[SAC] [OSGeo] #2470: osgeo6 issue with docs.geotools.org ssl

OSGeoTrac · June 3, 2020, 9:43pm

#2470: osgeo6 issue with docs.geotools.org ssl
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2020-I
Component: Systems Admin | Keywords:
---------------------------+--------------------------------------
Looking into this now

I tried to update a redirect link in the (old) grass server but cannot
reload the apache config:

Jun 03 13:15:24 osgeo6 systemd[1]: Reloading LSB: Apache2 web server.
Jun 03 13:15:24 osgeo6 apache2[29872]: Reloading web server: apache2
failed!
Jun 03 13:15:24 osgeo6 apache2[29872]: The apache2 configtest failed.
Not doing anything. ... (warning).
Jun 03 13:15:24 osgeo6 apache2[29872]: Output of config test was:
Jun 03 13:15:24 osgeo6 apache2[29872]: apache2: Syntax error on line
219 of /etc/apache2/apache2.conf: Syntax error on line 20 of /etc/apache2
/sites-enabled/docs.geotools.o...or directory Jun 03 13:15:24 osgeo6
apache2[29872]: Action 'configtest' failed.
Jun 03 13:15:24 osgeo6 apache2[29872]: The Apache error log may have more
information.
Jun 03 13:15:24 osgeo6 systemd[1]: apache2.service: control process
exited, code=exited status=1 Jun 03 13:15:24 osgeo6 systemd[1]: Reload
failed for LSB: Apache2 web server.

The reason is:

cat /etc/apache2/sites-enabled/docs.geotools.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost 140.211.15.3:443>

ServerAdmin sac@lists.osgeo.org
ServerName docs.geotools.org

ErrorLog ${APACHE_LOG_DIR}/docs.geotools.org-error.log
...
Include /etc/letsencrypt/options-ssl-apache.conf <==== does not
exist
</VirtualHost>
</IfModule>

I don't know which one would be right:

locate options-ssl-apache.conf
/etc/apache2/includes/options-ssl-apache.conf
...
/root/etc/osgeo6/apache2/includes/options-ssl-apache.conf
/root/etc/osgeo6/letsencrypt/options-ssl-apache.conf

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2470>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 3, 2020, 9:46pm

#2470: osgeo6 issue with docs.geotools.org ssl
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2020-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Description changed by robe:

Old description:

Looking into this now

I tried to update a redirect link in the (old) grass server but cannot
reload the apache config:

Jun 03 13:15:24 osgeo6 systemd[1]: Reloading LSB: Apache2 web server.
Jun 03 13:15:24 osgeo6 apache2[29872]: Reloading web server: apache2
failed!
Jun 03 13:15:24 osgeo6 apache2[29872]: The apache2 configtest failed.
Not doing anything. ... (warning).
Jun 03 13:15:24 osgeo6 apache2[29872]: Output of config test was:
Jun 03 13:15:24 osgeo6 apache2[29872]: apache2: Syntax error on line
219 of /etc/apache2/apache2.conf: Syntax error on line 20 of /etc/apache2
/sites-enabled/docs.geotools.o...or directory Jun 03 13:15:24 osgeo6
apache2[29872]: Action 'configtest' failed.
Jun 03 13:15:24 osgeo6 apache2[29872]: The Apache error log may have more
information.
Jun 03 13:15:24 osgeo6 systemd[1]: apache2.service: control process
exited, code=exited status=1 Jun 03 13:15:24 osgeo6 systemd[1]: Reload
failed for LSB: Apache2 web server.

