5
edits
Difference between revisions of "Poddery - Diaspora, Matrix and XMPP"
Poddery - Diaspora, Matrix and XMPP (view source)
Revision as of 16:58, 7 March 2016
, 16:58, 7 March 2016no edit summary
| Line 35: | Line 35: | ||
[[Category:Services]] | [[Category:Services]] | ||
== Maintenance history == | |||
* Prosody error - Failed to load private key | |||
certmanager error SSL/TLS: Failed to load '/etc/letsencrypt/live/poddery.com/privkey.pem': Previous error (see logs), or other system error. (for poddery.com) | |||
tls error Unable to initialize TLS: error loading private key (system lib) | |||
certmanager error SSL/TLS: Failed to load '/etc/letsencrypt/live/poddery.com/privkey.pem': Check that the permissions allow Prosody to read this file. | |||
This error is usually when ssl certificate in freshly installed or renewed. Prosody user is unable to access the key file due to lack of privileges. | |||
Note that Poddery uses Letsencrypt for ssl. | |||
Fix: | |||
* Make sure that prosody user is in 'certs' group (this group may also be called ssl-certs as setup by Letencrypt) | |||
* /etc/letsencrypt/ is the ssl directory. | |||
* Prosody user should have permissions to all folders importantly archive and live folders in /etc/letsencrypt. Permissions to each folder must be 750. | |||
* Troubleshoot by checking if you can switch to each folder in /etc/letsencrypt as prosody user and cat the files. | |||