Closed Philippe687 closed 2 years ago
By default, MeshCentral will use the next available port if a port is busy. So, because port 80 is busy, it's using 81. The Let's Encrypt service requires that the ownership test be conducted on port 80 and this can't be changed. There is likely a service using your port 80 and so this is causing the problem.
If you are using a reverse proxy and it redirecting the external port 80 to port 81 on MeshCentral, then you can add the following line in the settings section of the config.json:
"redirAliasPort": 80
That will tell MeshCentral that even if it's listening on port 81, to pretend that it's actually on port 80 since the reverse proxy is doing the redirection. Of course, this will not fix Let's Encrypt unless port 80 is truly redirected to port 81.
One more thing. Since it looks like you are using a reverse proxy, you may want to have the reverse proxy get the Let's Encrypt cert and not have MeshCentral do that work. From your output above, your having MeshCentral load the cert from the reverse proxy. In this case, you should have the reverse proxy get the Let's Encrypt cert and have MeshCentral not to any TLS at all.
Hope that makes sense.
Hello Ylian,
NODE is using PORT:80
Not sure to understand all in your previous message... Sorry (I'm a linux newbie); I think I need to read it again and again and investigate to know how to release port 80.
Hi Ylian, Port 80 is now free. My colleag tried to install reverse proxy to work with let's encrypt because she didn't have success with Meshcetral. My opinion is that it's look easier to let Meashcentral get the let's encrypt cert :). All the lights are green now :
root@meshcentral1:~# node node_modules/meshcentral/ --debug
DB: Connected to MongoDB database...
MAIN: Core module windows-amt is 361391 bytes.
MAIN: Core module linux-amt is 329918 bytes.
MAIN: Core module linux-noamt is 287627 bytes.
MAIN: Core module windows-recovery is 95430 bytes.
MAIN: Core module linux-recovery is 71814 bytes.
MAIN: Core module windows-agentrecovery is 29981 bytes.
MAIN: Core module linux-agentrecovery is 6365 bytes.
MAIN: Core module windows-tiny is 6305 bytes.
MAIN: Core module linux-tiny is 6305 bytes.
MeshCentral HTTP redirection server running on port 81.
CERT: LE: Getting certs from local store (Staging)
CERT: LE: Reading certificate files
CERT: LE: Setting LE cert for default domain.
CERT: loadCertificate() - Loading certificate from control.clicandpublish.com:443, Hostname: control.clicandpublish.com...
MeshCentral v0.7.99, WAN mode.
CERT: loadCertificate() - TLS connected, got certificate.
Loaded web certificate from "https://control.clicandpublish.com:443/", host: "control.clicandpublish.com"
SHA384 cert hash: b346851bb0bc89fbc955ba2cde46355aacb5859011d65acbcecc45c9dd54e5021e624a141d57267f42557b58d6702de6
SHA384 key hash: c31d5c5fb535df508a0cd109c1657cb7ab3f667ae3345c76bd534ae3f058f6820675be7cae85065c8e6dc348f1e9dd92
DISPATCH: AddEventDispatch [ '*' ]
DISPATCH: DispatchEvent [ '*' ]
MAIN: Server started
MAIN: Started watchdog timer.
ERR: ERROR: MeshCentral Intel(R) AMT server port 4433 is not available.
MeshCentral HTTPS server running on control.clicandpublish.com:444.
CERT: LE: Certificate has 87 day(s) left.
I will continue to work around.
Anyway thank you for your help.
Looks like you did get a Let's Encrypt certificate, but are still configured to load the certificate from the reverse proxy that is in front of MeshCentral. That does not make sense. Ether MeshCentral does the TLS and has the trusted certificate, or your reverse proxy will do TLS and have the trusted cert. You can't have both.
Hi Ylian, I didn't set any reverse proxy... And I don't know where I should look to cancel this setting; So I will Re install my server tomorrow from scratch; Anyway, I have to practice. Last question : I saw posts from you in the past in French ! So you speak french ?
Peut-être pouvous-nous échanger par mail en français si vous en etes d'accord. preaud@visualcom.nc
Bravo encore pour votre job !
Best Regards,
Merci. Ah oui, je parle français... mais le vieux français du Québec.
C'est peut-être le plus "original" :). Vive le Québec ! Pour ma part, je suis dans le pacific sud... Nouvelle-Calédonie (entre l'Australie et la NZ).
Désolé de t'embeter encore avec mon certificat mais avant de tout ré installé j'ai insisté et du coup j'ai généré un certificat lets encrypt dans le repertoire /etc/letsencrypt/live/control.clicandpublish.com/ . Je suis tombé sur un post ou utilisateur avait lié les fichiers de certificat et avaient renommés les liens pour que MeshCentral les utilise. J'ai donc créé les liens dans le repertoire /root/meshcentral-data/letsencrypt-certs/ et j'ai supprimé les fichiers nommés "Staging" mais au redémarrage du serveur il me les a re créé... et continue de les utiliser.
y a t il un moyen pour dire à MeashCentral d'utiliser les certificats letsencrypts autogénérés ?
Je ne penses pas être très loin de la solution... et encore merci pour ton aide :)
Hello Ylian, c'est good !!! J'ai just ajouté le _ devant "letsenscrypt" et ça a marché !!! Excellent !!!
Bonne continuation et bravo encore pour le job !
Hi All, I'm trying to use Let's Encrypt certificat. I have an issue on my redirection port 80. I've set "redirPort": 80, in my config.json but when i launch the --debug comand i see "MeshCentral HTTP redirection server running on port 81.".
Do you know if i'm on the right way ?
Let's debug said all ok...![image](https://user-images.githubusercontent.com/29157130/125226772-6dc33b00-e31d-11eb-8d85-19c031b97ac3.png)
Best regards,