Configure automatic SSL renewals on NMID server

[hancush]

Doesn't look like we have a cron to auto renew certs (or an up-to-date version of Certbot) on the NMID server. Shelled in and manually renewed the cert like this:

sudo service nginx stop
./letsencrypt/letsencrypt-auto certonly -tvv --standalone --keep -d opennessproject.com
sudo service nginx start

(Follow recommendations from this thread after finding the LetsEncrypt command in the server's shell history.)

I guess this is fine, but it would be nice to not have to do this every SSL cert life cycle. Let's see if we can wire up auto renewals when we get spare cycles.

[hancush]

For some reason, opennessproject.com did not recognize the updated cert. The nginx access logs looked like this:

ubuntu@ip-10-0-0-169:~$ tail -f /var/log/nginx/error.log
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to [::]:80 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to [::]:80 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to 0.0.0.0:443 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: bind() to [::]:80 failed (98: Address already in use)
2021/04/08 20:00:24 [emerg] 17125#17125: still could not bind()

And there were no entries in the app access logs.

Looks like an Nginx process was started from root. I wound up following the instructions here to kill the old process and restart Nginx, and the issue was resolved.

ubuntu@ip-10-0-0-169:~$ ps aux -P | grep nginx
ubuntu   16993  0.0  0.0  10472   928 pts/0    S+   19:57   0:00 grep --color=auto nginx
root     28009  0.0  0.1  91588  2816 ?        Ss   Mar12   0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
www-data 28014  0.0  0.2  91868  4308 ?        S    Mar12  34:07 nginx: worker process
ubuntu@ip-10-0-0-169:~$ sudo fuser -k 443/tcp
443/tcp:             28009 28014
ubuntu@ip-10-0-0-169:~$ sudo service nginx restart
nginx stop/waiting
nginx start/running, process 17260
ubuntu@ip-10-0-0-169:~$ ps aux -P | grep nginx
root     17260  0.0  0.0  90820  1300 ?        Ss   20:02   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 17262  0.0  0.1  91512  3684 ?        S    20:02   0:00 nginx: worker process
ubuntu   17377  0.0  0.0  10472   924 pts/0    S+   20:06   0:00 grep --color=auto nginx

[hancush]

Auto renewal still not happening, but instructions in description work.

[smcalilly]

@hancush do we still need to do this?

[hancush]

@smcalilly Yes.

[smcalilly]

@hancush since we're working on this project now, do we want to take of this?