Closed dongbohu closed 5 years ago
@dhimmel: I have tested the new scripts and renewed the SSL certificate on https://neo4j.het.io successfully.
@dhimmel: I realized this issue due to a message sent to team-contact
channel in Slack. You can take a look at that message (and my reply).
The exact error can be found in /var/log/letsencrypt/letsencrypt.log*
. It is kind of esoteric and tedious. Here is part of it:
2019-07-01 22:49:30,323:INFO:certbot.auth_handler:Performing the following challenges:
2019-07-01 22:49:30,323:INFO:certbot.auth_handler:http-01 challenge for neo4j.het.io
2019-07-01 22:49:30,324:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2019-07-01 22:49:30,324:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2019-07-01 22:49:30,324:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 76, in run
address, self.http_01_resources)
File "/usr/lib/python3/dist-packages/acme/standalone.py", line 189, in __init__
BaseDualNetworkedServers.__init__(self, HTTP01Server, *args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/standalone.py", line 108, in __init__
raise socket.error("Could not bind to IPv4 or IPv6.")
OSError: Could not bind to IPv4 or IPv6.
If you don't have any other comments, please feel free to merge it. Thanks.
This PR adds
pre
andpost
renewal scripts so that the SSL certificate can be renewed successfully. Thepre
script stops neo4j docker container before renewal process (otherwise port 80 would be taken by the docker container and the renewal would fail); andpost
scripts starts the docker container.