Page 1 of 1
ssl error
Posted: Tue Aug 04, 2020 10:30 pm
by s7ntax
I am getting this error after adding the tls-options line to this block
listen::tls-options specified without a value
Code: Select all
/* Standard IRC SSL/TLS port 6697 */
listen {
ip *;
port 6697;
options { ssl; };
tls-options {
certificate "/etc/letsencrypt/live/irc.arpradio.com/fullchain.pem";
key "/etc/letsencrypt/live/irc.arpradio.com/privkey.pem";
};
};
The same error occurs when I use ssl-options. Also if i change options { ssl; }; to options { tls; }; it gives an error.
I used the information on this page as a reference
https://www.unrealircd.org/docs/Using_L ... UnrealIRCd
Re: ssl error
Posted: Tue Aug 04, 2020 10:33 pm
by westor
What is your unrealircd version ?
Re: ssl error
Posted: Wed Aug 05, 2020 6:47 pm
by PeGaSuS
1. In UnrealIRCd 5.x the "ssl" word has been changed to "tls".
So, it is something like:
Code: Select all
listen {
ip *;
port 6697;
options { tls; };
tls-options {
certificate "/etc/letsencrypt/live/irc.arpradio.com/fullchain.pem";
key "/etc/letsencrypt/live/irc.arpradio.com/privkey.pem";
};
};
2. Be sure that the user that runs the IRCd can read the files (usually they can't).
If that's the case, you have to options to grant the user that ability:
2.1)
2.2)
Code: Select all
setfacl -mR u:USER:r /etc/letsencrypt/live/sub.domain.tld
Small explanation about the commands above: the former will allow
ANY user to read the files under the
/etc/letsencrypt/ directory, although they can't modify them.
The latter, allow
ONLY the specified user to read the files under the
/etc/letsencrypt/live/sub.domain.tld and disallow ant kind of editing.
Hope this helps.
Cheers
Re: ssl error
Posted: Thu Aug 06, 2020 9:06 pm
by s7ntax
Hi, I am running UnrealIRCd-4.0.1
I tried the first chmod and it still doesn't work, same error.
Re: ssl error
Posted: Fri Aug 07, 2020 10:24 pm
by s7ntax
I will upgrade to 5 and see if this fixes the issue
Re: ssl error
Posted: Tue Aug 18, 2020 1:06 am
by katsklaw
PeGaSuS wrote: ↑Wed Aug 05, 2020 6:47 pm
2.2)
Code: Select all
setfacl -mR u:USER:r /etc/letsencrypt/live/sub.domain.tld
Actually, that would be
u:user:rx since you are affecting a directory. The x or exec flag works differently on directories than on files. x on a directory allows the user to "stat" or get the contents of the directory; which is required to be able to read from the directory. Then
u:user:r on only the .pem files in question would be the most secure.
Code: Select all
setfacl -m u:USER:rx /etc/letsencrypt/live/sub.domain.tld
setfacl -m u:USER:r /etc/letsencrypt/live/sub.domain.tld/fullchain.pem
setfacl -m u:USER:r /etc/letsencrypt/live/sub.domain.tld/privkey.pem