letsencrypt

droogi · 8 February 2022 22:09

Hello,
i cannot access my dyndns-adressed anymore.

http://ip/nextcloud is possible,
https://ip/nextcloud is not possible
http://ip/wiki leads to https://redirect.to/wiki and is not possible

I have installed nginx (78 and 79 by nextcloud installation), but not Lighttpd

I tried to run dietpi-letsencrypt and to disable redirect and disable hsts and keep existing certificate.

 Date           | Tue Feb  8 22:51:00 CET 2022
- DietPi version | v8.1.2 (MichaIng/master)
- Image creator  | DietPi Core Team
- Pre-image      | Raspbian Lite
- Hardware       | RPi 4 Model B (armv7l) (ID=4)
- Kernel version | `Linux DietPi4 5.10.92-v7l+ #1514 SMP Mon Jan 17 17:38:03 GMT 2022 armv7l GNU/Linux`
- Distro         | bullseye (ID=6,RASPBIAN=1)
- Command        | `systemctl restart lighttpd`
- Exit code      | 1
- Software title | DietPi-LetsEncrypt

Job for lighttpd.service failed because the control process exited with error code.
See "systemctl status lighttpd.service" and "journalctl -xe" for details.

systemctl status lighttpd.servise gives

lighttpd.service - Lighttpd Daemon
     Loaded: loaded (/lib/systemd/system/lighttpd.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2022-02-08 22:50:52 CET; 2min 52s ago
    Process: 14547 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
    Process: 14554 ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEP
TION)
   Main PID: 14554 (code=exited, status=255/EXCEPTION)
        CPU: 143ms

Feb 08 22:50:52 DietPi4 systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Feb 08 22:50:52 DietPi4 systemd[1]: Stopped Lighttpd Daemon.
Feb 08 22:50:52 DietPi4 systemd[1]: lighttpd.service: Start request repeated too qui
ckly.
Feb 08 22:50:52 DietPi4 systemd[1]: lighttpd.service: Failed with result 'exit-code'
.
Feb 08 22:50:52 DietPi4 systemd[1]: Failed to start Lighttpd Daemon.
Feb 08 22:51:00 DietPi4 systemd[1]: lighttpd.service: Start request repeated too qui
ckly.
Feb 08 22:51:00 DietPi4 systemd[1]: lighttpd.service: Failed with result 'exit-code'
.
Feb 08 22:51:00 DietPi4 systemd[1]: Failed to start Lighttpd Daemon.

in my fritzbox ports are 443, 3478, 51820, 80 are forwarded, and i did not change the settings…
after reinstalling with dietpi-software reinstall 92 i can run letsencrypt with existing certificate without error, but still don´t have access to my webpage.
do you have a suggestion how to procede?

Joulinar · 8 February 2022 22:30

You have installed nginx as well as Lighttpd. This is a conflicting configuration as both are web server and both aim to use same ports. Probably your https configuration has been done on Lighttpd, which is failing at the moment. Therefore you are not able to reach it on HTTPS.

Did you installed both with a purpose? Just one web server should be enough.

droogi · 8 February 2022 22:42

I have not installed lighttpd on purpose, in dietpi-software list it is 78 and 78, not 79 and not 80.
So I should try

apt remove lighttpd

?

