Hi, I am following the instructions in http://docs.openhab.org/installation/security.html
and I have openHAB 2 on an openHABian raspberry Pi 2 - working on local LAN.
Using sudo openhabian-config, I have tried to install the NGINX reverse proxy with Let’s Encrypt certificates.
As instructed, I have port 80 open on my firewall for the certbot to do it’s thing during setup.
All goes well, up to the point where it says "Creating Let’s Encrypt certificate…"
Then the process stops and openhabian-config shows a screen saying I should report this to the community.
See the tail end of the output I get, there are no errors or warnings up to this point.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Creating Let's Encrypt certificate...
/usr/local/bin/openhabian-config: line 787: 27521 Illegal instruction certbot certonly --webroot -w /var/www/$domain -d $domain
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
We hope you got what you came for! See you again soon ;)
Hi, yes, I entered my public domain name. Just that though. I didn’t put https etc.
Just the domain name. Looking through the docs and my machine, I can see that the directories named after the domain have been created. and the nginx config file has entries to my domain in it.
Yes, certainly. I have tried many times now. I always get the same result.
my firewall is definitely open on :80 and :443 forwarding to my machine local IP.
When I visit the external domain name, I see the openhab ui on http, but site not found on https (expected as https is not being set up due to this issue).
I tried following the manual steps in the docs, but the cerbot command doesn’t seem to fetch any certs, but doesn’t give any errors either.
Hi thanks for looking into this.
No I didn’t install anything myself. I only used the default install of the OS and then openhabian-config to do everything.
So, if it is the wrong version, I guess we need to bring this to the attention of someone who can update the packages in openhabian?
Also, I found a workaround for the setup breaking for me.
I got my Start_SSL certificate from my OH1 setup and added that by hand to the nginx conf file for openhab (/etc/nginx/sites-enabled/openhab)
generally following the instructions for self signed certificates in the docs.
It would help to know which version you are on. My guess is, that something went wrong there. Could you please post the results of the two commands I’ve shown in my previous answer?
[16:45:09] pi@openHABianPi:~$ dpkg -s certbot
Package: certbot
Status: install ok installed
Priority: extra
Section: web
Installed-Size: 74
Maintainer: Debian Let's Encrypt <letsencrypt-devel@lists.alioth.debian.org>
Architecture: all
Source: python-certbot
Version: 0.9.3-1~bpo8+2
Replaces: letsencrypt
Provides: letsencrypt
Depends: dialog, python-certbot (= 0.9.3-1~bpo8+2), init-system-helpers (>= 1.18~), python, python:any (>= 2.7~)
Suggests: python-certbot-apache, python-certbot-doc
Breaks: letsencrypt (<= 0.6.0)
Conffiles:
/etc/cron.d/certbot 88d0bd291b44222e55a073ae3e4cdba3
Description: automatically configure HTTPS using Let's Encrypt
The objective of Certbot, Let's Encrypt, and the ACME (Automated
Certificate Management Environment) protocol is to make it possible
to set up an HTTPS server and have it automatically obtain a
browser-trusted certificate, without any human intervention. This is
accomplished by running a certificate management agent on the web
server.
.
This agent is used to:
.
- Automatically prove to the Let's Encrypt CA that you control the website
- Obtain a browser-trusted certificate and set it up on your web server
- Keep track of when your certificate is going to expire, and renew it
- Help you revoke the certificate if that ever becomes necessary.
.
This package contains the main application, including the standalone
and the manual authenticators.
Homepage: https://certbot.eff.org/
[16:45:50] pi@openHABianPi:~$
Also one of the first things I checked. That could have been the case with a RPi1.
Okay your situation is pretty strange and not what I would expect on a recent installation of openHABian. Would it be an option for you to backup and start with a fresh installation?
I am sorry, it is not an option for me to do a fresh install on this machine. I was forced to move to OH2 after my OH1 setup died - I have a lot of devices around the house - so I can’t play around too much.
What I might do is buy another RPi 2 and try to replicate on that so I don’t mess up my working setup.
BTW. I should add, I did find a workaround (I mentioned it in a previous post), so personally, I am not blocked by this issue any more, but I am happy to stick on it if it helps other people.
Same problem for me: “cerbot --version” (even after reinstall with “apt install certbot -t jessie-backport”) gives an “illegal instruction” in line 878 on a RasPi 1B with latest Raspian Jessie.
Any further hints…?
(an hour later): Okay, doesn’t help me anyway. Tried to get the certificate from my desktop Ubuntu. Certbot works there but I learned, that I cannot get a certificate from LetsEncrypt as my DDNS subdomain exeeds the limits: too many request from all the other users of the same DDNS service - too many subdomains…