I’m not complaining, just letting you know that I think nginx install should be included in the install instructions…Or maybe because I’m using the docker install nginx doesn’t need to be setup?

Long story short, installed nginx, did the docker install, mv’d the lemmy.conf file but when I did the certbot install, I get an error that the server_name is missing from the lemmy.conf file.

Not sure what to do? Replace {{server_name}} with my domain name? and or what about {{SSL_server}}

sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file(“/etc/letsencrypt/live/isp.org/fullchain.pem”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(‘/etc/letsencrypt/live/isp.org/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration. The error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file(“/etc/letsencrypt/live/isp.org/fullchain.pem”) failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/isp.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’,)

  • nutomicA
    link
    fedilink
    arrow-up
    3
    ·
    5 years ago

    Yes in the nginx conf here you need to replace four instances of {{ domain }} with your actual domain (and no {}). Then place that file at /etc/nginx/sites-enabled/lemmy.conf, and restart nginx, eg systemctl restart nginx.

    The documenation is definitely lacking for this, so contributions would be welcome.

    • phelix001OP
      link
      fedilink
      arrow-up
      2
      ·
      5 years ago

      Ok, I’m starting from scratch again…I keep getting an error on certbot during ansible install, and I’m not sure why; I did a manual install of fthe certs(which i’ve never done before) and I think it might have worked but I’m going to scratch this whole thing and start over again.

        • phelix001OP
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          5 years ago

          ansible-playbook lemmy.yml --become

          PLAY [all] *********************************************************************

          TASK [install python for Ansible] ********************************************** ok: [ubuntu@isp.org]

          TASK [setup] ******************************************************************* [DEPRECATION WARNING]: Distribution Ubuntu 20.04 on host ubuntu@isp.org should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/inter preter_discovery.html for more information. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ok: [ubuntu@isp.org]

          TASK [install dependencies] **************************************************** ok: [ubuntu@isp.org]

          TASK [request initial letsencrypt certificate] ********************************* fatal: [ubuntu@isp.org]: FAILED! => {“changed”: true, “cmd”: [“certbot”, “certonly”, “–nginx”, “–agree-tos”, “-d”, “internetsuperpac.org”, “-m”, “myname@gmail.com”], “delta”: “0:00:00.855336”, “end”: “2020-06-03 23:53:22.991744”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2020-06-03 23:53:22.136408”, “stderr”: “Saving debug log to /var/log/letsencrypt/letsencrypt.log\nError while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] the same path name "/var/cache/lemmy_frontend" used in /etc/nginx/sites-enabled/isp:1 and in /etc/nginx/sites-enabled/isp.org:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n\nCould not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.\nThe error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] the same path name "/var/cache/lemmy_frontend" used in /etc/nginx/sites-enabled/isp:1 and in /etc/nginx/sites-enabled/isp.org:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’)\nThe nginx plugin is not working; there may be problems with your existing configuration.\nThe error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] the same path name "/var/cache/lemmy_frontend" used in /etc/nginx/sites-enabled/isp:1 and in /etc/nginx/sites-enabled/isp.org:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’)”, “stderr_lines”: [“Saving debug log to /var/log/letsencrypt/letsencrypt.log”, “Error while running nginx -c /etc/nginx/nginx.conf -t.”, “”, “nginx: [emerg] the same path name "/var/cache/lemmy_frontend" used in /etc/nginx/sites-enabled/isp:1 and in /etc/nginx/sites-enabled/isp.org:1”, “nginx: configuration file /etc/nginx/nginx.conf test failed”, “”, “Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.”, “The error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] the same path name "/var/cache/lemmy_frontend" used in /etc/nginx/sites-enabled/isp:1 and in /etc/nginx/sites-enabled/isp.org:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’)”, “The nginx plugin is not working; there may be problems with your existing configuration.”, “The error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] the same path name "/var/cache/lemmy_frontend" used in /etc/nginx/sites-enabled/isp:1 and in /etc/nginx/sites-enabled/isp.org:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’)”], “stdout”: “”, “stdout_lines”: []}

          PLAY RECAP ********************************************************************* ubuntu@isp.org : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

          • nutomicA
            link
            fedilink
            arrow-up
            2
            ·
            5 years ago

            It says you have the same cache path used in /etc/nginx/sites-enabled/internetsuperpac, so I suggest you delete that file or move it to another location if you dont need it.

    • phelix001OP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      5 years ago

      Completely fresh install of ubuntu18, ansible install from my local to the server, got this

      'phelix@darkle20:~/lemmy/ansible$ ansible-playbook lemmy.yml --become

      PLAY [all] *************************************************************************************************************************

      TASK [install python for Ansible] ************************************************************************************************** changed: [ubuntu@18.237.248.156]

      TASK [setup] *********************************************************************************************************************** [DEPRECATION WARNING]: Distribution Ubuntu 18.04 on host ubuntu@18.237.248.156 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ok: [ubuntu@18.237.248.156]

      TASK [install dependencies] ******************************************************************************************************** [WARNING]: Updating cache and auto-installing missing dependency: python-apt changed: [ubuntu@18.237.248.156]

      TASK [request initial letsencrypt certificate] ************************************************************************************* fatal: [ubuntu@18.237.248.156]: FAILED! => {“changed”: true, “cmd”: [“certbot”, “certonly”, “–nginx”, “–agree-tos”, “-d”, “18.237.248.156”, “-m”, “me@gmail.com”], “delta”: “0:00:00.451076”, “end”: “2020-06-04 01:13:02.495594”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2020-06-04 01:13:02.044518”, “stderr”: “Requested name 18.237.248.156 is an IP address. The Let’s Encrypt certificate authority will not issue certificates for a bare IP address.”, “stderr_lines”: [“Requested name 18.237.248.156 is an IP address. The Let’s Encrypt certificate authority will not issue certificates for a bare IP address.”], “stdout”: “”, “stdout_lines”: []}

      PLAY RECAP ************************************************************************************************************************* ubuntu@18.237.248.156 : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

      • nutomicA
        link
        fedilink
        arrow-up
        2
        ·
        5 years ago

        Requested name 18.237.248.156 is an IP address

        Sounds like you put the IP address and not the domain into your inventory file.

