lemmyBB icon indicating copy to clipboard operation
lemmyBB copied to clipboard
verified publisher icon LemmyNet

[Question]: Is the SSL Cert for the BB Subdomain made automatically?

Open nixoye opened this issue 3 years ago • 9 comments

I'm getting this error mentioning the Lets Encrypt cert for the subdomain ill be using for LemmyBB

{"changed": true, "cmd": "nginx -s reload", "delta": "0:00:00.020479", "end": "2022-12-26 21:55:33.321149", "msg": "non-zero return code", "rc": 1, "start": "2022-12-26 21:55:33.300670", "stderr": "nginx: [emerg] cannot load certificate \"/etc/letsencrypt/live/mybbsubdomain/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file

nixoye avatar Dec 26 '22 22:12 nixoye

The manual installation does not create a certificate, you have to use certbot or acme.sh.

That is why the instructions say

and edit it to fit your setup

because it is also possible that you have a wildcard certificate

Tealk avatar Dec 27 '22 07:12 Tealk

I used the ansible installation.

How should i go about creating the cert for the bb subdomain?

nixoye avatar Dec 27 '22 15:12 nixoye

Looks like the certbot commands are missing from the section "Install alongside existing Lemmy instance (native)". You can add that to your pull request by copying from the section above.

Nutomic avatar Dec 27 '22 15:12 Nutomic

@Nutomic would these be the correct commands to add to my pull request?

Install nginx config and set correct domains. Note that this config by default doesn't allow direct access to the API nor pictrs. This makes it harder for spam bots, but also means that Lemmy clients cant be used. The nginx config includes instructions for putting lemmy-ui behind HTTP Auth, so that only admins can access it.

wget https://raw.githubusercontent.com/LemmyNet/lemmyBB/main/docker/nginx.conf -O /etc/nginx/sites-enabled/lemmybb.conf

Request tls certificates (use your actual domains and email)

certbot certonly --nginx -d lemmybb.com -m [email protected]

replacel lemmybb_domain with your domain by replacing lemmybb.com with your domain in this command

sed -i -e 's/$lemmybb_domain/lemmybb.com/g' /etc/nginx/sites-enabled/lemmybb.conf

reload nginx

nginx -s reload

open your daily cronjob

sudo crontab -e

and add these lines to automatically renew tls certificates

@daily certbot certonly --nginx -d lemmybb.com --deploy-hook 'nginx -s reload'

I'm confused by the nginx config part, I don't understand what it means that Lemmy clients cant be used. Does this mean I won't be able to use the Lemmy apps or?

nixoye avatar Dec 27 '22 15:12 nixoye

@Tealk can you take a look at these updated instructions? I tried them but they're not helping (I'm trying to fix the install lemmybb alongside existing lemmy instance instructions)

nixoye avatar Dec 30 '22 16:12 nixoye

think that this is not so easy, but I do not know much about the certbot nginx could run into errors because of the ssl certificate

Tealk avatar Dec 30 '22 22:12 Tealk

Are there any instructions on deleting lemmybb? I cant get it to work and my instance has been down since i began trying

nixoye avatar Dec 31 '22 13:12 nixoye

lemmybb does not affect the lemmy instance

Tealk avatar Dec 31 '22 17:12 Tealk

If you want to enable the api and allow client usage, you need to uncomment these lines.

The instructions you put look good, but maybe it would be clearer to use something like your-domain.com instead of lemmybb.com.

For uninstalling you basically need to stop Lemmy and delete all the files you created previously.

Nutomic avatar Jan 02 '23 13:01 Nutomic