Nginx, OCSP stapling, booting, systemd and Debian 9

Sun, 10 Dec 2017 18:26:24 -0500

Noticed these lines in journalctl when nginx didn’t start after a reboot:

Dec 10 17:43:30 mail1 nginx[3485]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/etc/letsencrypt/live/www.example.com/fullchain.pem"
Dec 10 17:43:30 mail1 nginx[3485]: nginx: [emerg] bind() to [<IPv6 address>]:80 failed (99: Cannot assign requested address)
Dec 10 17:43:30 mail1 nginx[3485]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Unit entered failed state.
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 10 17:52:35 mail1 systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument

Hmmm…

Let's Encypt SSL Certificates with Exim, Dovecot & NGINX

Fri, 19 May 2017 14:32:24 -0500

I ran into two issues when setting up Let’s Encrypt SSL certificates on two of my servers - permission issues for Exim and the certbot cron job supplied by the package doesn’t handle the renew very well for nginx, exim or dovecot.

Resolving Exim’s Permission Problems

1. Create a new group. I named it sslcerts. Add the exim user to that group. If you’re not using Debian, adjust the user in the command below.

Ssl on The Gnu Pit

Nginx, OCSP stapling, booting, systemd and Debian 9

Let's Encypt SSL Certificates with Exim, Dovecot & NGINX

Resolving Exim’s Permission Problems