Joulinar · 8 February 2022 23:02

can you share following

dietpi-software list | grep " =2 "
ss -tulpn | grep LISTEN

droogi · 8 February 2022 23:08

  root@DietPi4 [00:05:24]~ # dietpi-software list | grep " =2 "
ID 0 | =2 | OpenSSH Client: Feature-rich SSH, SFTP and SCP client |
ID 5 | =2 | ALSA: Advanced Linux Sound Architecture |
ID 6 | =2 | X.Org X Server: aka X11 - X Window System implementation |
ID 16 | =2 | Build-Essential: GNU C/C++ compiler, development libraries and headers |
ID 17 | =2 | Git: Clone and manage Git repositories locally |
ID 23 | =2 | LXDE: ultra lightweight desktop | +ALSA +X.Org X Server +browser | https://dietpi.com/docs/software/desktop/#lxde
ID 27 | =2 | TasmoAdmin: Website to manage ESP8266 devices flashed with Tasmota | +PHP +webserver | https://dietpi.com/docs/software/home_automation/#tasmoadmin
ID 29 | =2 | XRDP: remote desktop protocol (rdp) server | +desktop | https://dietpi.com/docs/software/remote_desktop/#xrdp
ID 35 | =2 | Logitech Media Server: aka SlimServer, SqueezeCenter, Squeezebox Server | | https://dietpi.com/docs/software/media/#logitech-media-server
ID 66 | =2 | RPi-Monitor: Web interface for Raspberry Pi real-time monitoring | | https://dietpi.com/docs/software/system_stats/#rpi-monitor
ID 67 | =2 | Firefox: web browser for desktop | +ALSA +X.Org X Server | https://dietpi.com/docs/software/desktop/#firefox
ID 69 | =2 | Python 3 RPi.GPIO: Control Raspberry Pi GPIO channels in Python 3 | | https://dietpi.com/docs/software/hardware_projects/#rpigpio
ID 73 | =2 | Fail2Ban: prevents brute-force attacks with ip ban | | https://dietpi.com/docs/software/system_security/#fail2ban
ID 78 | =2 | LESP: Nginx    | SQLite  | PHP | +Nginx +SQLite +PHP | https://dietpi.com/docs/software/webserver_stack/#lesp-web-stack
ID 79 | =2 | LEMP: Nginx    | MariaDB | PHP | +Nginx +MariaDB +PHP | https://dietpi.com/docs/software/webserver_stack/#lemp-web-stack
ID 85 | =2 | Nginx: Lightweight webserver | +PHP | https://dietpi.com/docs/software/webserver_stack/#nginx
ID 87 | =2 | SQLite: Persistent single-file database system | | https://dietpi.com/docs/software/databases/#sqlite
ID 88 | =2 | MariaDB: Persistent cached file-per-table database server | | https://dietpi.com/docs/software/databases/#mariadb
ID 89 | =2 | PHP: Hypertext Preprocessor for dynamic web content | | https://dietpi.com/docs/software/webserver_stack/#php
ID 90 | =2 | phpMyAdmin: Optional MariaDB web interface admin tools | +MariaDB +PHP +webserver | https://dietpi.com/docs/software/databases/#phpmyadmin
ID 91 | =2 | Redis: Volatile in-memory non-SQL database server | | https://dietpi.com/docs/software/databases/#redis
ID 92 | =2 | Certbot: Obtain and renew Let's Encrypt SSL certs for HTTPS | | https://dietpi.com/docs/software/system_security/#lets-encrypt
ID 93 | =2 | Pi-hole: block adverts for any device on your network | +Git +SQLite +PHP +webserver | https://dietpi.com/docs/software/dns_servers/#pi-hole
ID 94 | =2 | ProFTPD: Efficient, lightweight FTP server | | https://dietpi.com/docs/software/file_servers/#proftpd
ID 96 | =2 | Samba Server: Feature-rich SMB/CIFS server | | https://dietpi.com/docs/software/file_servers/#samba
ID 103 | =2 | DietPi-RAMlog: Makes /var/log a RAM disk, preserves file structure on reboot | | https://dietpi.com/docs/software/log_system/#dietpi-ramlog
ID 105 | =2 | OpenSSH Server: Feature-rich SSH server with SFTP and SCP support | +OpenSSH Client | https://dietpi.com/docs/software/ssh/#openssh
ID 114 | =2 | Nextcloud: File sync, sharing and collaboration platform | +MariaDB +PHP +Redis +webserver | https://dietpi.com/docs/software/cloud/#nextcloud
ID 117 | =2 | PiVPN: openvpn/wireguard server install & management tool | +Git | https://dietpi.com/docs/software/vpn/#pivpn
ID 123 | =2 | Mosquitto: MQTT messaging broker | | https://dietpi.com/docs/software/hardware_projects/#mosquitto
ID 130 | =2 | Python 3: Runtime system, pip package installer and development headers | | https://dietpi.com/docs/software/programming/#python-3
ID 136 | =2 | MotionEye: Web interface & surveillance for your camera | +FFmpeg DISABLED for Debian bullseye | https://dietpi.com/docs/software/camera/#motioneye
ID 150 | =2 | Mono: Runtime libraries and repository |
ID 168 | =2 | Nextcloud Talk: Video calls with configured Coturn server | +Nextcloud | https://dietpi.com/docs/software/cloud/#nextcloud-talk
ID 170 | =2 | UnRAR: unarchiver for .rar files |
ID 182 | =2 | Unbound: validating, recursive, caching DNS resolver | | https://dietpi.com/docs/software/dns_servers/#unbound
ID 200 | =2 | DietPi-Dashboard (beta): Official lightweight DietPi web interface (Rust) | | https://dietpi.com/docs/software/system_stats/#dietpi-dashboard
root@DietPi4 [00:05:31]~ #

