hetio / hetionet

Hetionet: an integrative network of disease
https://neo4j.het.io
264 stars 69 forks source link

Add pre/post renewal hooks scripts #24

Closed dongbohu closed 5 years ago

dongbohu commented 5 years ago

This PR adds pre and post renewal scripts so that the SSL certificate can be renewed successfully. The pre script stops neo4j docker container before renewal process (otherwise port 80 would be taken by the docker container and the renewal would fail); and post scripts starts the docker container.

dongbohu commented 5 years ago

@dhimmel: I have tested the new scripts and renewed the SSL certificate on https://neo4j.het.io successfully.

dongbohu commented 5 years ago

@dhimmel: I realized this issue due to a message sent to team-contact channel in Slack. You can take a look at that message (and my reply).

The exact error can be found in /var/log/letsencrypt/letsencrypt.log*. It is kind of esoteric and tedious. Here is part of it:

2019-07-01 22:49:30,323:INFO:certbot.auth_handler:Performing the following challenges:
2019-07-01 22:49:30,323:INFO:certbot.auth_handler:http-01 challenge for neo4j.het.io
2019-07-01 22:49:30,324:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2019-07-01 22:49:30,324:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2019-07-01 22:49:30,324:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/plugins/standalone.py", line 76, in run
    address, self.http_01_resources)
  File "/usr/lib/python3/dist-packages/acme/standalone.py", line 189, in __init__
    BaseDualNetworkedServers.__init__(self, HTTP01Server, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/standalone.py", line 108, in __init__
    raise socket.error("Could not bind to IPv4 or IPv6.")
OSError: Could not bind to IPv4 or IPv6.
dongbohu commented 5 years ago

If you don't have any other comments, please feel free to merge it. Thanks.