• Applications

  • [Discussion] Certificat SSL signé et gratuit avec Let's Encrypt

Merci pour la rapidité !

ci-après la réponse de la commande :

nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Sat 2016-12-03 11:30:35 CET; 8s ago
Docs: man:nginx(8)
Process: 14722 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 9607 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 25743 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Main PID: 9608 (code=exited, status=0/SUCCESS)

Dec 03 11:30:35 ks355.kimsufi.com nginx[25743]: nginx: [emerg] a duplicate listen 0.0.0.0:443 in /etc/ngin...nf:9
Dec 03 11:30:35 ks355.kimsufi.com nginx[25743]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 03 11:30:35 ks355.kimsufi.com systemd[1]: nginx.service: control process exited, code=exited status=1
Dec 03 11:30:35 ks355.kimsufi.com systemd[1]: Failed to start A high performance web server and a reverse ...ver.
Dec 03 11:30:35 ks355.kimsufi.com systemd[1]: Unit nginx.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.

je pense que tu as 2 fois un listen

nginx: [emerg] a duplicate listen 0.0.0.0:443 in /etc/ngin...nf:9

efface la ligne 9 de /etc/nginx/nginx.conf qui doit etre un listen ,je pense car tes log sont couper

Salut
Pour avoir les infos complètes:

systemctl -l status nginx.service

Ce sera mieux je pense 😉
Ex.

    Je ne vois pas dans mon fichier /etc/ngnix/ngix.conf de listen. Ci après mon fichier ngnix.conf

    user www-data;
    worker_processes auto;

    pid /var/run/nginx.pid;
    events { worker_connections 1024; }

    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

        access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log error;

    sendfile on;
    keepalive_timeout 20;
    keepalive_disable msie6;
    keepalive_requests 100;
    tcp_nopush on;
    tcp_nodelay off;
    server_tokens off;

    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_min_length 20;
    gzip_proxied any;
    gzip_types text/plain text/css application/json  application/x-javascript text/xml application/xml application/xml+rss  text/javascript;
    gzip_vary on;

    include /etc/nginx/sites-enabled/*.conf;
    include /etc/nginx/ssl/params.conf;

    }

    Par contre dans la commande que tu m'as donné précédemment, était en rouge :
    Active: failed (Result: exit-code) since Sat 2016-12-03 11:30:35 CET; 8s ago

    Process: 25743 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

    Dec 03 11:30:35 ks35.kimsufi.com systemd[1]: Failed to start A high performance web server and a reverse ...ver.

    ex_rat

    Ci après la commande complète :

    ● nginx.service - A high performance web server and a reverse proxy server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
    Active: failed (Result: exit-code) since Sat 2016-12-03 11:30:35 CET; 20min a go
    Docs: man:nginx(8)
    Process: 14722 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
    Process: 9607 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code =exited, status=0/SUCCESS)
    Process: 25743 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
    Main PID: 9608 (code=exited, status=0/SUCCESS)

    Dec 03 11:30:35 ks35.kimsufi.com nginx[25743]: nginx: [emerg] a duplicate l isten 0.0.0.0:443 in /etc/nginx/sites-enabled/rutorrent.conf:9
    Dec 03 11:30:35 ks35.kimsufi.com nginx[25743]: nginx: configuration file /e tc/nginx/nginx.conf test failed
    Dec 03 11:30:35 ks35.kimsufi.com systemd[1]: nginx.service: control process exited, code=exited status=1
    Dec 03 11:30:35 ks35.kimsufi.com systemd[1]: Failed to start A high perform ance web server and a reverse proxy server.
    Dec 03 11:30:35 ks35.kimsufi.com systemd[1]: Unit nginx.service entered fai led state.

    Merci de votre aide !

      dans /etc/nginx/sites-enabled/rutorrent.conf
      colle ta conf

        xavier

        server {
        listen 443 ssl;
    server_name bkc.fr;
    ssl_certificate /etc/letsencrypt/live/bkc.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bkc.fr/privkey.pem;

    ## etc
        listen 80 default_server;
        listen 443 default_server ssl http2;
        server_name _;

        index index.html index.php;
        charset utf-8;
        client_max_body_size 10M;

        ssl_certificate /etc/nginx/ssl/server.crt;
        ssl_certificate_key /etc/nginx/ssl/server.key;

        include /etc/nginx/conf.d/ciphers.conf;

        access_log /var/log/nginx/rutorrent-access.log combined;
        error_log /var/log/nginx/rutorrent-error.log error;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html { root /usr/share/nginx/html; }

        auth_basic "seedbox";
        auth_basic_user_file "/etc/nginx/passwd/rutorrent_passwd";

        location = /favicon.ico {
                access_log off;
                log_not_found off;
        }

        ## d  but config accueil serveur ##

        location ^~ / {
            root /var/www/base;
            include /etc/nginx/conf.d/php.conf;
            include /etc/nginx/conf.d/cache.conf;
            satisfy any;
            allow all;
        }

