Now https works, and only the cron job and documenting things on the cwiki is missing (the copy-paste cron script mostly, I guess).
Thursday, May 17, 2018, 7:47:20 PM, Daniel Dekany wrote: > Thursday, May 17, 2018, 3:05:02 PM, Jacques Le Roux wrote: > >> Le 17/05/2018 à 09:04, Jacques Le Roux a écrit : >>> Le 16/05/2018 à 22:26, Jacques Le Roux a écrit : >>>> When I read the content in my local Git repo it's commented out. I guess I >>>> should manually change it on the VM and restart the app with Gradle? >>>> >>>> As it's a bit late already, I let you handle this last part ;) >>> OK I remember now that you documented the app restart at >>> https://cwiki.apache.org/confluence/display/FREEMARKER/try.freemarker.org+maintenance+and+installation >>> I'll do so now and will have a look at the code change for the renew >>> >>> Jacques >>> >> I have just changed the file according to my previous message, ie modified to >> keyStorePath: /etc/letsencrypt/live/certificate.p12 >> keyStorePassword: HTTPDisUnnecessary >> and also while at it (not sure we want that) >> validateCerts: true >> >> But after setting the iptables for 443-8443 (v4 and v6), saving the >> change and restarting the app it did not work: >> >> May 17 11:51:06 freemarker-vm systemd[1]: Stopped FreeMarker Online Tester. >> May 17 11:51:06 freemarker-vm systemd[1]: Started FreeMarker Online Tester. >> May 17 11:52:10 freemarker-vm java[14009]: >> MultiException[java.lang.IllegalStateException: no valid keystore, >> java.lang.IllegalStateException: no > > That was because the service had no right to read the parent directory > of the p12 file. (Yeah, that error message is not very helpful...) I > have fixed that. So now the only problem we have what I said in the > other mail. And we will need the cron script... or maybe a systemd > timer unit instead. > >> valid keystore, java.util.concurrent.RejectedExecutionException: >> org.eclipse.jetty.io.Manag >> May 17 11:52:10 freemarker-vm java[14009]: at >> org.eclipse.jetty.server.Server.doStart(Server.java:382) >> May 17 11:52:10 freemarker-vm java[14009]: at >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) >> May 17 11:52:10 freemarker-vm java[14009]: at >> io.dropwizard.cli.ServerCommand.run(ServerCommand.java:53) >> May 17 11:52:10 freemarker-vm java[14009]: at >> io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44) >> May 17 11:52:10 freemarker-vm java[14009]: at >> io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87) >> May 17 11:52:10 freemarker-vm java[14009]: at >> io.dropwizard.cli.Cli.run(Cli.java:78) >> May 17 11:52:10 freemarker-vm java[14009]: at >> io.dropwizard.Application.run(Application.java:93) >> May 17 11:52:10 freemarker-vm java[14009]: at >> org.apache.freemarker.onlinetester.dropwizard.FreeMarkerOnlineTester.main(FreeMarkerOnlineTester.java:43) >> >> So I commented out the HTTPS part >> # # FOR PRODUCTION: >> # - type: https >> # port: 8443 >> # keyStorePath: /etc/letsencrypt/live/certificate.p12 >> # keyStoreType: PKCS12 >> # keyStorePassword: HTTPDisUnnecessary >> # validateCerts: true >> and restarted the app >> >> Now http://try.freemarker.org/ works again, but no longer >> http://try.freemarker.apache.org/ which is redirected to >> https://try.freemarker.apache.org/ >> I don't understand the redirect. Does have this changed before my change? I >> don't know. >> I have double-checked, thought I have not reverted the config yet, HTTPD is >> no longer working. >> Maybe it's due to the certificate (created for a.o) but I can't see >> how DropWizard would now relate to it, since >> keyStorePath: /etc/letsencrypt/live/certificate.p12 >> and the whole HTTPS block, is commented out :/ >> >> I'll get back to that later... >> >> Jacques >> >> > -- Thanks, Daniel Dekany
