search

prose-im / prose-app-web

Prose Web application. XMPP client for team messaging.
https://prose.org/downloads
Mozilla Public License 2.0
19 stars 2 forks source link

prose.org TLS failure #32

Closed nesium closed 5 months ago

nesium commented 5 months ago

Should go into the pod repo but I'll put it here so that the most recent tickets are close to each other.

I’ve noticed that my CLI tool for testing couldn’t connect to the Prose server anymore, so I went and installed the Prose Pod on a DigitalOcean droplet (worked great!) only to find out that server to server connections to prose.org also fail…

nsm.chat:tls        warn    TLS negotiation with prose.org failed.
s2sout7f0a33d533e0       info   Outgoing s2s stream nsm.chat->prose.org closed: TLS negotiation failed
s2sout7f0a33d533e0       info   Sending error replies for 1 queued stanzas because of failed outgoing connection to prose.org
stanzarouter             warn   Unhandled s2s_destroyed stream element or stanza: failure; xmlns=urn:ietf:params:xml:ns:xmpp-tls: <failure xmlns='urn:ietf:params:xml:ns:xmpp-tls' xml:lang='en'/>
stanzarouter        warn    Unhandled s2s_destroyed stream element or stanza: failure; xmlns=urn:ietf:params:xml:ns:xmpp-tls: <failure xmlns='urn:ietf:params:xml:ns:xmpp-tls' xml:lang='en'/>

Connections from Adium fail as well.

valeriansaliou commented 5 months ago

Offloaded this one on my ToDo, it appears that LetsEncrypt renewal hook didn't reload Prosody properly after certificate renewal. Thanks!

valeriansaliou commented 5 months ago

Should be fixed by now. Following Debian 10 to 12 update, LetsEncrypted changed its default permissions for the key file, and Prosody did not have access anymore but did not refuse to start therefore it was not visible on monitoring. Oops.