Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
$ sudo systemctl stop nginx
$ /opt/certbot-auto --config /etc/letsencrypt/configs/erp.local.cfg certonly
Skipping bootstrap because certbot-auto is deprecated on this system.
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives.
nginx.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
journalctl gives me this…
-- Unit nginx.service has begun starting up.
Apr 23 16:16:47 ubuntu nginx: nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/site1.local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:f
Apr 23 16:16:47 ubuntu nginx: nginx: configuration file /etc/nginx/nginx.conf test failed
Apr 23 16:16:47 ubuntu systemd: nginx.service: Control process exited, code=exited status=1
Apr 23 16:16:47 ubuntu systemd: nginx.service: Failed with result 'exit-code'.
Apr 23 16:16:47 ubuntu systemd: Failed to start A high performance web server and a reverse proxy server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- Unit nginx.service has failed.
Some additional info…
Ubuntu 18.04.4 LTS Virtual Machine
Using a local domain, and will not be used outside of organization.
I have no issues with Nginx when reverting back to Port based multitenancy only DNS based multitenancy
My nginx.conf file was goofed up. I noticed that it was not happy with the added domain after I ran bench setup nginx.
So I removed it… bench setup remove-domain --site site1.local erp.local & re-ran bench setup nginx and nginx was happy again.
I installed cerbot manually and ran sudo certbot --nginx as you suggested but it is not happy that I am using a local domain name. Not sure if I still need lets-encrypt if I am only using this on a local network.
However, at this point I do get redirected to https now but I am getting the “Sorry! We Will be back soon.” landing page.
Maybe I am misunderstanding if I need let’s encrypt or not.
Currently ERPNext is setup and can be accessed via http://192.168.1.100/, or http://erpnext/. The site name uses the default (site1.local). This instance will only be accessed on the local network, not from the internet.
I am trying to enable https and I thought lets-encrypt is needed but I am not sure if it is or not. Since this is running on a VM I reverted it back to an eariler snapshot and tried again. This time I tried the following…
For letsencrypt to work, the domain must be resolvable to a public ip over the internet. In your case, i dont think it will work since it is hosted on a local machine and is not accessible over internet.
Generate a self-signed certificate and assign it to the nginx conf of the site.
You will have to do these manually and I don’t know if there is any documentation in ERPnext for self-signed certificate.
Youtube will have many videos on how to generate a self-signed certificate and assign it in nginx conf.
You will add you have to add this certificate to whitelist in the browser where you want to access the site, as most browsers throw exceptional warning when using self-signed certificate.
I compared the nginx.conf files and found that the $host was used when mutlitenant was on. I believe this was causing things to get routed incorrectly and caused my 504 error.
I am not sure what the correct way to do this is but for now, I manually edited the ~/frappe-bench/config/nginx.conf file by replacing all instances of $host with site1.local except for the one used in the http redirect section.