Problem with lighttpd not detecting a folder that has ssl certificate inside

Troubleshooting
, ,
1

Details:

  • Date | Thu Apr 27 20:24:19 BST 2023
  • DietPi version | v8.16.2 (MichaIng/master)
  • Image creator |
  • Pre-image |
  • Hardware | RPi 3 Model B (aarch64) (ID=3)
  • Kernel version | Linux tubzpi 5.15.84-v8+ #1613 SMP PREEMPT Thu Jan 5 12:03:08 GMT 2023 aarch64 GNU/Linux
  • Distro | bullseye (ID=6,RASPBIAN=0)
  • Command | systemctl start lighttpd
  • Exit code | 1
  • Software title | DietPi-LetsEncrypt

Steps to reproduce:

  1. Try to delete SSL certificate because you’ve messed something up, using certbot delete.
  2. doesn’t work so delete the location manually
  3. think it would remake the directory, (It did)
  4. run certbot certonly to get a new certificate,
  5. for some reason it says I’ve made more than five in the last hundred hours.
  6. check /etc/letsencrypt/live/
  7. see there’s another called tubzpi.xyz-0001
  8. confused.
  9. systemctl start lighttpd

  10. Job for lighttpd.service failed because the control process exited with error code. See systemctl status lighttpd.service and journalctl -xe for details.

  11. lighttpd -tt -f /etc/lighttpd/lighttpd.conf
    2023-04-27 20:24:57: fdevent.c.1150) fdevent_load_file() /etc/letsencrypt/live/tubzpi.xyz/fullchain.pem: No such file or directory
    2023-04-27 20:24:57: server.c.1244) Initialization of plugins failed. Going down.

  12. check that directory

  13. /etc/letsencrypt/live/tubzpi.xyz# ls
    README cert.pem chain.pem fullchain.pem privkey.pem

  14. nano into any of them and they all say new file for some reason, like they don’t exist.
  15. start to panic.

Expected behaviour:

-Well what should’ve happened was the server was meant to boot, and the website work, but it didn’t, and I’m pretty sure it was something to do with the https code in the config file being wrong, however I checked syntax and it said OK. So I need help to fix the problem of this not working, and how to get https.
And I delete the -0001 file, there’s still an hour left until I can get a new certificate, but I’m afraid that if I try to make a new one, it will make me wait another few days. I didn’t know there was the dietpi-letsencrypt command otherwise I wold not have messed with the config file and all that in the first place, but I did not see it, and the internet didn’t tell me, and I didn’t look properly as well. Any help appreciated.
Here is output from both journalctl -xe, and systemctl status lighttpd.service

I’m not sure how to paste everything from journalctl -xe as it doesn’t show all on my screen, and scrolling up is not useful.

systemctl status lighttpd.service
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/lighttpd.service.d
└─dietpi.conf
Active: failed (Result: exit-code) since Thu 2023-04-27 20:46:02 BST; 1min 42s ago
Process: 18682 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPTION)
CPU: 894ms

Apr 27 20:46:02 tubzpi systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Apr 27 20:46:02 tubzpi systemd[1]: Stopped Lighttpd Daemon.
Apr 27 20:46:02 tubzpi systemd[1]: lighttpd.service: Start request repeated too quickly.
Apr 27 20:46:02 tubzpi systemd[1]: lighttpd.service: Failed with result ‘exit-code’.
Apr 27 20:46:02 tubzpi systemd[1]: Failed to start Lighttpd Daemon.

Additional logs:

Job for lighttpd.service failed because the control process exited with error code.
See "systemctl status lighttpd.service" and "journalctl -xe" for details.
2

you should clean the whole /etc/letsencrypt/ directory and all sub folder from your incorrect created domain/certificate.

To get the system back working, we could remove https configuration.

rm /etc/lighttpd/conf-enabled/50-dietpi-https.conf
systemctl restart lighttpd.service

This should bring back your web server on http for now

1 Like
3

is there any specific command I have to use to clean the directory?
And after that if I run the lets encrypt program will it automatically apply https?

4

yes, should be if you use dietpi-letsencrypt

simply go to all directory and use rm command to clean files and folder related to your DDNS name.

1 Like
5

okay so rm -r /etc/letsencrypt/
anything else I needs to rm -r?

6

you removed the whole directory /etc/letsencrypt/???

1 Like
7

no no my mistake i havent deleted the whole directory. i worded it wrong, I got use to making directories to store stuff then delete them so yh. So the files inside are accounts archive cli.ini csr keys live renewal renewal-hooks
I’m not sure which ones to rm

8

usually files and folder should be named with your DDNS. These one to clean only.

9

files inside are accounts archive cli.ini csr keys live renewal renewal-hooks

none of these are named with my ddns…

10

except for the live one which has the file tubzpi.xyz in it, should I rm that?

11

yes clean this one and remove https configuration for the moment

rm /etc/lighttpd/conf-enabled/50-dietpi-https.conf
systemctl restart lighttpd.service
12

Oh wait its a directory, should i clear everything inside? this is whats inside,

README cert.pem chain.pem fullchain.pem privkey.pem

13

I would remove the whole directory.

1 Like
14

Done. Its gone. ive restarted lighttpd and its working now. Thanks. Is it okay for me to run dietpi-letsencrypt
also

systemctl status lighttpd
Apr 27 21:41:56 tubzpi lighttpd[19338]: 2023-04-27 21:41:56: configfile.c.1142) WARNING: unknown config-key: url.redirect (ignored)

okay to ignore?

15

for now should be fine as it is a warning only.

1 Like
16

okay thanks, after running dietpi-letsencyrpt, do I need to turn on any settings? The only one I’ve turned on is redirect, is that okay?

17

you mean redirect from http to https? Usually all settings should be applied automatically.

1 Like
18

yes, it says it forces HTTP redirects to HTTPS, should I leave it on or turn it off?

19

yes a setting I recommend

1 Like
20 
[  OK  ] DietPi-LetsEncrypt | Lighttpd webserver detected
[  OK  ] DietPi-LetsEncrypt | systemctl start lighttpd
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for tubzpi.xyz
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: tubzpi.xyz, retry after 2023-04-27T21:03:58Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Please see the logfiles in /var/log/letsencrypt for more details.
[FAILED] DietPi-LetsEncrypt | Certbot failed, please check its above terminal output. Aborting...

its past that time it should work now right?