ssl error

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Locked
s7ntax
Posts: 6
Joined: Tue Aug 04, 2020 10:23 pm

ssl error

Post by s7ntax »

I am getting this error after adding the tls-options line to this block

listen::tls-options specified without a value

Code: Select all

/* Standard IRC SSL/TLS port 6697 */
listen {
        ip *;
        port 6697;
        options { ssl; };
        tls-options {
                certificate "/etc/letsencrypt/live/irc.arpradio.com/fullchain.pem";
                key "/etc/letsencrypt/live/irc.arpradio.com/privkey.pem";
        };
};
The same error occurs when I use ssl-options. Also if i change options { ssl; }; to options { tls; }; it gives an error.

I used the information on this page as a reference https://www.unrealircd.org/docs/Using_L ... UnrealIRCd
westor
Posts: 20
Joined: Fri Feb 15, 2013 9:42 pm
Location: Greece
Contact:

Re: ssl error

Post by westor »

What is your unrealircd version ?
IRC.ChatHUB.ORG
I Would Like To Kiss You But I Cant Tell Me Why Not My BaBy ? ? ?
PeGaSuS
Posts: 74
Joined: Tue Jun 27, 2017 4:42 pm

Re: ssl error

Post by PeGaSuS »

1. In UnrealIRCd 5.x the "ssl" word has been changed to "tls".
So, it is something like:

Code: Select all

listen {
        ip *;
        port 6697;
        options { tls; };
        tls-options {
                certificate "/etc/letsencrypt/live/irc.arpradio.com/fullchain.pem";
                key "/etc/letsencrypt/live/irc.arpradio.com/privkey.pem";
        };
};
2. Be sure that the user that runs the IRCd can read the files (usually they can't).
If that's the case, you have to options to grant the user that ability:
2.1)

Code: Select all

chmod -R 755 /etc/letsencrypt/
2.2)

Code: Select all

setfacl -mR u:USER:r /etc/letsencrypt/live/sub.domain.tld
Small explanation about the commands above: the former will allow ANY user to read the files under the /etc/letsencrypt/ directory, although they can't modify them.
The latter, allow ONLY the specified user to read the files under the /etc/letsencrypt/live/sub.domain.tld and disallow ant kind of editing.

Hope this helps.

Cheers
What goes around comes around!
s7ntax
Posts: 6
Joined: Tue Aug 04, 2020 10:23 pm

Re: ssl error

Post by s7ntax »

Hi, I am running UnrealIRCd-4.0.1

I tried the first chmod and it still doesn't work, same error.
s7ntax
Posts: 6
Joined: Tue Aug 04, 2020 10:23 pm

Re: ssl error

Post by s7ntax »

I will upgrade to 5 and see if this fixes the issue
katsklaw
Official supporter
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: ssl error

Post by katsklaw »

PeGaSuS wrote: Wed Aug 05, 2020 6:47 pm 2.2)

Code: Select all

setfacl -mR u:USER:r /etc/letsencrypt/live/sub.domain.tld
Actually, that would be u:user:rx since you are affecting a directory. The x or exec flag works differently on directories than on files. x on a directory allows the user to "stat" or get the contents of the directory; which is required to be able to read from the directory. Then u:user:r on only the .pem files in question would be the most secure.

Code: Select all

setfacl -m u:USER:rx /etc/letsencrypt/live/sub.domain.tld
setfacl -m u:USER:r /etc/letsencrypt/live/sub.domain.tld/fullchain.pem
setfacl -m u:USER:r /etc/letsencrypt/live/sub.domain.tld/privkey.pem
Locked