file will be saved to: /etc/letsencrypt/renewal/www.echisethiopia.org.conf
open /etc/nginx/sites-available/echis_commcare
Add or Replace the following lines:
ssl_certificate /etc/letsencrypt/live/www.echisethiopia.org/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/www.echisethiopia.org/privkey.pem;
And it works fine!
Now am getting a warning on check_services output: That is
/home/cchq/www/echis/releases/2019-10-26_17.12/python_env-3.6/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: Advanced Usage - urllib3 2.0.3 documentation
InsecureRequestWarning)
(ansible) ansible@echis0:~/.commcare-cloud/repo$ cchq echis django-manage check_services
ssh 172.19.3.41 -o UserKnownHostsFile=/home/ansible/commcare-cloud/environments/echis/known_hosts 'su$
o -u cchq bash -c "cd /home/cchq/www/echis/current; python_env-3.6/bin/python manage.py check_service$
"'
Ubuntu 18.04.3 LTS
/home/cchq/www/echis/releases/2019-10-28_14.37/python_env-3.6/lib/python3.6/site-packages/psycopg2/$
nit.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to k$
ep installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://$ nitd.org/psycopg/docs/install.html#binary-install-from-pypi>.
""")
2019-10-30 07:26:40,532 INFO AXES: BEGIN LOG
SUCCESS (Took 0.32s) kafka : Kafka seems to be in order
SUCCESS (Took 0.01s) redis : Redis is up and using 175.09M memory
SUCCESS (Took 0.03s) postgres : default:commcarehq:OK p1:commcarehq_p1:OK p2:commcarehq_p2:OK
p3:commcarehq_p3:OK p4:commcarehq_p4:OK p5:commcarehq_p5:OK p6:commcarehq_p6:OK p7:commcarehq_p7:OK p$
:commcarehq_p8:OK proxy:commcarehq_proxy:OK synclogs:commcarehq_synclogs:OK ucr:commcarehq_ucr:OK Succ
essfully got a user from postgres
SUCCESS (Took 0.02s) couch : Successfully queried an arbitrary couch view
FAILURE (Took 0.01s) celery : celery has been blocked for 1 day, 16:07:55.272015 (max allowe
d is 0:01:00)
ucr_queue has been blocked for 1 day, 16:07:55.260036 (max allowed is 1:00:00)
SUCCESS (Took 0.00s) heartbeat : OK
SUCCESS (Took 0.03s) elasticsearch : Successfully sent a doc to ES and read it back
SUCCESS (Took 0.19s) blobdb : Successfully saved a file to the blobdb
SUCCESS (Took 0.02s) formplayer : Formplayer returned a 200 status code
SUCCESS (Took 0.01s) rabbitmq : RabbitMQ OK
/home/cchq/www/echis/releases/2019-10-28_14.37/python_env-3.6/lib/python3.6/site-packages/urllib3/conn
ectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate
verification is strongly advised. See: Advanced Usage - urllib3 2.0.3 documentation
l-warnings
InsecureRequestWarning)
Thanks, Demisew, I see what warning now. It's nothing to be concerned with.
The formplayer server check specifically skips certificate validation when checking uptime, which raises this warning. The reason for that is so the check will function during server setup, even before a trusted certificate is applied. That request only pings a publicly accessible status endpoint - no confidential information is passed.
Here's where the request is made. I'll see if it's straightforward to disable that warning.