[Question]: Is the SSL Cert for the BB Subdomain made automatically?

Question

[Question]: Is the SSL Cert for the BB Subdomain made automatically?

Opened this issue a year ago · 9 comments

I'm getting this error mentioning the Lets Encrypt cert for the subdomain ill be using for LemmyBB

{"changed": true, "cmd": "nginx -s reload", "delta": "0:00:00.020479", "end": "2022-12-26 21:55:33.321149", "msg": "non-zero return code", "rc": 1, "start": "2022-12-26 21:55:33.300670", "stderr": "nginx: [emerg] cannot load certificate \"/etc/letsencrypt/live/mybbsubdomain/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file

Answer 1 · 2022-12-27T07:17:17.000Z

The manual installation does not create a certificate, you have to use certbot or acme.sh.

That is why the instructions say

and edit it to fit your setup

because it is also possible that you have a wildcard certificate

Answer 2 · 2022-12-27T15:14:57.000Z

I used the ansible installation. How should i go about creating the cert for the bb subdomain?

Answer 3 · 2022-12-27T15:33:39.000Z

Looks like the certbot commands are missing from the section "Install alongside existing Lemmy instance (native)". You can add that to your pull request by copying from the section above.

Answer 4 · 2022-12-27T15:47:45.000Z

@Nutomic would these be the correct commands to add to my pull request?

Install nginx config and set correct domains. Note that this config by default doesn't allow direct access to the API nor pictrs. This makes it harder for spam bots, but also means that Lemmy clients cant be used. The nginx config includes instructions for putting lemmy-ui behind HTTP Auth, so that only admins can access it.

wget https://raw.githubusercontent.com/LemmyNet/lemmyBB/main/docker/nginx.conf -O /etc/nginx/sites-enabled/lemmybb.conf

Request tls certificates (use your actual domains and email)

certbot certonly --nginx -d lemmybb.com -m contact@lemmybb.com

replacel lemmybb_domain with your domain by replacing lemmybb.com with your domain in this command

sed -i -e 's/$lemmybb_domain/lemmybb.com/g' /etc/nginx/sites-enabled/lemmybb.conf

reload nginx

nginx -s reload

open your daily cronjob

sudo crontab -e

and add these lines to automatically renew tls certificates

@daily certbot certonly --nginx -d lemmybb.com --deploy-hook 'nginx -s reload'

I'm confused by the nginx config part, I don't understand what it means that Lemmy clients cant be used. Does this mean I won't be able to use the Lemmy apps or?

Answer 5 · 2022-12-30T16:08:53.000Z

@Tealk can you take a look at these updated instructions? I tried them but they're not helping (I'm trying to fix the install lemmybb alongside existing lemmy instance instructions)

Answer 6 · 2022-12-30T22:41:57.000Z

think that this is not so easy, but I do not know much about the certbot
nginx could run into errors because of the ssl certificate

Answer 7 · 2022-12-31T13:40:33.000Z

Are there any instructions on deleting lemmybb? I cant get it to work and my instance has been down since i began trying

Answer 8 · 2022-12-31T17:12:32.000Z

lemmybb does not affect the lemmy instance

Answer 9 · 2023-01-02T13:47:33.000Z

If you want to enable the api and allow client usage, you need to uncomment these lines.

The instructions you put look good, but maybe it would be clearer to use something like your-domain.com instead of lemmybb.com.

For uninstalling you basically need to stop Lemmy and delete all the files you created previously.