The reason is:

cat /etc/apache2/sites-enabled/docs.geotools.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost 140.211.15.3:443>

    ServerAdmin sac@lists.osgeo.org
    ServerName docs.geotools.org

    ErrorLog ${APACHE_LOG_DIR}/docs.geotools.org-error.log
...
Include /etc/letsencrypt/options-ssl-apache.conf <==== does not
exist
</VirtualHost>
</IfModule>

I don't know which one would be right:

locate options-ssl-apache.conf
/etc/apache2/includes/options-ssl-apache.conf
...
/root/etc/osgeo6/apache2/includes/options-ssl-apache.conf
/root/etc/osgeo6/letsencrypt/options-ssl-apache.conf

New description:

Looking into this now

note from neteler

{{{
I tried to update a redirect link in the (old) grass server but cannot
reload the apache config:

Jun 03 13:15:24 osgeo6 systemd[1]: Reloading LSB: Apache2 web server.
Jun 03 13:15:24 osgeo6 apache2[29872]: Reloading web server: apache2
failed!
Jun 03 13:15:24 osgeo6 apache2[29872]: The apache2 configtest failed.
Not doing anything. ... (warning).
Jun 03 13:15:24 osgeo6 apache2[29872]: Output of config test was:
Jun 03 13:15:24 osgeo6 apache2[29872]: apache2: Syntax error on line
219 of /etc/apache2/apache2.conf: Syntax error on line 20 of /etc/apache2
/sites-enabled/docs.geotools.o...or directory Jun 03 13:15:24 osgeo6
apache2[29872]: Action 'configtest' failed.
Jun 03 13:15:24 osgeo6 apache2[29872]: The Apache error log may have more
information.
Jun 03 13:15:24 osgeo6 systemd[1]: apache2.service: control process
exited, code=exited status=1 Jun 03 13:15:24 osgeo6 systemd[1]: Reload
failed for LSB: Apache2 web server.

The reason is:

cat /etc/apache2/sites-enabled/docs.geotools.org-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost 140.211.15.3:443>

ServerAdmin sac@lists.osgeo.org
ServerName docs.geotools.org

ErrorLog ${APACHE_LOG_DIR}/docs.geotools.org-error.log
...
Include /etc/letsencrypt/options-ssl-apache.conf <==== does not
exist
</VirtualHost>
</IfModule>

I don't know which one would be right:

locate options-ssl-apache.conf
/etc/apache2/includes/options-ssl-apache.conf
...
/root/etc/osgeo6/apache2/includes/options-ssl-apache.conf
/root/etc/osgeo6/letsencrypt/options-ssl-apache.conf

}}}

--

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2470#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 3, 2020, 10:42pm

#2470: osgeo6 issue with docs.geotools.org ssl
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2020-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by robe):

okay this is a very odd set up. All the certs are in
/root/etc/osgeo/letsencrypt. Only thing I can think of is maybe someone
create a link letsencrypt to put /letsencrypt to that folder

I didn't check before hand, but when I ran certbot-auto it upgraded to a
new version of certbot and the /etc/letsencrypt folder is now empty. All
the websites are pointing at the /etc/letsencrypt path giving that the
include file was already missing, I'm tempted to think this folder was
empty before.

Does anyone know why the certs were installed in /root/etc/osgeo6?

I'm tempted to just move everything back to /etc/letsencrypt

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2470#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · June 3, 2020, 11:05pm

#2470: osgeo6 issue with docs.geotools.org ssl
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2020-I
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------------------------
Changes (by robe):

* status: new => closed
* resolution: => fixed

Comment:

Okay for now to fix I did

{{{
ln -s /root/etc/osgeo6/letsencrypt /etc/letsencrypt
}}}

Also deleted the gdal (which is on osgeo7) and drone (also deleted the
drone.osgeo.org site) certs and removed them

{{{
certbot-auto delete
}}}

which showed

{{{
1: docs.geotools.org
2: drone.osgeo.org
3: gdal.org
4: geos.osgeo.org
5: geotools.org
6: grass.osgeo.org
7: grasswiki.osgeo.org
8: lists.osgeo.org
9: mapserver.org
10: osgeo6.osgeo.osuosl.org

}}}

2,7

Also needed to reinstall grass.osgeo.org cert, for some reason was missing

{{{
certbot-auto certonly

specified grass.osgeo.org

}}}

Then reran below to make sure no issues left

{{{
certbot-auto renew
systemctl restart apache2
}}}

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2470#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.