Styjun

Am I being scammed by a sugar daddy?

How to remove the empty page that is placed after the ToC, List of figures and List of tables

Harley Davidson clattering noise from engine, backfire and failure to start

Is it good practice to create tables dynamically?

French citizen, did I need a visa in 2004 and 2006 when I visited as a child?

Why didn't all the iron and heavier elements find their way to the center of the accretion disc in the early solar system?

The best in flight meal option for those suffering from reflux

Is fission/fusion to iron the most efficient way to convert mass to energy?

What are some of the expected properties of metallic glasses and some steps to create them? (semi-ELI5)

Tiffeneau–Demjanov rearrangement products

Are athlete's college degrees discounted by employers and graduate school admissions?

What is Gilligan's full name?

What do you call the action of "describing events as they happen" like sports anchors do?

A life of PhD: is it feasible?

Is it possible to have battery technology that can't be duplicated?

If absolute velocity does not exist, how can we say a rocket accelerates in empty space?

How to represent jealousy in a cute way?

David slept with Bathsheba because she was pure?? What does that mean?

Undocumented incompatibility between changes and siunitx?

How can religions without a hell discourage evil-doing?

Is tuition reimbursement a good idea if you have to stay with the job

How to deal with an excess of white-space in a CRM UI?

Why did the Death Eaters wait to reopen the Chamber of Secrets?

Can a non-diagonal 2x2 matrix with just one eigenvalue be diagonalizable?

Install Lets Encrypt on Chef Server

How to change chef nginx default http port 80?Chef server: error “ArgumentError” when adding /etc/chef-server/chef-server.rbChange Chef server settings - port, url, https?How to change chef nginx default http port 80?Disable ssl on Chef-server?How to install chef-server with management console and nginx reverse proxy?Binding Chef-server 12 to specific IP address: Connection refused connecting to https://127.0.0.1/users/, retry 1/5Can't start Chef-serverchange chef server install locationHow to import self-signed certificate generated by chef-manage?How to configure Nginx to serve https only

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I want to install a Letsencrypt certificate on my Chef server. I followed this guide:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
./letsencrypt-auto certonly --standalone --email your-email@email-service.com -d chefserver.DOMAIN.com

But this leads to Problem binding to port 80: Could not bind to IPv4 or IPv6., so I had to change the configuration that my server allows traffic on port 80. Thanks to this answer I created /etc/opscode/chef-server.rb:

nginx['non_ssl_port'] = 80
nginx['ssl_port'] = 443
nginx['enable_non_ssl'] = true
nginx['x_forwarded_proto'] = 'http'
nginx['url'] = 'http://chef.mydomain.com'

After running chef-server-ctl reconfigure I found out that /etc/opscode/chef-server-running.json has been changed.

But the server still redirects my http-traffic to https, so a Letsencrypt certificate still can't be generated.

How can I get a Letsencrypt certificate for my Chef Server?

nginx chef lets-encrypt

share|improve this question

edited Mar 14 at 15:05

Stephan Vierkant

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

add a comment | 

0

I want to install a Letsencrypt certificate on my Chef server. I followed this guide:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
./letsencrypt-auto certonly --standalone --email your-email@email-service.com -d chefserver.DOMAIN.com

But this leads to Problem binding to port 80: Could not bind to IPv4 or IPv6., so I had to change the configuration that my server allows traffic on port 80. Thanks to this answer I created /etc/opscode/chef-server.rb:

nginx['non_ssl_port'] = 80
nginx['ssl_port'] = 443
nginx['enable_non_ssl'] = true
nginx['x_forwarded_proto'] = 'http'
nginx['url'] = 'http://chef.mydomain.com'

After running chef-server-ctl reconfigure I found out that /etc/opscode/chef-server-running.json has been changed.

But the server still redirects my http-traffic to https, so a Letsencrypt certificate still can't be generated.

How can I get a Letsencrypt certificate for my Chef Server?

nginx chef lets-encrypt

share|improve this question

edited Mar 14 at 15:05

Stephan Vierkant

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

add a comment | 

I want to install a Letsencrypt certificate on my Chef server. I followed this guide:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
./letsencrypt-auto certonly --standalone --email your-email@email-service.com -d chefserver.DOMAIN.com

But this leads to Problem binding to port 80: Could not bind to IPv4 or IPv6., so I had to change the configuration that my server allows traffic on port 80. Thanks to this answer I created /etc/opscode/chef-server.rb:

nginx['non_ssl_port'] = 80
nginx['ssl_port'] = 443
nginx['enable_non_ssl'] = true
nginx['x_forwarded_proto'] = 'http'
nginx['url'] = 'http://chef.mydomain.com'

After running chef-server-ctl reconfigure I found out that /etc/opscode/chef-server-running.json has been changed.

