
https://www.fetch123.com/10-8-2020.txt

Thank you so much for helping me out with this.

PaliPalo · Octobre 8, 2020, 5:27

In the log you shared, certbot seems to save the certifcate in /etc/letsencrypt/live/myxclavetv.com/fullchain.pem but your nginx log you gave us use /etc/letsencrypt/live/myxclavetv/fullchain.pem

Take a look at the myxclavetv parts. One has a .com suffix whilst the other not. Try to configure your virtual host in nginx to use the .com suffix.

MarkusAllen · Octobre 8, 2020, 5:41

Is there a command line syntax I can use to do this? I am a marketing guy by trade, not a software engineer. I would be happy to send some beer money via PayPal to help me with this - it would be my pleasure actually.

PaliPalo · Octobre 8, 2020, 6:15

In the configuration file /var/www/peertube/config/production.yaml, can you check the line starting with hostname: has the value 'myxclavetv.com' ? I guess you wrote 'myxclavetv' only.

MarkusAllen · Octobre 8, 2020, 6:28

I do not see /config/production.yaml…

I see:

/var/www/peertube/.config/configstore/update-notifier-npm.json

Should I destroy my DigitalOcean droplet and try again?

PaliPalo · Octobre 8, 2020, 6:32

In the tutorial you used, this file is handled in the « EDITING CONFIGURATION » chapter