 
root@DietPi4 [00:05:31]~ # ss -tulpn | grep LISTEN
tcp   LISTEN 0      4096                                    0.0.0.0:3483       0.0.0.0:*    users:(("squeezeboxserve",pid=964,fd=9))                                                
tcp   LISTEN 0      100                                     0.0.0.0:1883       0.0.0.0:*    users:(("mosquitto",pid=968,fd=4))                                                      
tcp   LISTEN 0      50                                      0.0.0.0:445        0.0.0.0:*    users:(("smbd",pid=719,fd=44))                                                          
tcp   LISTEN 0      128                                     0.0.0.0:49152      0.0.0.0:*    users:(("squeeze2upnp-ar",pid=1033,fd=3))                                               
tcp   LISTEN 0      4096                                    0.0.0.0:45185      0.0.0.0:*    users:(("squeezeboxserve",pid=964,fd=32))                                               
tcp   LISTEN 0      4096                                    0.0.0.0:9090       0.0.0.0:*    users:(("squeezeboxserve",pid=964,fd=27))                                               
tcp   LISTEN 0      128                                     0.0.0.0:5252       0.0.0.0:*    users:(("dietpi-dashboar",pid=540,fd=6))                                                
tcp   LISTEN 0      5                                     127.0.0.1:4711       0.0.0.0:*    users:(("pihole-FTL",pid=671,fd=10))                                                    
tcp   LISTEN 0      4096                                    0.0.0.0:9000       0.0.0.0:*    users:(("squeezeboxserve",pid=964,fd=33))                                               
tcp   LISTEN 0      256                                   127.0.0.1:5353       0.0.0.0:*    users:(("unbound",pid=586,fd=4))                                                        
tcp   LISTEN 0      80                                    127.0.0.1:3306       0.0.0.0:*    users:(("mariadbd",pid=791,fd=21))                                                      
tcp   LISTEN 0      511                                   127.0.0.1:6379       0.0.0.0:*    users:(("redis-server",pid=725,fd=7))                                                   
tcp   LISTEN 0      50                                      0.0.0.0:139        0.0.0.0:*    users:(("smbd",pid=719,fd=45))                                                          
tcp   LISTEN 0      511                                     0.0.0.0:80         0.0.0.0:*    users:(("nginx",pid=913,fd=5),("nginx",pid=912,fd=5),("nginx",pid=911,fd=5),("nginx",pid=910,fd=5),("nginx",pid=909,fd=5))
tcp   LISTEN 0      32                                      0.0.0.0:53         0.0.0.0:*    users:(("pihole-FTL",pid=671,fd=5))                                                     
tcp   LISTEN 0      1024                                   10.6.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=136))                                                   
tcp   LISTEN 0      1024                                   10.6.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=135))                                                   
tcp   LISTEN 0      1024                            192.168.178.170:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=128))                                                   
tcp   LISTEN 0      1024                            192.168.178.170:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=127))                                                   
tcp   LISTEN 0      1024                                  127.0.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=120))                                                   
tcp   LISTEN 0      1024                                  127.0.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=119))                                                   
tcp   LISTEN 0      1024                                   10.6.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=98))                                                    
tcp   LISTEN 0      1024                                   10.6.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=97))                                                    
tcp   LISTEN 0      1024                            192.168.178.170:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=90))                                                    
tcp   LISTEN 0      1024                            192.168.178.170:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=89))                                                    
tcp   LISTEN 0      1024                                  127.0.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=82))                                                    
tcp   LISTEN 0      1024                                  127.0.0.1:3478       0.0.0.0:*    users:(("turnserver",pid=917,fd=81))                                                    
tcp   LISTEN 0      128                                     0.0.0.0:22         0.0.0.0:*    users:(("sshd",pid=594,fd=3))                                                           
tcp   LISTEN 0      1024                                   10.6.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=140))                                                   
tcp   LISTEN 0      1024                                   10.6.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=139))                                                   
tcp   LISTEN 0      1024                            192.168.178.170:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=132))                                                   
tcp   LISTEN 0      1024                            192.168.178.170:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=131))                                                   
tcp   LISTEN 0      1024                                  127.0.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=124))                                                   
tcp   LISTEN 0      1024                                  127.0.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=123))                                                   
