Nginx won't start after move to a new box

blinkingline · April 13, 2021, 9:37pm

Trying to move to a new box.
Ran the backup on the old box, copied the backup and secret key to the new box and restored, everything seemed to be OK, but after restoring and trying to run the setup, nginx wouldn’t start, throwing an error on the SSL certs.

I cleared the SSL directory, re-ran setup, but I still couldn’t get nginx to start.

When I tried to run the ssl_certificates.py script, this is what I am getting back, which is probably the root of the issue. Any thoughts?
box@box:~/mailinabox# sudo management/ssl_certificates.py
Traceback (most recent call last):
File “management/ssl_certificates.py”, line 686, in
provision_certificates_cmdline()
File “management/ssl_certificates.py”, line 398, in provision_certificates_cmdline
status = provision_certificates(env, limit_domains=domains)
File “management/ssl_certificates.py”, line 300, in provision_certificates
os.mkdir(account_path)
FileNotFoundError: [Errno 2] No such file or directory: ‘/home/user-data/ssl/lets_encrypt’
box@box:~/mailinabox#

openletter · April 13, 2021, 9:43pm

Is /home/user-data/ssl/lets_encrypt not on the server?

blinkingline · April 13, 2021, 9:45pm

It’s there, but empty.

openletter · April 13, 2021, 9:47pm

I have no idea what is causing this and I’ve never done a restore, so I can’t help much.

Are you able to log into the dashboard?

blinkingline · April 13, 2021, 9:48pm

Nginx isn’t running, which means no admin panel.

openletter · April 13, 2021, 10:00pm

In looking through the Moving to a New Box, it seems odd that the restore file would cause nginx not to start given that the install has basically already been performed. Am I missing something?

Is there anything in the logs?

alento · April 13, 2021, 10:35pm

@blinkingline Slack perhaps?

We’ll get this fixed right up.

alento · April 13, 2021, 10:39pm

I suspect that Nginx isn’t starting as the certificate file is not there.

@blinkingline can you confirm my theory by running nginx -t please?

blinkingline · April 13, 2021, 10:54pm

You’re right, it’s missing the OpenSSL file:
nginx: [emerg] PEM_read_bio_DHparams("/home/user-data/ssl/dh2048.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)

What provisions that?

Happy to jump on slack. let me log in there

openletter · April 13, 2021, 11:01pm

IIRC, it’s provisioned during the setup process, but you can just generate it on your own, however, I don’t know if the same thing that missed creating that missed something else.

blinkingline · April 14, 2021, 8:00pm

TLDR: Everything is up and working.

From what I can tell, the root of the problem was that in my haste to get the new box up and running, I had provisioned an SSL cert prior to doing the restoration of my backup. This created a situation where nginx was trying to find a .pem file that wasn’t on my box after the restore. (The file also didn’t exist on my old box, so I couldn’t pull it from there either.)

I eventually ended up just destroying the box and spinning up a new one, doing just enough setup of MIAB to get it running and access to the admin panel. Once that had completed I restored the backup, then deleted the contents of /home/user-data/ssl (leaving the directory intact!) and re-ran setup (sudo mailinabox) to re-provision the certificates.

After that finished, I shifted my glue records and secondary DNS entries to point to the new box. When things had mostly stabilized with DNS entries, I was able to then provision a new certificate (instead of the default self-signed one that generated at install) and things are all working properly.

Big thanks to @alento for the assist.

system · May 24, 2021, 8:01pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.