Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Calibre > Server

Notices

Reply
 
Thread Tools Search this Thread
Old 05-05-2021, 02:23 PM   #1
Pachuqismo
Enthusiast
Pachuqismo began at the beginning.
 
Posts: 34
Karma: 10
Join Date: Nov 2009
Device: SM-T820, Galaxy S7
Configuring SSL in Content Server gives Error 13

Hi there,

I'm using Let's Encrypt and get Error 13 when I configure the paths to certificate and key files in Preferences -> Sharing over the net -> Advanced.

If I remove the paths (i.e. no SSL) then the Content Server (CS) starts as it should.

What am I missing?

My temporary solution is to run the CS via a simple script (i.e. bat file) which ask for Administrator priviliges to start the server.

Cheers!

P.S.: I looked in vain for a log but there doesn't seem to be any (e.g. calibre.log, *.log)

Last edited by Pachuqismo; 05-05-2021 at 02:31 PM. Reason: Additional info
Pachuqismo is offline   Reply With Quote
Old 05-05-2021, 09:39 PM   #2
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 43,782
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
That's a permission denied error. Fix the permissions on your certificate and key files. And there is a button in Preferences->Sharing over the net to see the server logs.
kovidgoyal is online now   Reply With Quote
Old 05-06-2021, 03:55 PM   #3
Pachuqismo
Enthusiast
Pachuqismo began at the beginning.
 
Posts: 34
Karma: 10
Join Date: Nov 2009
Device: SM-T820, Galaxy S7
Thanks for your response - I always wonder how much time you must spend filtering through, I guess not only, this forum to help out...

I am owner of the CertBot folder though I realized that it wasn't necessarily inherited to subfolders and I have already ensured full control over the \Certbot\live folder and files. Doesn't that correspond to what you mention as "certificate and key files"?

This is what I have in Advanced Security Settings

[Image deleted - not needed]

Anything missing? (e.g. the Anyone principal; should I select to "Replace all child object permission entries with inheritable permission entries from this object"?, etc.)

Now you mention where the log file is, I remember accessing it there, though lately I just look at the command windows from where I start the Content Server.

Thanks again for your help - time is up to send again some contribution your way.

Among many other things in Calibre, it's excellent the ability to run the Content Server from a command window.

I hope you guys are coping - it's absolutely devastating what's going on in this divided world...

Cheers!

Last edited by Pachuqismo; 05-30-2021 at 12:26 PM. Reason: Capture didn't show; capture deleted
Pachuqismo is offline   Reply With Quote
Old 05-06-2021, 09:02 PM   #4
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 43,782
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
Sorry its been many decades since I have used windows, so that permissions dialog is not very meaningful for me. Make sure to check it for the actual files not just the folder.
kovidgoyal is online now   Reply With Quote
Old 05-07-2021, 01:24 PM   #5
Pachuqismo
Enthusiast
Pachuqismo began at the beginning.
 
Posts: 34
Karma: 10
Join Date: Nov 2009
Device: SM-T820, Galaxy S7
Solved - how to go about it (for anyone else encountering a similar issue).

When using Certbot to handle Lets Encrypt SSL then the

c:\Certbot\live\[your web address]\

contain symbolic links (which I failed to realize) pointing to the latest version of certificate files (cert[x].pem, chain[x].pem, fullchain[x].pem, privkey[x].pem) located in this folder:

c:\Certbot\archive\[your web address]\

The mentioned files are sequentially numbered from the first time they were issued (x = 1).

At least in my case, I had to add myself in Advanced Security Settings, in spite of the existance (in addition to System) of Administrators, Users and Authenticated Users. Make sure permissions are inherited from the 'archive' level so that sequential certificates created by renewals are included.

I'll add more details if the next renewal gives any problems.

Cheers!
Pachuqismo is offline   Reply With Quote
Old 05-23-2021, 11:53 AM   #6
Metapath
Member
Metapath began at the beginning.
 
Posts: 19
Karma: 10
Join Date: Aug 2014
Device: iPad
Pachuqismo, is there a guide here for installing a certificate? Or can you give a brief overview? I'm also using Let's Encrypt certbot but having difficulties.

certbot.exe certonly --standalone command line gives the error: Problem binding to port 80: could not bind to IPv4 or IPv6 (I assumed it failed because I don't use port 80 with calibre. I setup a port forward for 80 to my server but it still failed.)

If I let the server continue to run (it uses port 9090) and issue the command: certbot.exe certonly --webroot and respond with my_domain:9090 it seems to bind without error, but then requests the webroot for my_domain (what's that??)

