I'm using Debian 9 and NGINX to deploy my app Django.
When I type:
sudo certbot --nginx -d example.com -d www.example.com
I get the next error:
Failed authorization procedure. example.com (http-01):
urn:acme:error:tls :: The server experienced a TLS error during domain
verification :: Fetching https://example.com/.well-known/acme-
challenge/H9WJVzPYJ93jewGJjkUFFKQJBJ8-YT7t9z-Sw_PQQUg: remote error: tls:
internal error
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: tls
Detail: Fetching
https://example.com/.well-known/acme-
challenge/H9WJVzPYJ93jewGJjkUFFKQJBJ8-YT7t9z-Sw_PQQUg:
remote error: tls: internal error
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
you have an up-to-date TLS configuration that allows the server to
communicate with the Certbot client.
I do not know what I'm doing wrong...
Related
The Problem
I'm getting started with MongoDB on Python, I have a Ubuntu machine in my local network and MongoDB is installed there. When I try to connect with database using Python from Mac it throughs me an error. I searched about it and found out there is a .service called mongod.service that needs to be started along with mongodb.service. But when I try to start the mongod.service the it says the .service doesn't even exist. I tried both with IP and mongodb url, nothing works.
Ubuntu Terminal
$ sudo service mongod start
$ Failed to start mongod.service: Unit mongod.service not found.
$ sudo systemctl start mongod
$ Failed to start mongod.service: Unit mongod.service not found.
DataBase Link (a)
mongodb://user:password#192.168.0.106/database
Python Script (a)
#!/usr/bin/env python3
from pymongo import MongoClient
client = MongoClient('mongodb://user:password#192.168.0.106/database')
db = client['database']
collection = db['collection']
json = dict(message='hello world', token=0)
collection.insert_one(json)
macOS Terminal (a)
pymongo.errors.ServerSelectionTimeoutError: 192.168.0.106:27017: [Errno 61] Connection refused, Timeout: 30s, Topology Description: <TopologyDescription id: 60e140982a43032aef0dd634, topology_type: Single, servers: [<ServerDescription ('192.168.0.106', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('192.168.0.106:27017: [Errno 61] Connection refused')>]>
DataBase Link (b)
mongodb+srv://user:password#cluster0.h9fmz.mongodb.net/database?retryWrites=true&w=majority
Python Script (b)
#!/usr/bin/env python3
from pymongo import MongoClient
client = MongoClient('mongodb+srv://user:password#cluster0.h9fmz.mongodb.net/database?retryWrites=true&w=majority')
db = client['database']
collection = db['collection']
json = dict(message='hello world', token=0)
collection.insert_one(json)
macOS Terminal (b)
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/pymongo/pool.py", line 1278, in _get_socket
sock_info = self.sockets.popleft()
IndexError: pop from an empty deque
During handling of the above exception, another exception occurred:
.....
.....
.....
pymongo.errors.OperationFailure: bad auth : Authentication failed., full error: {'ok': 0, 'errmsg': 'bad auth : Authentication failed.', 'code': 8000, 'codeName': 'AtlasError'}
Note That
I'm providing the correct username and password for the database.
I'm using a machine on my local network, which is not a live server.
I've also tried the following commands but they did not solve anything.
Ubuntu Terminal
$ mongod --auth --port 27017
$ mongod --port 27017
$ sudo rm /var/lib/mongodb/mongod.lock
$ sudo mongod --repair
For accessing mongodb from another machine in local network. You will need to check the following:
There is no firewall restriction in the server machine or client machine. In case there is a firewall, you will need to add rule exceptions to allow this port to be accessible. Both incoming and outgoing. (Ubuntu firewall)
You will have to add bindIp config to the mongodb config in server machine. Refer to docs here. You will need to add something like this:
net:
bindIp: 0.0.0.0
port: 27017
Make sure you are able to connect using this ip: 192.168.0.106(server in local network) from the server machine itself. This will make sure the server is listening in this ip.
$ Failed to start mongod.service: Unit mongod.service not found.
The solution for this error could be found here
The mongo atlas error might be due to the following reasons:
You will have to create an database user in order to connect to mongodb.
you can find it under the left panel -> Database access -> Add user
This will be because of a mismatch with username and password. In case you have any special characters in your password you will have to url encode them.
