Let's Encrypt setup problem "No site named..." error

Hello all,

I am recently making wonderful progress with ERPNext as I’ve managed to move away from Apache, get Nginx working and have added a domain for my site as all I had was site1.local. The site is now accessible from my domain but I don’t have SSL setup yet.

I am familiar with and have used, LetsEncrypt in the past so I was hoping to use:

sudo bench setup lets-encrypt [site-name]

But I get the following error:

No site named mydomain.com

I’m guessing/thinking maybe I need to run the command with site1.local instead of my domain but…isn’t that going to cause a problem with LetsEncrypt…? Or will the domain get sent to them instead of site1.local?

I was about to experiment but then remembered spending a day fixing a messed up SSL certificate with LetsEncrypt (thanks to amazing real time volunteer support they provided) and would like to avoid that again if possible.

Edit/Addition:
Ok, as I search I’ve realized there is some additional information that should be included here.

  1. I setup an additional domain using:

    bench setup add-domain mydomain.com --site [site]
    bench config dns_multitenant on
    bench setup nginx
    sudo service nginx restart

which didn’t work initially because the Nginx config was not simlinked to sites-enabled. After adding the simlink everything works.

  1. I see that maybe changing the site1.local directory to mydomain.com and then also changing site1.local in currentsite.txt (found in the sites directory) to mydomain.com will then enable me (hopefully) to run:
    sudo bench setup lets-encrypt [site-name]
    but I also see that the nginx.conf in /frappe-bench/config maps mydomain.com to site1.local.

So, I’m guessing (doing a lot of that :slight_smile: ) that I will need to also edit the nginx.conf file or will the mapping simply be ignored…as there are also multiple listings in there for server_name?

Jason

1 Like

Install certbot SSL Certificate:

sudo apt-get install certbot
sudo systemctl stop nginx
sudo certbot --standalone --agree-tos --domain mydomain.com -n -m dev@mydomain.com certonly
sudo systemctl start nginx

Add the following lines to your frappe-bench/sites/mydomain.com/site_config.json:

 "domains": [
  {
   "domain": "mydomain.com",
   "ssl_certificate": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",
   "ssl_certificate_key": "/etc/letsencrypt/live/mydomain.com/privkey.pem"
  }
 ]

Regenerate the NGINX configuration and reload nginx:

bench setup nginx --yes
sudo service nginx start
sudo service nginx reload
1 Like

Mubeen,

Thanks but I’m afraid I’m stuck back at renaming my site. I tried renaming the site, as recommended elsewhere here on the forums, as follows:

  1. Changed the name of the sites directory from site1.local to mydomain.com

  2. Changed the current site listed in currentsite.txt to www.mydomain.com

  3. Restarted Nginx and tried to access my instance of ERPNext but got the error site1.local does not exist. I’m guessing this is because I did not modify the nginx.conf file…?

So, I’ve returned everything to it’s previous state (site1.local) and am again able to access ERPNext.

Note - I ran the

sudo bench setup lets-encrypt my domain.com

and it shut down Nginx and did some work but did not obtain certificates. I have the directory /etc/letsencrypt but it only contains a “configs” directory with a cfg file titled mydomain.com and a cli.ini file. There are no .pem files.

My question is, I guess, at this point, how to do I change the site name to reflect my domain so I can then run a LetsEncrypt script?

Thanks for your support

Jason

  1. Site name and domain doesn’t have to be same.

  2. bench setup lets-encrypt is out dated, even if you hadn’t changed your site name it won’t issue certificate.

I’m not sure how to change the site name, but after changing it you can use the above method.

Mubeen,

Thanks again for your help. I returned everything to its original state (site1.local etc.) and went through the process of installing SSL certificates as specified on the LetsEncrypt site. It all worked (almost all) and I’m up and running now with SSL on ERPNext at my domain. I have an issue with a different web app (Moodle) but that is outside of the scope of these forums.

Thanks again for your help.

Jason

There is a newer and easier way to get the Lets Encrypt SSL certificates done without all of the renaming headaches. I spelled it out HERE in one of my tutorial posts about how to get up and running quickly. The process uses a package called “snapd” and it really simplifies everything. I recommend it for all newbies and experienced users as well.

