SSL Configuration for HTTPS

jai_kejriwal · October 1, 2015, 10:38am

I am trying to install an SSL certificate by following the instructions at: https://kb.frappe.io/kb/deployment/configuring-https.

When I try to execute either of the bench set-ssl-certificate or bench set-ssl-key commands I get an error.

Traces are below. Your help would be appreciated.

Here is trace of the set-ssl-certificate error:

root@erpnext5:/etc/nginx/ssl# bench set-ssl-certificate site1.local /etc/nginx/ssl/certificate_bundle.crt
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 9, in
load_entry_point(‘bench==0.92’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/bench-repo/bench/cli.py”, line 60, in cli
bench()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 700, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 680, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1027, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 873, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 508, in invoke
return callback(*args, **kwargs)
File “/home/frappe/bench-repo/bench/cli.py”, line 362, in _set_ssl_certificate
set_ssl_certificate(site, ssl_certificate_path)
File “/home/frappe/bench-repo/bench/utils.py”, line 326, in set_ssl_certificate
set_site_config_nginx_property(site, {“ssl_certificate”: ssl_certificate}, bench=bench, gen_config=gen_config)
File “/home/frappe/bench-repo/bench/utils.py”, line 337, in set_site_config_nginx_property
generate_nginx_config(bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 69, in generate_nginx_config
sites = get_sites_with_config(bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 56, in get_sites_with_config
site_config = get_site_config(site, bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 50, in get_site_config
return json.load(f)
File “/usr/lib/python2.7/json/init.py”, line 278, in load
**kw)
File “/usr/lib/python2.7/json/init.py”, line 326, in loads
return _default_decoder.decode(s)
File “/usr/lib/python2.7/json/decoder.py”, line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File “/usr/lib/python2.7/json/decoder.py”, line 381, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting property name: line 4 column 1 (char 66)

Here is the set-ssl-key error:

root@erpnext5:/etc/nginx/ssl# bench set-ssl-key site1.local /etc/nginx/ssl/server.key
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 9, in
load_entry_point(‘bench==0.92’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/bench-repo/bench/cli.py”, line 60, in cli
bench()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 700, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 680, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1027, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 873, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 508, in invoke
return callback(*args, **kwargs)
File “/home/frappe/bench-repo/bench/cli.py”, line 369, in _set_ssl_certificate_key
set_ssl_certificate_key(site, ssl_certificate_key_path)
File “/home/frappe/bench-repo/bench/utils.py”, line 329, in set_ssl_certificate_key
set_site_config_nginx_property(site, {“ssl_certificate_key”: ssl_certificate_key}, bench=bench, gen_config=gen_config)
File “/home/frappe/bench-repo/bench/utils.py”, line 337, in set_site_config_nginx_property
generate_nginx_config(bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 69, in generate_nginx_config
sites = get_sites_with_config(bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 56, in get_sites_with_config
site_config = get_site_config(site, bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 50, in get_site_config
return json.load(f)
File “/usr/lib/python2.7/json/init.py”, line 278, in load
**kw)
File “/usr/lib/python2.7/json/init.py”, line 326, in loads
return _default_decoder.decode(s)
File “/usr/lib/python2.7/json/decoder.py”, line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File “/usr/lib/python2.7/json/decoder.py”, line 381, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting property name: line 4 column 1 (char 66)

rmehta · October 3, 2015, 6:16am

@jai_kejriwal there seems to be a problem with your sites/site_config.json file. Maybe you forgot a comma ?

jai_kejriwal · October 5, 2015, 9:56am

@rmehta, I checked the site_config.json and there are no commas missing. The two keys have been added with values. Here is the output of the config file I have changed the values of some of the keys for dropbox and db access.

{
“ssl_certificate”: “/etc/nginx/ssl/certificate_bundle.crt”,
“ssl_certificate_key”: “/etc/nginx/ssl/server.key”,
“db_password”: “-------------------”,
“db_name”: “--------------”,
“host_name”: “http://erp2.rawjute.in”,
“dropbox_access_key”: “—zcc-----td----nax”,
“dropbox_secret_key”: “–walksd–2342-sdf”
}

