I have these notes on installing CouchDB with certbot to install an SSL cert on
a DigitalOcean Ubuntu 16.04 vps.
Maybe they will help...
## Configure SSL - Lets Encrypt
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo mkdir /opt/couchdb/letsencrypt
sudo certbot certonly --webroot -w /var/www/cherrypc --config-dir
/opt/couchdb/letsencrypt --logs-dir /var/log/couchdb -d cherrypc.com
sudo chmod 600 /opt/couchdb/letsencrypt/live/cherrypc.com/cert.pem
sudo chmod 600 /opt/couchdb/letsencrypt/live/cherrypc.com/privkey.pem
sudo chmod 600 /opt/couchdb/letsencrypt/live/cherrypc.com/fullchain.pem
sudo chown -R couchdb /opt/couchdb/letsencrypt/
sudo nano /opt/couchdb/etc/local.ini
## You will need to modify the following entries:
[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's
below.
; the default ssl port CouchDB listens on is 6984
httpsd = {chttpd, start_link, [https]}
[ssl]
port = 6984
cert_file = /opt/couchdb/letsencrypt/live/azartiz.com/cert.pem
key_file = /opt/couchdb/letsencrypt/live/azartiz.com/privkey.pem
cacert_file = /opt/couchdb/letsencrypt/live/azartiz.com/fullchain.pem
## restart CouchDB
—
Kindest Regards,
Bill Stephenson
Tech Support
www.cherrypc.com <http://www.ezinvoice.com/>
1-417-546-8390
> On Dec 4, 2019, at 2:15 PM, Narepalepu, Vimal Abhishek
> <[email protected]> wrote:
>
> Hi,
>
> Using CouchDB 2.3.1. Configured the local.ini as below:
>
> [chttpd]
> port = 5984
> bind_address = 0.0.0.0
>
> [ssl]
> enable = true
> port = 6984
> cert_file = <path>
> key_file = <path>
>
> The certificates are trusted signed. And now after restarting the couchdb
> service and using "curl -v https://domain:6984"; gives the below error:
>
> * Trying IP ADDRESS...
> * Connected to IP ADDRESS port 6984 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * NSS error -5938 (PR_END_OF_FILE_ERROR)
> * Encountered end of file
> * Closing connection 0
> curl: (35) Encountered end of file
>
> Tried above using https://localhost:6984 and still see the same error.
>
> From couch logs:
>
> [notice] 2chttpd_auth_cache changes listener died database_does_not_exist at
> mem3_shards:load_shards_from_db/6(line:395) <=
> mem3_shards:load_shards_from_disk/1(line:370) <=
> mem3_shards:load_shards_from_disk/2(line:399) <=
> mem3_shards:for_docid/3(line:86) <= fabric_doc_open:go/3(line:39) <=
> httpd_auth_cache:ensure_auth_ddoc_exists/2(line:195) <=
> chttpd_auth_cache:listen_for_changes/1(line:142)
> [error] 2019-12-04T19:52:22.041264Z [email protected] emulator -------- Error
> in process <0.9139.0> on node '[email protected]' with exit value:
> {database_does_not_exist,[{mem3_shards,load_shards_from_db,"_users",[{file,"src/mem3_shards.erl"},{line,395}]},{mem3_shards,load_shards_from_disk,1,[{file,"src/mem3_shards.erl"},{line,370}]},{mem3_shards,load_shards_from_disk,2,[{file,"src/mem3_shards.erl"},{line,399}]},
> {mem3_shards,for_docid,3,[{file,"src/mem3_shards.erl"},{line,86}]},{fabric_doc_open,go,3,[{file,"src/fabric_doc_open.erl"},{line,39}]},
> {chttpd_auth_cache,ensure_auth_ddoc_exists,2,[{file,"src/chttpd_auth_cache.erl"},{line,195}]},{chttpd_auth_cache,listen_for_changes,1,[{file,"src/chttpd_auth_cache.erl"},{line,142}]}]}
>
>
> netstat -plnt command shows that it is listening on port 6984. "0
> 0.0.0.0:6984"
>
> Not sure if I am missing any configuration that is not allowing me to access
> couchdb securely.
>
>
> Best,
> Vimal
>
>
>
>
> The information in this e-mail is intended only for the person to whom it is
> addressed. If you believe this e-mail was sent to you in error and the e-mail
> contains patient information, please contact the Partners Compliance HelpLine
> at
> http://www.partners.org/complianceline . If the e-mail was sent to you in
> error
> but does not contain patient information, please contact the sender and
> properly
> dispose of the e-mail.
