Poxa with Certbot letsencrypt problem

Question

Poxa with Certbot letsencrypt problem

shincha3517 opened this issue 5 years ago · 5 comments

I tried to config poxa with SSL using certbot but got error as below

Poxa.conf
`HTTPS port
If not set, will use value of SSL_PORT environment variable
poxa.ssl.port = 443

PEM-encoded CA certificate path
If not set, will use value of SSL_CACERTFILE environment variable
#poxa.ssl.cacertfile = "/etc/letsencrypt/live/mydomain.com/fullchain.p$
Path to user certificate
If not set, will use value of SSL_CERTFILE environment variable
poxa.ssl.certfile = "/etc/letsencrypt/live/mydomain.com/cert.pem"

Path to the file containing the user's private PEM-encoded key
If not set, will use value of SSL_KEYFILE environment variable
poxa.ssl.keyfile = "/etc/letsencrypt/live/mydomain.com/privkey.pem"`

Console

`ubuntu@ip:~/poxa$ sudo _build/prod/rel/poxa/bin/poxa console
==> Generated sys.config in /home/ubuntu/poxa/_build/prod/rel/poxa/var
Erlang/OTP 20 [erts-9.2] [source] [64-bit] [smp:1:1] [ds:1:1:10] [async-threads:10] [kernel-poll:false]

14:27:36.943 [info] Starting Poxa, app_id: 5371F5AFFC91E on port 8080

14:27:36.944 [info] Starting Poxa using SSL on port 443
Interactive Elixir (1.5.0) - press Ctrl+C to exit (type h() ENTER for help)
iex(poxa@127.0.0.1)1>
14:27:41.426 [info] ['TLS', 32, 'server', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'received CLIENT ALERT: Fatal - Certificate Unknown', 10]

14:27:56.437 [info] ['TLS', 32, 'server', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'received CLIENT ALERT: Fatal - Certificate Unknown', 10]`

Client
window.Echo = new Echo({ broadcaster: 'pusher', wsHost: 'my-ip', wsPort: '8080', wssPort: '443', key: 'CfZddsmd9UGss', cluster: 'mt1', encrypted: true, authEndpoint: '/channel/broadcasting/auth', disableStats: true, enabledTransports: ['ws', 'wss'], });

Browser
WebSocket connection to 'wss://my-ip/app/CZddm9UGss?protocol=7&client=js&version=4.4.0&flash=false' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

Can anyone help me out?

Answer 1 · 2019-06-01T21:51:22.000Z

Hey @daoanhvuacc, how do I easily replicate this issue? :D

Answer 2 · 2019-06-02T08:11:38.000Z

Hi @edgurgel ,
Can you look at my Poxa.conf file and let me know if it was be configured correctly with:

poxa.ssl.cacertfile = "/etc/letsencrypt/live/mydomain.com/fullchain.pem
poxa.ssl.certfile = "/etc/letsencrypt/live/mydomain.com/cert.pem"
poxa.ssl.keyfile = "/etc/letsencrypt/live/mydomain.com/privkey.pem"

the console log as:
14:27:56.437 [info] ['TLS', 32, 'server', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'received CLIENT ALERT: Fatal - Certificate Unknown', 10]

Do you need more info to replicate my issue?

Answer 3 · 2019-06-02T08:55:52.000Z

Well easily replicating the issue usually means an easy way to run on my machine without a lot of setup.

Just by guessing... can you try using single quotes to define the ssl files?

I think this has to be an "erlang string" instead of an Elixir string.

poxa.ssl.cacertfile = '/etc/letsencrypt/live/mydomain.com/fullchain.pem'
poxa.ssl.certfile = '/etc/letsencrypt/live/mydomain.com/cert.pem'
poxa.ssl.keyfile = '/etc/letsencrypt/live/mydomain.com/privkey.pem'

Answer 4 · 2020-09-22T08:43:27.000Z

I also got the same error. Can you tell me how to fix it? Thank you very much!

Answer 5 · 2020-09-22T08:45:01.000Z

Environment variables:
POXA_SSL="true"
SSL_PORT="8443"
SSL_CACERTFILE="/etc/letsencrypt/live/vnpsever.com/fullchain.pem"
SSL_CERTFILE="/etc/letsencrypt/live/vnpsever.com/cert.pem"
SSL_KEYFILE="/etc/letsencrypt/live/vnpsever.com/privkey.pem"

Error: TLS :server: In state :wait_finished received CLIENT ALERT: Fatal - Certificate Unknown