tcp   LISTEN 0      1024                                   10.6.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=102))                                                   
tcp   LISTEN 0      1024                                   10.6.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=101))                                                   
tcp   LISTEN 0      1024                            192.168.178.170:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=94))                                                    
tcp   LISTEN 0      1024                            192.168.178.170:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=93))                                                    
tcp   LISTEN 0      1024                                  127.0.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=86))                                                    
tcp   LISTEN 0      1024                                  127.0.0.1:3479       0.0.0.0:*    users:(("turnserver",pid=917,fd=85))                                                    
tcp   LISTEN 0      5                                       0.0.0.0:8888       0.0.0.0:*    users:(("rpimonitord",pid=996,fd=5))                                                    
tcp   LISTEN 0      256                                   127.0.0.1:8953       0.0.0.0:*    users:(("unbound",pid=586,fd=6))                                                        
tcp   LISTEN 0      100                                        [::]:1883          [::]:*    users:(("mosquitto",pid=968,fd=5))                                                      
tcp   LISTEN 0      2                                             *:3389             *:*    users:(("xrdp",pid=585,fd=11))                                                          
tcp   LISTEN 0      50                                         [::]:445           [::]:*    users:(("smbd",pid=719,fd=42))                                                          
tcp   LISTEN 0      5                                         [::1]:4711          [::]:*    users:(("pihole-FTL",pid=671,fd=13))                                                    
tcp   LISTEN 0      511                                       [::1]:6379          [::]:*    users:(("redis-server",pid=725,fd=8))                                                   
tcp   LISTEN 0      50                                         [::]:139           [::]:*    users:(("smbd",pid=719,fd=43))                                                          
tcp   LISTEN 0      511                                        [::]:80            [::]:*    users:(("nginx",pid=913,fd=6),("nginx",pid=912,fd=6),("nginx",pid=911,fd=6),("nginx",pid=910,fd=6),("nginx",pid=909,fd=6))
tcp   LISTEN 0      128                                           *:21               *:*    users:(("proftpd",pid=711,fd=0))                                                        
tcp   LISTEN 0      32                                         [::]:53            [::]:*    users:(("pihole-FTL",pid=671,fd=7))                                                     
tcp   LISTEN 0      128                                        [::]:22            [::]:*    users:(("sshd",pid=594,fd=4))                                                           
tcp   LISTEN 0      2                                         [::1]:3350          [::]:*    users:(("xrdp-sesman",pid=565,fd=7))                                                    
tcp   LISTEN 0      1024                                      [::1]:3478          [::]:*    users:(("turnserver",pid=917,fd=105))                                                   
tcp   LISTEN 0      1024                                      [::1]:3478          [::]:*    users:(("turnserver",pid=917,fd=106))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3478          [::]:*    users:(("turnserver",pid=917,fd=113))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3478          [::]:*    users:(("turnserver",pid=917,fd=114))                                                   
tcp   LISTEN 0      1024                                      [::1]:3478          [::]:*    users:(("turnserver",pid=917,fd=143))                                                   
tcp   LISTEN 0      1024                                      [::1]:3478          [::]:*    users:(("turnserver",pid=917,fd=144))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3478          [::]:*    users:(("turnserver",pid=917,fd=151))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3478          [::]:*    users:(("turnserver",pid=917,fd=152))                                                   
tcp   LISTEN 0      1024                                      [::1]:3479          [::]:*    users:(("turnserver",pid=917,fd=109))                                                   
tcp   LISTEN 0      1024                                      [::1]:3479          [::]:*    users:(("turnserver",pid=917,fd=110))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3479          [::]:*    users:(("turnserver",pid=917,fd=117))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3479          [::]:*    users:(("turnserver",pid=917,fd=118))                                                   
tcp   LISTEN 0      1024                                      [::1]:3479          [::]:*    users:(("turnserver",pid=917,fd=147))                                                   
tcp   LISTEN 0      1024                                      [::1]:3479          [::]:*    users:(("turnserver",pid=917,fd=148))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3479          [::]:*    users:(("turnserver",pid=917,fd=155))                                                   
tcp   LISTEN 0      1024   [2a02:810d:8500:ba4:dea6:32ff:fe54:4972]:3479          [::]:*    users:(("turnserver",pid=917,fd=156))                                                   
tcp   LISTEN 0      256                                       [::1]:8953          [::]:*    users:(("unbound",pid=586,fd=5))                                                        
root@DietPi4 [00:10:07]~ #

