ZoneMinder Forums

ZoneMinder Forums
https://forums.zoneminder.com/

Problem with zmnotification SSL certs

https://forums.zoneminder.com/viewtopic.php?t=30860

Page 1 of 1

Problem with zmnotification SSL certs

Posted: Tue Jun 01, 2021 2:30 pm
by timf
I've been making progress with my upgrade to ZM1.34.26 with event notification.

I have ZM running nicely under HTTPS and have been following the guide on how to install and testzmnotification.


EDITED

When starting it manually in debug I get this fatal error

INF:2021-06-01,16:06:30 PARENT: using secrets file: /etc/zm/secrets.ini
01/06/21 16:06:30.468476 zmeventnotification[27276].INF [main:1022] [PARENT: using secrets file: /etc/zm/secrets.ini]
01/06/21 16:06:30.470918 zmeventnotification[27276].FAT [main:498] [Token:ES_CERT_FILE
/etc/letsencrypt/live/PORTAL/fullchain.pem not found in secret file]
DBG-:2021-06-01,16:06:30 PARENT: Received request to shutdown, please wait

I've edited secrets.ini as per below

ZM_PORTAL=https://PORTAL/zm
ZM_API_PORTAL=https://PORTAL/zm/api
ES_CERT_FILE=/etc/letsencrypt/live/PORTAL/fullchain.pem
ES_KEY_FILE=/etc/letsencrypt/live/PORTAL/privkey.pem

So it seems as though it's there but just not seen ? typo ?

I also ran this but not sure if it was actually needed , maybe it messed something up

sudo openssl req -x509 -nodes -days 4096 -newkey rsa:2048 -keyout /etc/letsencrypt/live/PORTAL/privkey.pem -out /etc/letsencrypt/live/PORTAL/fullchain.pem


Any pointers as to what I'm doing wrong ?

Regards Tim

Re: Problem with zmnotification SSL certs

Posted: Tue Jun 01, 2021 7:42 pm
by timf
I found this in the docs - describes a similar problem and gives a fix - but it didn't work for me :-(

When the notification server is run in web user mode (example sudo -u www-data), the event notification server complains that it cannot find the certificate. The error is something like this:

zmeventnotification[10090].ERR [main:547] [Failed starting server: SSL_cert_file /etc/letsencrypt/live/mysite.net-0001/fullchain.pem does not exist at /usr/share/perl5/vendor_perl/IO/Socket/SSL.pm line 402.]
The problem is read permissions, starting at the root level. Typically doing chown -R www-data:www-data /etc/letsencrypt solves this issue

Re: Problem with zmnotification SSL certs

Posted: Wed Jun 02, 2021 4:06 pm
by timf
still bogged down here but may have uncovered a clue as to what is wrong

as debug complained it could find fullchain.pem in secrets file I changed to cert.perm in both secret and zmnotification.ini files.

Strangely it still reports it can't find fullchain.pem - seems to have ignored my changes to the files !

Any help gratefully received.

Regards Tim
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited