Prosody errors: connections / binding encrypted port


(Benjamin Hartwich) #1

Hi,

I´ve installed prosody along the wiki recommendation, but I get two errors on startup:

Apr 02 09:57:03 portmanager error Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281
Apr 02 09:57:03 portmanager error Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

Also I noticed at the diaspora prosody.log that connection seems not to be present:
Apr 02 11:12:08 portmanager error Failed to open server port 5269 on ::, check that Prosody or another XMPP server is not already running and using this port
Apr 02 11:12:08 portmanager error Failed to open server port 5269 on *, check that Prosody or another XMPP server is not already running and using this port

But I can see the chat module at diaspora. How can I debug further?

Regards,


(Benjamin Hartwich) #2

I could solve these errors by my own. It seems that the installation wiki of prosody has a few missing lines, which have to be added to the prosody.cfg.lua.

consider_bosh_secure = true
bosh_ports = {
                 {
                    port = 5280;
                    path = "http-bind";
                 },
                 {
                    port = 5281;
                    path = "http-bind";
                    ssl = {
    				certificate = "/etc/letsencrypt/live/xy.eu/fullchain.pem";
    				key = "/etc/letsencrypt/live/xy.eu/privkey.pem";
                          }
                 }
              }

    http_ports = { 5280 }
    http_interfaces = { "localhost" }
 
    https_ports = { 5281 }
    https_interfaces = { "localhost" }

    https_ssl = {
  	certificate = "/etc/letsencrypt/live/xy.eu/fullchain.pem";
        key = "/etc/letsencrypt/live/xy.eu/privkey.pem";
    }

Also you should try customizing the letsencrypt rights, that prosody can read the cert and key:
chown -R root:ssl-cert /etc/letsencrypt
chmod g+r -R /etc/letsencrypt
chmod g+x /etc/letsencrypt/{archive,live}


(Bhaktibhoj) #3

Which file should present if we use godaddy instead of letsencrypt. As I dont have fullchain.pem?