Joulinar · 8 February 2022 23:12

did you have done anything with PiHole? Any reinstall or repair?

droogi · 8 February 2022 23:17

I remember I updated lists,
I removed dietpi4 as dns in Fritzbox , I think it’s not used

Joulinar · 8 February 2022 23:25

you could try to clean up

systemctl unmask lighttpd
systemctl disable --now lighttpd
rm -Rf /lib/systemd/system/lighttpd.service.d
G_AGP lighttpd
rm -Rf /etc/lighttpd
rm -f /var/www/index.lighttpd.html
rm -f /etc/systemd/system/certbot.service.d/dietpi-lighttpd.conf

Hopefully dietpi-letsencrypt is going to detect Nginx now.

droogi · 9 February 2022 05:03

I removed lighttpd completely with above commands.
Dietpi-letsencrypt runs without failures and homepage is back again.

What I did before.I installed :
Radarr
Sonarr
Lidarr
jackett and
transmission.

It was running, I downloaded two movies and some music.
/Tmp was full 100% and caused mistakes (you supposed me in
https://dietpi.com/forum/t/no-space-left-on-device/6175/1)
I removed 5 software with diet-software uninstall

I have an image of SD card, if you want I could try to do it again and see where lighttpd was installed

Thanks for support

Joulinar · 9 February 2022 11:28

Radarr, Sonarr, Lidarr, jackett and transmission do not require any web server in addition. All of then have their own build-in one. Basically a software removal will not trigger lighttpd install. Simply not possible with our script.

The only thing I really could think of, is an attempted to try to repair PiHole via pihole command. Using the wrong option could lead to a lighttpd installation.

droogi · 20 February 2022 20:23

Today I updated pihole using

pihole -u

.
In this step lighttp is installed and enabled after reboot.

[✓] Checking for netcat-openbsd
  [i] Checking for lighttpd (will be installed)
  [✓] Checking for php7.4-common
  [✓] Checking for php7.4-cgi
  [✓] Checking for php7.4-sqlite3
  [✓] Checking for php7.4-xml
  [✓] Checking for php7.4-intl
  [✓] Checking for php7.4-json
  [i] Processing apt-get install(s) for: lighttpd, please wait...

debconf: delaying package configuration, since apt-utils is not installed
Vormals nicht ausgewähltes Paket lighttpd wird gewählt.
(Lese Datenbank ... 125272 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../lighttpd_1.4.59-1+deb11u1_armhf.deb ...
Entpacken von lighttpd (1.4.59-1+deb11u1) ...
lighttpd (1.4.59-1+deb11u1) wird eingerichtet ...
Enabling unconfigured: ok
Run "service lighttpd force-reload" to enable changes
Created symlink /etc/systemd/system/multi-user.target.wants/lighttpd.service → /lib/systemd/system/lighttpd.service.

  [✓] Enabling lighttpd service to start on reboot...
  [✓] Checking for user 'pihole'

  [i] FTL Checks...

  [✓] Detected ARMv7 processor (with hard-float support)
  [i] Checking for existing FTL binary...
  [✓] Downloading and Installing FTL
  [✓] Installing scripts from /etc/.pihole

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [i] Installing /etc/.pihole/advanced/06-rfc6761.conf..  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf

  [i] Installing blocking page...
  [i] Creating directory for blocking page, and copying   [✓] Creating directory for blocking page, and copying files
  [✓] Backing up index.lighttpd.html

  [✓] Installing sudoer file

  [✓] Installing latest Cron script

  [i] Installing latest logrotate script...
        [i] Existing logrotate file found. No changes made.
  [i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
  [i] man not installed
  [i] Testing if systemd-resolved is enabled
  [i] Systemd-resolved is not enabled
  [i] Restarting lighttpd service...
  Unable to complete update, please contact Pi-hole Support[i][/i]

The -u command ist described in the dietpi how to update pihole site

I remove lighttpd with above commands.
Regards droogi

Joulinar · 20 February 2022 20:40

pihole -u did not exist and should not work. The official command to update PiHole would be -up or updatePihole. Available commands can be shown via pihole -h. But these are PiHole own commands and not something we provide from DietPi side.

Looks like a “bad” behaviour of PiHole to assume lighttpd to be installed

MichaIng
do you know if there is a way to hold back PiHole own update script to force a lighttpd installation? I mean it is possible on install due to --disable-install-webserver flag. But would be similar working on update?

droogi · 20 February 2022 21:52

Correction: I used
pihole -up