I am getting an error when trying to secure a Flask website with Certbot. I do not receive the following error on a normal site but when running Certbot on a Flask sudo certbot --apache
site I get:
Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/j7Q5mIX-Cmk9wevuSQxxfBV5KBBgyQuoG9HXUEbU2Gw:
I am running Apache on Ubuntu 18.04 and Python2.7
After installing Django I tried to install SSL using Let's Encrypt with Nginx,
sudo certbot --nginx -d [mydomain.com]
But I get this error,
Domain: [mydomain.com]
Type: unknownHost
Detail: No valid IP addresses found for [mydomain.com]
My domain is accessible and there are A entries.
What is wrong?
I set up a Mosquitto server a few days ago using https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-debian-8.
Playing around with it, everything seemd to be working like I wanted. I am able to connect an android client and MQTTSpy to my own server.
Yesterday I had the great idea of looking for a Kodi plugin that would push status and info to MQTT: https://github.com/owagner/kodi2mqtt
It is able to find the server as I see changes in the Mosquitto log file, however I keep getting the same error:
1492549927: New connection from 81.240.134.64 on port 8883.
1492549927: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1492549927: Socket error on client <unknown>, disconnecting.
1492549932: New connection from 81.240.134.64 on port 8883.
1492549933: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1492549933: Socket error on client <unknown>, disconnecting.
1492549934: New connection from 81.240.134.64 on port 8883.
1492549934: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1492549934: Socket error on client <unknown>, disconnecting.
1492549939: New connection from 81.240.134.64 on port 8883.
1492549939: OpenSSL Error: error:140780E5:SSL routines:SSL23_READ:ssl handshake failure
1492549939: Socket error on client <unknown>, disconnecting.
From what I understand there are some issues with certificates but I am not 100% sure what is missing. In the other applications I do not need to provide my own certificates, so I don't see what is missing. I tried using the generated certificates in the Kodi addon, however they seem not to work and I get a different error:
1492541859: New connection from 81.240.134.64 on port 8883.
1492541860: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1492541860: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1492541860: Socket error on client <unknown>, disconnecting.
1492541862: New connection from 81.240.134.64 on port 8883.
1492541862: OpenSSL Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
1492541862: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
1492541862: Socket error on client <unknown>, disconnecting.
I'm not sure in what direction I should check. Is something wrong with my server/certificates (seems unlikely since other clients are working) or is something wrong with the python code of the Kodi addon? If so, could anyone shed some light on what is missing (I know my way around coding, just not really around certificate things).
Thanks for the help!
Joren C.
Your python client will need access to the trusted certificate authority. Copy the signed public certificate The browser clients don't need that because they already come loaded with trusted certificate authorities.
If the kodi addon is using the paho mqtt client library , then the following should fix it..
client.tls_set('$your server's public cert$.crt')
Try ssl connection:
openssl s_client -connect 81.240.134.xxx:8883 -CAfile /etc/certs/file.crt -debug
I setup a vagrant VM with django installed, and setup the port forwarding like this:
config.vm.network "forwarded_port", guest: 8000, host: 8001
So in the guest machine I run the django server like this:
python manage.py 0.0.0.0:8000
And the server starts up and tells me its running on http://127.0.0.1:8000
When I open up firefox on the host machine and point it to http://127.0.0.1:8001, it automatically redirects to https://127.0.0.1:8001 and I get this error:
An error occurred during a connection to 127.0.0.1:8001. SSL received
a record that exceeded the maximum permissible length. Error code:
SSL_ERROR_RX_RECORD_TOO_LONG
Nowhere in the settings.py file does it force https. I don't know whats causing it to redirect to https, or how I can go about figuring that out. Is this a problem with virtualbox, vagrant or django?
These error messages appear in the terminal where I run the server:
[06/Jan/2017 05:17:22] code 400, message Bad request syntax ('\x16\x03\x01\x00¥\x01\x00\x00¡\x03\x03d')
You're accessing the development server over HTTPS, but it only supports HTTP.
[06/Jan/2017 05:17:31] code 400, message Bad HTTP/0.9 request type ("\x16\x03\x01\x00¥\x01\x00\x00¡\x03\x03É\x8aVY#¦Û2\x
9c'\x1a5n¬òðÿ𪪮pÛ%å\x15#8jÕQé\x00\x00")
You're accessing the development server over HTTPS, but it only supports HTTP.
So the question is why is my browser trying to access the server over HTTPS?
You need to add this in your settings.py file :
SECURE_SSL_REDIRECT = False
For further reading, Read from here.