But the server still redirects my http-traffic to https, so a Letsencrypt certificate still can't be generated.

How can I get a Letsencrypt certificate for my Chef Server?

nginx chef lets-encrypt

share|improve this question

edited Mar 14 at 15:05

Stephan Vierkant

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
./letsencrypt-auto certonly --standalone --email your-email@email-service.com -d chefserver.DOMAIN.com

nginx['non_ssl_port'] = 80
nginx['ssl_port'] = 443
nginx['enable_non_ssl'] = true
nginx['x_forwarded_proto'] = 'http'
nginx['url'] = 'http://chef.mydomain.com'

share|improve this question

edited Mar 14 at 15:05

Stephan Vierkant

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

share|improve this question

edited Mar 14 at 15:05

Stephan Vierkant

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

asked Mar 14 at 9:22

Stephan VierkantStephan Vierkant

4,49343269

1 Answer
1

active

oldest

votes

1

The --standalone flag you tried initially spawns certbot's own server on port 80. This failed because you had something else listening on port 80. If that is your chef server, one option is either disable it listening on port 80 (maybe stop the server temporarily) or move its non_ssl_port to some other port, i.e. 8000.

If it's not the chef server listening on port 80, you should investigate what it is (i.e., it could be an instance of nginx or apache server).

After you find out and release port 80, then your initial set of commands should work and produce the certificate.

share|improve this answer

answered Mar 24 at 23:58

taleodortaleodor

48049

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  I killed all chef related processes and restarted letsencrypt. A dirty workaround, but the best I could get.
  
  – Stephan Vierkant
  Mar 25 at 17:03
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55158862%2finstall-lets-encrypt-on-chef-server%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

The --standalone flag you tried initially spawns certbot's own server on port 80. This failed because you had something else listening on port 80. If that is your chef server, one option is either disable it listening on port 80 (maybe stop the server temporarily) or move its non_ssl_port to some other port, i.e. 8000.

If it's not the chef server listening on port 80, you should investigate what it is (i.e., it could be an instance of nginx or apache server).

After you find out and release port 80, then your initial set of commands should work and produce the certificate.

share|improve this answer

answered Mar 24 at 23:58

taleodortaleodor

48049

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  I killed all chef related processes and restarted letsencrypt. A dirty workaround, but the best I could get.
  
  – Stephan Vierkant
  Mar 25 at 17:03
  

  
  
  
  

add a comment | 

1

The --standalone flag you tried initially spawns certbot's own server on port 80. This failed because you had something else listening on port 80. If that is your chef server, one option is either disable it listening on port 80 (maybe stop the server temporarily) or move its non_ssl_port to some other port, i.e. 8000.

If it's not the chef server listening on port 80, you should investigate what it is (i.e., it could be an instance of nginx or apache server).

After you find out and release port 80, then your initial set of commands should work and produce the certificate.

share|improve this answer

answered Mar 24 at 23:58

taleodortaleodor

48049

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  I killed all chef related processes and restarted letsencrypt. A dirty workaround, but the best I could get.
  
  – Stephan Vierkant
  Mar 25 at 17:03
  

  
  
  
  

add a comment | 

The --standalone flag you tried initially spawns certbot's own server on port 80. This failed because you had something else listening on port 80. If that is your chef server, one option is either disable it listening on port 80 (maybe stop the server temporarily) or move its non_ssl_port to some other port, i.e. 8000.

If it's not the chef server listening on port 80, you should investigate what it is (i.e., it could be an instance of nginx or apache server).

After you find out and release port 80, then your initial set of commands should work and produce the certificate.

share|improve this answer

answered Mar 24 at 23:58

taleodortaleodor

48049

share|improve this answer

answered Mar 24 at 23:58

taleodortaleodor

48049

answered Mar 24 at 23:58

taleodortaleodor

48049

answered Mar 24 at 23:58

taleodortaleodor

48049