Nginx won't start after move to a new box

Trying to move to a new box.
Ran the backup on the old box, copied the backup and secret key to the new box and restored, everything seemed to be OK, but after restoring and trying to run the setup, nginx wouldn’t start, throwing an error on the SSL certs.

I cleared the SSL directory, re-ran setup, but I still couldn’t get nginx to start.

When I tried to run the ssl_certificates.py script, this is what I am getting back, which is probably the root of the issue. Any thoughts?
box@box:~/mailinabox# sudo management/ssl_certificates.py
Traceback (most recent call last):
File “management/ssl_certificates.py”, line 686, in
provision_certificates_cmdline()
File “management/ssl_certificates.py”, line 398, in provision_certificates_cmdline
status = provision_certificates(env, limit_domains=domains)
File “management/ssl_certificates.py”, line 300, in provision_certificates
os.mkdir(account_path)
FileNotFoundError: [Errno 2] No such file or directory: ‘/home/user-data/ssl/lets_encrypt’
box@box:~/mailinabox#

Is /home/user-data/ssl/lets_encrypt not on the server?

It’s there, but empty.

I have no idea what is causing this and I’ve never done a restore, so I can’t help much.

Are you able to log into the dashboard?

Nginx isn’t running, which means no admin panel.

In looking through the Moving to a New Box, it seems odd that the restore file would cause nginx not to start given that the install has basically already been performed. Am I missing something?

Is there anything in the logs?

@blinkingline Slack perhaps?

We’ll get this fixed right up.

1 Like

I suspect that Nginx isn’t starting as the certificate file is not there.

@blinkingline can you confirm my theory by running nginx -t please?

You’re right, it’s missing the OpenSSL file:
nginx: [emerg] PEM_read_bio_DHparams("/home/user-data/ssl/dh2048.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)

What provisions that?

Happy to jump on slack. let me log in there

IIRC, it’s provisioned during the setup process, but you can just generate it on your own, however, I don’t know if the same thing that missed creating that missed something else.

TLDR: Everything is up and working.

From what I can tell, the root of the problem was that in my haste to get the new box up and running, I had provisioned an SSL cert prior to doing the restoration of my backup. This created a situation where nginx was trying to find a .pem file that wasn’t on my box after the restore. (The file also didn’t exist on my old box, so I couldn’t pull it from there either.)

I eventually ended up just destroying the box and spinning up a new one, doing just enough setup of MIAB to get it running and access to the admin panel. Once that had completed I restored the backup, then deleted the contents of /home/user-data/ssl (leaving the directory intact!) and re-ran setup (sudo mailinabox) to re-provision the certificates.

After that finished, I shifted my glue records and secondary DNS entries to point to the new box. When things had mostly stabilized with DNS entries, I was able to then provision a new certificate (instead of the default self-signed one that generated at install) and things are all working properly.

Big thanks to @alento for the assist.

2 Likes