I'm in over my head. Any help would be appreciated. Thanks!
Metapath is offline   Reply With Quote
Old 05-30-2021, 02:11 PM   #7
Pachuqismo
Enthusiast
Pachuqismo began at the beginning.
 
Posts: 34
Karma: 10
Join Date: Nov 2009
Device: SM-T820, Galaxy S7
@Metapath

"..., is there a guide here for installing a certificate?" I'm not sure if you mean for Calibre or Certbot.

Calibre's Sharing over the net

If the former you've hopefully by now used the search, which should also lead you to Calibre's 'Sharing over the net'. I also find the 'The Calibre Content server' and the 'Command Line Interface' very useful. It's pretty neat that we can run just the 'Content Server', so kudo (again) to kovidgoyal

Certbot

If the latter, then I'm sure you've looked up 'port 80' and if it's closed on your server then you won't get anywhere. As stated, Certbot needs it to check that the address is under your control before allowing to apply the certificate and switch to https - the so-called acme-challenge. I also had to open port 80 in my router and point it to my server. Better check again that it's really open...

I'm not familiar with the webroot option since I didn't use it...

The Let's Encrypt forum appears to be very helpful and perhaps there you can find some useful advice.

As far as a Certbot guide is concerned I can add the following:

The actual procedure to follow (obviously) depends on your particular setup. I'm running Windows 10 Pro on a server, so if your case is similar then just do the following (otherwise select appropiate 'Software' and 'System' in Point 1 below). I cannot say I remember things verbatim, but it's pretty much the following:

-1-
Go https://letsencrypt.org/getting-started/ ,

-2-
where I went with Shell Acces using Certbot ACME client -> https://certbot.eff.org ->

'My HTTP website is running' [None of the above] on [Windows]

'To use Certbot, you'll need...' [check out the requirements] and do the subsequent 'Windows installation procedure'

That is:

Add 2 & 4. Create the certbot in C:\Certbot (preferred folder) and download and install certbot to it. I used an admin command window.

Add 5. I used: certbot certonly --standalone
At this step Certbot will validate doing the acme-challenge

Add 6. The C:\Certbot folder will have 9 subfolders of which 'live' will contain your presently valid certificates to where you want to point Calibre's 'Sharing over the net'

If anyone reads this and has a Netgear router then they may qualify for a free Dynamic DNS with No-ip.com. However, they recently introduced monthly nagging where you have to reconfirm you need it. Certbot works nicely with it.

Cheers!
Pachuqismo is offline   Reply With Quote
Old 06-04-2021, 10:10 AM   #8
Metapath
Member
Metapath began at the beginning.
 
Posts: 19
Karma: 10
Join Date: Aug 2014
Device: iPad
Thanks for the details Pachuqismo. I'm clear on everything except the "website on port 80". Do I need a listener on port 80? How does the acme-challenge verify I have control of the website? I'm not actually running any website other than the calibre content server, and it's not listening on that port. But I may a problem on port 80 as you suggest...let me try your directions...and thanks for giving me the arguments you used with certbot. I'll post my results when I have time to try again.
Metapath is offline   Reply With Quote
Old 06-11-2021, 04:46 PM   #9
Pachuqismo
Enthusiast
Pachuqismo began at the beginning.
 
Posts: 34
Karma: 10
Join Date: Nov 2009
Device: SM-T820, Galaxy S7
@Metapath

Port 80 is a standard port for http, so it's usually open, though a router may, as already mentioned, have closed it, particularly if you are on a LAN (which most of us are these days with desktops, tablets and phones).

As Let's Encrypt states: When you get a certificate from Let's Encrypt, our servers validate that you control the domain names in that certificate using "challenges," as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME client....

In other words, Certbot must be installed on the system you want a certificate for and, in the process of getting it, Certbot will verify that said system's IP address corresponds to the one you are applying for (i.e. you cannot do it for a computer you don't control). The line of communication between your system and Let's Encrypt servers is (at least initially) through port 80.

Cheers!
Pachuqismo is offline   Reply With Quote
Reply

Tags
content server, error 13, ssl, ssl certificate

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
404 error. Server installation and configuration with SSL radioagent Server 1 06-30-2019 08:10 AM
(Solved) Ubuntu 18.10 & Letsencrypt SSL config for content server wanni11 Server 1 03-05-2019 12:39 PM
Calibre with SSL, Content Server not loading aCIDsLAM Calibre 15 06-26-2017 03:16 AM
500 Internal Server Error accessing content server Calibre 0.8.8 DaddyO57 Calibre 1 07-20-2012 06:08 PM
SSL and content server timoco Calibre 2 04-13-2011 10:42 AM


All times are GMT -4. The time now is 04:23 AM.


MobileRead.com is a privately owned, operated and funded community.