Here is the relevant portion of the instructions for doing this. It assumes that ERPNExt is already up and running using python3. Just follow along and you will never have to rename anything:

  • Now login to the server using your favorite ssh client as the [USER] you used to install ERPNext above and then perform the following commands
    cd frappe-bench
    bench config dns_multitenant on
    bench setup add-domain --site site1.local [your.new.URL]
    bench setup nginx (answer Y to the question about replacing the config file)
    sudo service nginx restart
    cd ~

  • Now it is time to work on the SSL certificate. First we need to make sure that ‘certbot’ is not already installed, so we will attempt to remove it just in case
    sudo apt-get remove certbot

  • Now we are going to install the package bundle provider and make sure it is all up-to-date with the latest release of ‘snapd’ and let it handle the certbot for us
    sudo apt install snapd
    sudo snap install core
    sudo snap refresh core

  • Now we use ‘snap’ service to automatically install and configure certbot to work perfectly with your new ERPNext server
    sudo snap install --classic certbot
    sudo ln -s /snap/bin/certbot /usr/bin/certbot

  • Now we can safely use the pre-configured certbot to install your SSL certificate
    sudo certbot --nginx
    (The system will pause at some point and ask you to select the site name you wish to install the certificate from a list of names it found. Be sure to select the URL you used and not ‘site1.local’ at this point)

    Once this is done, you can close your ssh client, open a browser and type the URL of your server into the address bar and it should take you to the secured version of your ERPNext server.

    One final note here. This method specifically does NOT rename bench or the site directories in order to provide flexibility later in the event you need to have multiple URL’s pointing to the same instance of ERPNext or if you need to change your URL for some reason in the future. Using the bench setup add-domain command makes this much simpler. The SSL certificate instructions I provided above are tailored to support this configuration.

Hope this helps… :sunglasses:

BKM

1 Like

@bkm
I did exactly the same. The process was successful. But I could not still access the site via https.

My case is as below.

I have multitenancy dns enabled. Single instance with 3 sites with names as following.

erp1.zyx.com

erp2.zyx.com

erp.abc.com

added domains as below

bench setup add-domain erp1.zyx.com --site erp1.zyx.com
bench setup add-domain erp2.zyx.com --site erp2.zyx.com
bench setup add-domain erp.abc.com  --site erp.abc.com

I could access all three sites with http but not https.

Is it because of this?

I would appreciate if you could help me guide what am I missing or what is it I am doing wrong.

@Touseef
To make sure we are clear about what is going on here I will restate the purpose of DNS Multi-tenant settings. This is used to add additional independent ERPNext sites to a single VPS server. Hosting multiple instances of ERPNext from a single server is one of the strong points of the package.

Okay. The rest would take some reading of the bench command syntax (and I suggest you do that at your earliest opportunity).

The command:

bench setup add-domain

This command is used to add domain names to already existing sites. For example, if you had “erp1.zyx.com” as a valid site, then the following example is how you would add additional URL’s to the site:

bench setup add-domain --site erp1.zyx.com erp.abc.com

This would allow you to have 2 URL’s pointing to the same ERPNext site. So if you typed either erp1.zyx.com or erp.abc.com into a browser they would both take you to the exact same site.

That is an example of how to use: bench setup add-domain

The example I posted in the above referenced thread was an example of how to add a URL to the default site that the easy install script creates. When you turn on the dns multitenant, you need to be able to assign a URL to the default site. All other additional tenant sites require more work.

On the other hand…

If you want to add sites to an ERPNext multi-tenant server the command is different.

To do this, you would use the following commands: (using your example URL)
(assuming the dns multitenant is already turned on)

bench new-site erp2.zyx.com
bench setup nginx
sudo service nginx reload
bench --site erp2.zyx.com install-app erpnext

The above adds the site to the multi-tenant server. Then you can use the “snapd” client to install your TLS (SSL) certificates for the additional sites.

It may be helpful to do a search on the forum here for the tutorial or “how to” post regarding exactly how to setup DNS Multi-tenant sites. There are a few of them posted here.

Hope that explains it…

BKM :sunglasses:

1 Like

Thank you for clarifying things. I did everything right. SSL was setup correctly. But I couldn’t access via https. I figured the issue was bench setup nginx. After setting up SSL if I run bench setup nginx this was wiping off the SSL configurations and so was unable to access https. So I reinstalled the SSL and this time did not run bench setup nginx.

Now all 3 website are accessible via https.

And I thank you once again for posting such a detailed explanation. Would definitely help someone for sure.