ssl error

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Post Reply
s7ntax
Posts: 6
Joined: Tue Aug 04, 2020 10:23 pm

ssl error

Post by s7ntax » Tue Aug 04, 2020 10:30 pm

I am getting this error after adding the tls-options line to this block

listen::tls-options specified without a value

Code: Select all

/* Standard IRC SSL/TLS port 6697 */
listen {
        ip *;
        port 6697;
        options { ssl; };
        tls-options {
                certificate "/etc/letsencrypt/live/irc.arpradio.com/fullchain.pem";
                key "/etc/letsencrypt/live/irc.arpradio.com/privkey.pem";
        };
};
The same error occurs when I use ssl-options. Also if i change options { ssl; }; to options { tls; }; it gives an error.

I used the information on this page as a reference https://www.unrealircd.org/docs/Using_L ... UnrealIRCd

westor
Posts: 20
Joined: Fri Feb 15, 2013 9:42 pm
Location: Greece
Contact:

Re: ssl error

Post by westor » Tue Aug 04, 2020 10:33 pm

What is your unrealircd version ?
IRC.ChatHUB.GR
I Would Like To Kiss You But I Cant Tell Me Why Not My BaBy ? ? ?

PeGaSuS
Posts: 60
Joined: Tue Jun 27, 2017 4:42 pm

Re: ssl error

Post by PeGaSuS » Wed Aug 05, 2020 6:47 pm

1. In UnrealIRCd 5.x the "ssl" word has been changed to "tls".
So, it is something like:

Code: Select all

listen {
        ip *;
        port 6697;
        options { tls; };
        tls-options {
                certificate "/etc/letsencrypt/live/irc.arpradio.com/fullchain.pem";
                key "/etc/letsencrypt/live/irc.arpradio.com/privkey.pem";
        };
};
2. Be sure that the user that runs the IRCd can read the files (usually they can't).
If that's the case, you have to options to grant the user that ability:
2.1)

Code: Select all

chmod -R 755 /etc/letsencrypt/
2.2)

Code: Select all

setfacl -mR u:USER:r /etc/letsencrypt/live/sub.domain.tld
Small explanation about the commands above: the former will allow ANY user to read the files under the /etc/letsencrypt/ directory, although they can't modify them.
The latter, allow ONLY the specified user to read the files under the /etc/letsencrypt/live/sub.domain.tld and disallow ant kind of editing.

Hope this helps.

Cheers
What goes around comes around!

s7ntax
Posts: 6
Joined: Tue Aug 04, 2020 10:23 pm

Re: ssl error

Post by s7ntax » Thu Aug 06, 2020 9:06 pm

Hi, I am running UnrealIRCd-4.0.1

I tried the first chmod and it still doesn't work, same error.

s7ntax
Posts: 6
Joined: Tue Aug 04, 2020 10:23 pm

Re: ssl error

Post by s7ntax » Fri Aug 07, 2020 10:24 pm

I will upgrade to 5 and see if this fixes the issue

katsklaw
Official supporter
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: ssl error

Post by katsklaw » Tue Aug 18, 2020 1:06 am

PeGaSuS wrote:
Wed Aug 05, 2020 6:47 pm
2.2)

Code: Select all

setfacl -mR u:USER:r /etc/letsencrypt/live/sub.domain.tld
Actually, that would be u:user:rx since you are affecting a directory. The x or exec flag works differently on directories than on files. x on a directory allows the user to "stat" or get the contents of the directory; which is required to be able to read from the directory. Then u:user:r on only the .pem files in question would be the most secure.

Code: Select all

setfacl -m u:USER:rx /etc/letsencrypt/live/sub.domain.tld
setfacl -m u:USER:r /etc/letsencrypt/live/sub.domain.tld/fullchain.pem
setfacl -m u:USER:r /etc/letsencrypt/live/sub.domain.tld/privkey.pem

Post Reply