Le 17/05/2018 à 09:04, Jacques Le Roux a écrit :
Le 16/05/2018 à 22:26, Jacques Le Roux a écrit :
When I read the content in my local Git repo it's commented out. I guess I
should manually change it on the VM and restart the app with Gradle?
As it's a bit late already, I let you handle this last part ;)
OK I remember now that you documented the app restart at
https://cwiki.apache.org/confluence/display/FREEMARKER/try.freemarker.org+maintenance+and+installation
I'll do so now and will have a look at the code change for the renew
Jacques
I have just changed the file according to my previous message, ie modified to
keyStorePath: /etc/letsencrypt/live/certificate.p12
keyStorePassword: HTTPDisUnnecessary
and also while at it (not sure we want that)
validateCerts: true
But after setting the iptables for 443-8443 (v4 and v6), saving the change and
restarting the app it did not work:
May 17 11:51:06 freemarker-vm systemd[1]: Stopped FreeMarker Online Tester.
May 17 11:51:06 freemarker-vm systemd[1]: Started FreeMarker Online Tester.
May 17 11:52:10 freemarker-vm java[14009]: MultiException[java.lang.IllegalStateException: no valid keystore, java.lang.IllegalStateException: no
valid keystore, java.util.concurrent.RejectedExecutionException: org.eclipse.jetty.io.Manag
May 17 11:52:10 freemarker-vm java[14009]: at
org.eclipse.jetty.server.Server.doStart(Server.java:382)
May 17 11:52:10 freemarker-vm java[14009]: at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
May 17 11:52:10 freemarker-vm java[14009]: at
io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53)
May 17 11:52:10 freemarker-vm java[14009]: at
io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
May 17 11:52:10 freemarker-vm java[14009]: at
io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
May 17 11:52:10 freemarker-vm java[14009]: at
io.dropwizard.cli.Cli.run(Cli.java:78)
May 17 11:52:10 freemarker-vm java[14009]: at
io.dropwizard.Application.run(Application.java:93)
May 17 11:52:10 freemarker-vm java[14009]: at
org.apache.freemarker.onlinetester.dropwizard.FreeMarkerOnlineTester.main(FreeMarkerOnlineTester.java:43)
So I commented out the HTTPS part
# # FOR PRODUCTION:
# - type: https
# port: 8443
# keyStorePath: /etc/letsencrypt/live/certificate.p12
# keyStoreType: PKCS12
# keyStorePassword: HTTPDisUnnecessary
# validateCerts: true
and restarted the app
Now http://try.freemarker.org/ works again, but no longer
http://try.freemarker.apache.org/ which is redirected to
https://try.freemarker.apache.org/
I don't understand the redirect. Does have this changed before my change? I
don't know.
I have double-checked, thought I have not reverted the config yet, HTTPD is no
longer working.
Maybe it's due to the certificate (created for a.o) but I can't see how
DropWizard would now relate to it, since
keyStorePath: /etc/letsencrypt/live/certificate.p12
and the whole HTTPS block, is commented out :/
I'll get back to that later...
Jacques