When I do bench setup nginx, it gives the following error:

root@erpnext5:~# bench setup nginx
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 9, in
load_entry_point(‘bench==0.92’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/bench-repo/bench/cli.py”, line 60, in cli
bench()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 700, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 680, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1027, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1027, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 873, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 508, in invoke
return callback(*args, **kwargs)
File “/home/frappe/bench-repo/bench/cli.py”, line 435, in setup_nginx
generate_nginx_config()
File “/home/frappe/bench-repo/bench/config.py”, line 69, in generate_nginx_config
sites = get_sites_with_config(bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 56, in get_sites_with_config
site_config = get_site_config(site, bench=bench)
File “/home/frappe/bench-repo/bench/config.py”, line 50, in get_site_config
return json.load(f)
File “/usr/lib/python2.7/json/init.py”, line 278, in load
**kw)
File “/usr/lib/python2.7/json/init.py”, line 326, in loads
return _default_decoder.decode(s)
File “/usr/lib/python2.7/json/decoder.py”, line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File “/usr/lib/python2.7/json/decoder.py”, line 381, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting property name: line 4 column 1 (char 66)

nabinhait · October 5, 2015, 5:17pm

Do you have quote or comma in your db_name or db_pwd?

jai_kejriwal · October 13, 2015, 7:15am

@nabinhait there is no comma in either the db password or db name.

rmehta · October 13, 2015, 4:15pm

@jai_kejriwal Can you check this syntax in sites/common_site_config.json ?

Try validating your site_config file here: http://jsonlint.com/

jai_kejriwal · October 14, 2015, 4:37am

I have modified the passswords but the json is valid. Please see screenshot below.

rmehta · October 15, 2015, 5:17am

@jai_kejriwal you may have another site that could be causing this error

william · November 24, 2015, 4:03pm

Did you resolve this? @jai_kejriwal
Maybe the path of your certificate.crt and private_key.key is the incorrect one, happened to me. Message me so I can help you if you haven’t resolved this.

luckyconnections · July 25, 2018, 12:28pm

HEY Guys …

i have gone through 100 threads and follow each possible way to configure SSL that I bought from Commodo~
Wildcard one so I can run on multi domains … But unfortunately NO Success!

Could someone tell me what am I doing wrong …

May be anyone from Frappe Team …

Here is my site config json :
{
“ssl_certificate”: “/etc/nginx/conf.d/ssl/sundine_cert.pem”,
“limits”: {
“space_usage”: {
“database_size”: 85.8,
“files_size”: 14.0,
“total”: 140.8,
“backup_size”: 41.0
}
},
“ssl_certificate_key”: “/etc/nginx/conf.d/ssl/sundine_key.pem”,
“db_password”: “2vfb0pBEwWOvjaJH”,
“hostname”: “http://erp.sundinepro.com:3500”,
“encryption_key”: “eBJ5uWbwH46I8-OJaVNqT4-EqX1pO0xahHrnENGr7G0=”,
“db_name”: “2bd3e0294da19198”,
“host_name”: “https://erp.sundinepro.com:3500”,
“developer_mode”: 1
}

luckyconnections · July 25, 2018, 12:31pm

Hello Mehta Sir …

Please provide implemented guide SSL so we can save our Time on these Little Tasks!

My clients do not wish to install Lets Encrypt SSL… the Free One!

Any minute given will be appreciated!

clarkej · July 25, 2018, 2:20pm

Welcome to ERPNext Lucky!

Your logs should give clues and pointers to what is happening and not?

Indeed jsonlint caught a mysterious quote encode issue with your config file

Maybe to do with this JSON Parse Error: Expecting 'STRING' - Stack Overflow

Please followup and give us the scoop ok?

Also please not so harsh rmehta did point out jsonlint earlier to troubleshoot and we do owe him our eternal thanks for his kind vision and persistence with ERPNext.

And surely we are all responsible for contributing to the Documentation

have fun

josmediaz21 · July 25, 2018, 2:25pm

Lucky I think u must have DNS based multitenancy. Not port based.

josmediaz21 · July 25, 2018, 2:34pm

Recently I had to Install SSL certificate and I had to make the change from port based Multitenancy to DNS based multitenancy. Y had to rename the site, and all that comes with it.

luckyconnections · July 26, 2018, 5:34am

Hey Clark~

Thanks for quick follow up on SSL issue that I have been facing for quite a few weeks & still fighting to solve!

I will go through Logs and link that you shared~

Hopefully soon will cover up~

Will surely update once issue will be solved!

luckyconnections · July 26, 2018, 6:01am

Hey there~

Thanks for follow up!

Yes, DNS multi-tenancy is on and I have added domain in /etc/hosts file …

No Luck yet~

luckyconnections · July 26, 2018, 6:15am

Hello Mehta Sir,

We all thanking you and whole Frappe Team for providing such an Amazing product for Enterprises/Small Businesses around Globe~

And giving us your precious Time from your busy schedule to support Global community ~

Regards from our Team~

luckyconnections · July 26, 2018, 6:29am

Hey Clark,

I forgot to mention about JSON validation that Mr Mehta pointed in earlier post ///

I have gone though that as well…

it was Valid ~

…