    • phelix001OP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      5 years ago

      Not sure about the ssh part for anssible, but I got this:

      #sudo ansible-playbook lemmy.yml --become

      ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.

      The error appears to have been in ‘/home/ubuntu/lemmy/ansible/lemmy.yml’: line 57, column 5, but may be elsewhere in the file depending on the exact syntax problem.

      The offending line appears to be:

      • name: start docker-compose ^ here
      • DessalinesMA
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        5 years ago

        Wrong / old version of ansible, and you need to run ansible from your local machine, and it deploys to your VPS.

        • phelix001OP
          link
          fedilink
          arrow-up
          1
          ·
          5 years ago

          ansible --version ansible 2.9.6

          Still failing on the certbot install. I also get this warning: TASK [setup] *********************************************************************************************************************** [DEPRECATION WARNING]: Distribution Ubuntu 18.04 on host u@isp.org should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

    • phelix001OP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      5 years ago

      I’ll scratch everything and try that. I’ve never used ansible, but I’ll fig it out.

        • phelix001OP
          link
          fedilink
          arrow-up
          2
          ·
          5 years ago

          thank you so much for that; im just not used to nginx; just what I needed…I’m going to give ansible a shot real quick, and maybe reconnoiter with the docker setup later.

            • phelix001OP
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              5 years ago

              This is going to sound really stupid, but am I installing ansible locally and then it’s installing it remotely on my server?

              EDIT: Answered my own question: Installing Ansible This page describes how to install Ansible on different platforms. Ansible is an agentless automation tool that by default manages machines over the SSH protocol. Once installed, Ansible does not add a database, and there will be no daemons to start or keep running. You only need to install it on one machine (which could easily be a laptop) and it can manage an entire fleet of remote machines from that central point. When Ansible manages remote machines, it does not leave software installed or running on them, so there’s no real question about how to upgrade Ansible when moving to a new version.

            • phelix001OP
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              5 years ago

              Everything worked in ansible except the certbot:
              TASK [request initial letsencrypt certificate] ********************************* fatal: [u@isp.org]: FAILED! => {“changed”: true, “cmd”: [“certbot”, “certonly”, “–nginx”, “–agree-tos”, “-d”, “isp.org”, “-m”, “me@gmail.com”], “delta”: “0:00:08.736581”, “end”: “2020-06-03 21:46:23.351590”, “msg”: “non-zero return code”, “rc”: 1, “start”: “2020-06-03 21:46:14.615009”, “stderr”: “Saving debug log to /var/log/letsencrypt/letsencrypt.log\nPlugins selected: Authenticator nginx, Installer nginx\nSkipped user interaction because Certbot doesn’t appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for isp.org\nnginx: [error] invalid PID number "" in "/run/nginx.pid"\nWaiting for verification…\nCleaning up challenges\nlive directory exists for isp.org”, “stderr_lines”: [“Saving debug log to /var/log/letsencrypt/letsencrypt.log”, “Plugins selected: Authenticator nginx, Installer nginx”, “Skipped user interaction because Certbot doesn’t appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.”, “Obtaining a new certificate”, “Performing the following challenges:”, “http-01 challenge for isp.org”, “nginx: [error] invalid PID number "" in "/run/nginx.pid"”, “Waiting for verification…”, “Cleaning up challenges”, “live directory exists for isp.org”], “stdout”: “IMPORTANT NOTES:\n - Your account credentials have been saved in your Certbot\n configuration directory at /etc/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain certificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.”, “stdout_lines”: [“IMPORTANT NOTES:”, " - Your account credentials have been saved in your Certbot", " configuration directory at /etc/letsencrypt. You should make a", " secure backup of this folder now. This configuration directory will", " also contain certificates and private keys obtained by Certbot so", " making regular backups of this folder is ideal."]}

              • DessalinesMA
                link
                fedilink
                arrow-up
                1
                ·
                5 years ago

                You need to have the correct domain name in that inventory file, and that DNS needs to point to the IP address of where you’re deploying Lemmy.

  • nutomicA
    link
    fedilink
    arrow-up
    2
    ·
    5 years ago

    Oh so many comments here already. Let me just say, if anything is missing from our documentation, please make a PR to add it :)

    • phelix001OP
      link
      fedilink
      arrow-up
      3
      ·
      5 years ago

      Once I get this thing up and going, i’ll be happy to make updates on docs.

  • Maya
    link
    fedilink
    arrow-up
    1
    ·
    5 years ago

    i find it’s often a lot easier to do certbot certonly and add the certs to the nginx config yourself.

      • Maya
        link
        fedilink
        arrow-up
        1
        ·
        5 years ago

        I think yes, but I think you’re having other problems as well based on “configuration file /etc/nginx/nginx.conf test failed”.

        • phelix001OP
          link
          fedilink
          arrow-up
          2
          ·
          5 years ago

          I scratched everything and started over…let’s see what haps