HTTPS on erpnext

Hi,

I am trying following this link(https://frappe.github.io/frappe/user/en/bench/guides/lets-encrypt-ssl-setup.html) to get https up on my erpnext. I am getting below error. the host is acme-v01.api.letsencrypt.org not reachable. Is there any fix for the below problem?

frappe@mywebsite:~/frappe-bench$ sudo -H bench setup lets-encrypt mywebsite.in
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
INFO:bench.utils:sudo systemctl stop nginx
INFO:bench.utils:/opt/certbot-auto --config /etc/letsencrypt/configs/mywebsite.in.cfg certonly
WARNING: unable to check for updates.
The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fa8f3e519d0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution’,))
Please see the logfiles in /var/log/letsencrypt for more details.
INFO:bench.utils:sudo systemctl start nginx
There was a problem trying to setup SSL for your site
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 11, in
load_entry_point(‘bench’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/.bench/bench/cli.py”, line 40, in cli
bench_command()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 722, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 697, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 535, in invoke
return callback(*args, **kwargs)
File “/home/frappe/.bench/bench/commands/setup.py”, line 104, in setup_letsencrypt
setup_letsencrypt(site, custom_domain, bench_path=’.’)
File “/home/frappe/.bench/bench/config/lets_encrypt.py”, line 42, in setup_letsencrypt
setup_crontab()
File “/home/frappe/.bench/bench/config/lets_encrypt.py”, line 89, in setup_crontab
user_crontab.write()
File “/usr/local/lib/python2.7/dist-packages/crontab.py”, line 335, in write
raise IOError(“Please specify user or filename to write.”)
IOError: Please specify user or filename to write.

Seems like your connection failed. Can you try again?

Hi rmehta,

i tried multiple times, no luck . I saw this thread https://github.com/requests/requests/issues/1198, is this related?

thanks
Giri

We use this config on unbuntu with nginx in the /etc/nginx/sites-available/frappe-bench.conf.

upstream frappe-bench-frappe {
server 127.0.0.1:8000 fail_timeout=0;

}

upstream frappe-bench-socketio-server {
server 127.0.0.1:9000 fail_timeout=0;
}

setup maps

server blocks

server {
listen 443;
server_name
server.company.com
;

root /home/frappe/frappe-bench/sites;
    ssl on;
ssl_certificate      /etc/nginx/conf.d/ssl/server.company.com.crt;
ssl_certificate_key  /etc/nginx/conf.d/ssl/server.company.com.key;
ssl_session_timeout  5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers   on;




location /assets {
	try_files $uri =404;
}

location ~ ^/protected/(.*) {
	internal;
	try_files /$host/$1 =404;
}

location /socket.io {
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Frappe-Site-Name $host;
	proxy_set_header Origin $scheme://$http_host;
	proxy_set_header Host $host;

	proxy_pass http://frappe-bench-socketio-server;
}

location / {
	try_files /$host/public/$uri @webserver;
}

location @webserver {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Frappe-Site-Name $host;
	proxy_set_header Host $host;
	proxy_set_header X-Use-X-Accel-Redirect True;
	proxy_read_timeout 120;
	proxy_redirect off;

	proxy_pass  http://frappe-bench-frappe;
}

# error pages
error_page 502 /502.html;
location /502.html {
	root /home/frappe/.bench/bench/config/templates;
	internal;
}

# optimizations
sendfile on;
keepalive_timeout 15;
client_max_body_size 50m;
client_body_buffer_size 16K;
client_header_buffer_size 1k;

# enable gzip compresion
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/rss+xml
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/font-woff
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/svg+xml
	image/x-icon
	text/css
	text/plain
	text/x-component
	;
	# text/html is always compressed by HttpGzipModule

}

http to https redirect

server {
    listen 80;
	server_name
		server.company.com
		;

    return 301 https://$host$request_uri?$query_string;
}