        ## fin config accueil serveur ##

        ## d  but config proxy ##

        location ^~ /proxy {
            root /var/www;
            include /etc/nginx/conf.d/php.conf;
            include /etc/nginx/conf.d/cache.conf;
        }

        ## fin config proxy ##

        ## d  but config rutorrent ##
location ^~ /rutorrent {
            root /var/www;
            include /etc/nginx/conf.d/php.conf;
            include /etc/nginx/conf.d/cache.conf;

            location ~ /\.svn {
                    deny all;
            }

            location ~ /\.ht {
                    deny all;
            }
        }

        location ^~ /rutorrent/conf/ {
                deny all;
        }

        location ^~ /rutorrent/share/ {
                deny all;
        }

        ## fin config rutorrent ##
 ## d  but config munin ##

        location ^~ /graph {
            root /var/www;
            include /etc/nginx/conf.d/php.conf;
            include /etc/nginx/conf.d/cache.conf;
        }

        location ^~ /graph/img {
            root /var/www;
            include /etc/nginx/conf.d/php.conf;
            include /etc/nginx/conf.d/cache.conf;
            error_log /dev/null crit;
        }

        location ^~ /monitoring {
            root /var/www;
            include /etc/nginx/conf.d/php.conf;
            include /etc/nginx/conf.d/cache.conf;
        }

        ## fin config munin ##

        ## d  but config seedbox-manager ##

        location ^~ /seedbox-manager {
        alias /var/www/seedbox-manager/public;
            include /etc/nginx/conf.d/php-manager.conf;
            include /etc/nginx/conf.d/cache.conf;
        }

        ## fin config seedbox-manager ##
## config utilisateurs  ##

        location /FBS {
            include scgi_params;
            scgi_pass 127.0.0.1:5001; #ou socket : unix:/home/username/.session/username.socket
            auth_basic "seedbox";
            auth_basic_user_file "/etc/nginx/passwd/rutorrent_passwd_fbs";
        }



        ## d but config hai ##
        location ^~ /dl {
        root /var/www/base;
        include /etc/nginx/conf.d/php.conf;
        include /etc/nginx/conf.d/cache.conf;
        #On appelle h5ai
        index index.html index.php /_h5ai/public/index.php;
        #On autorise le listing des fichiers
        autoindex on;
        #Facultatif on utilise l'auth de rutorrent
        auth_basic "Vous devez vous authentifier";
        auth_basic_user_file "/etc/nginx/passwd/rutorrent_passwd_fbs";
}
}

        Désolé pour la présentation, je n'arrive pas à mieux mettre en page

          ok
          donc change le début par

          server {
    listen 80 default_server;
    listen 443 default_server ssl http2;
    server_name _;

index index.html index.php;
charset utf-8;
client_max_body_size 10M;

ssl_certificate /etc/letsencrypt/live/bkc.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bkc.fr/privkey.pem;

include /etc/nginx/conf.d/ciphers.conf;

access_log /var/log/nginx/rutorrent-access.log combined;
error_log /var/log/nginx/rutorrent-error.log error;

error_page 500 502 503 504 /50x.html;
location = /50x.html { root /usr/share/nginx/html; }

auth_basic "seedbox";
auth_basic_user_file "/etc/nginx/passwd/rutorrent_passwd";

          Ok, j'ai fais la modif.
          Je relance ngix maintenant ?

          J'ai le même message d'erreur 🙁

          refait un
          systemctl -l status nginx.service
          tu as quoi dans default?

            il trouve pas ce fichier /etc/letsencrypt/live/domain.tld/fullchain.pem
            mais cest toi qui a changer bkc.fr par domain.tld?

            non je ne crois pas.
            Ne faudrait t'il pas que je change : ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; par ssl_trusted_certificate /etc/letsencrypt/live/bkc.fr/fullchain.pem; dans le fichier /etc/nginx/ssl/params.conf
            ?

            EDIT : En effet c'était bien cela ! Je suis nul ! je n'avais pas changé domain.tld par mon domaine dans le fichier /etc/nginx/ssl/params.conf.

            En tout cas merci beaucoup pour votre aide !

            Par contre encore une question pour le renouvellement du certificat.
            je stop ngnix, et lorsque je tape cette commande : ./certbot-auto renew j'obtient cette réponse : -bash: ./certbot-auto: No such file or directory . Es-ce normal ?

              fabb24 Faut te trouver dans le répertoire ou tu l'as cloné ! sinon tu fait cd /opt tu clone certbot et tu peux lancer le renouvellement.
              Comme ça il seras dans /opt pour le prochaine fois car /tmp si tu reboot et bien...

                Désolé pour cette question bête mais je débute, mais comment fait t'on pour cloner certbot dans cd /opt ?
                Merci