subject:"Bug#940270\: mumble\-server\: Server fails to start with valid SSL Certs enabled."

Bug#940270: mumble-server: Server fails to start with valid SSL Certs enabled.

2019-09-17 Thread Chris Knadle

Andrew Lawrence DeMarsh:
> Package: mumble-server
> Version: 1.3.0~git20190125.440b173+dfsg-2
> Severity: important
> 
> Dear Maintainer,
> 
> When adding SSL Certs from LetsEncrypt to the mumble server that was
> operating with self signed certs it was found that the Server would
> fail to start up with the following error:
> 
> root@mumble:/# murmurd -ini /etc/mumble-server.ini -v
> 2019-09-14 23:40:58.428 SSL: OpenSSL version is 'OpenSSL 1.1.1c  28 May 
> 2019'
> 2019-09-14 23:40:58.428 Initializing settings from 
> /etc/mumble-ff-server.ini (basepath /etc) 
>  
> 2019-09-14 23:40:58.430 MetaParams: Failed to find certificate matching 
> private key.
> 2019-09-14 23:40:58.430 MetaParams: Failed to load SSL settings. See 
> previous errors.
> 
> This is not a permissions issue as the certificates are in roots home folder 
> and it is running as root.
> These are standard SSL Cert from letsencrypt recieved using acme.sh.

It's unusual to run mumble-server/murmur as root, and also unusual to have SSL
certificates in the root user home folder.  Mumble is typically started as root
but then the user switched to the user listed in the configuration file in
/etc/mumble-server.ini.  The default setting is: "uname=mumble-server".
Have you set the 'uname' setting to "root"?

The Mumble wiki has some LetsEncrypt instructions here:
   https://wiki.mumble.info/wiki/Obtaining_a_Let%27s_Encrypt_Murmur_Certificate

note that the instructions above discuss the folders in the path needing
"directory execute permissions" for the server to be able to read the 
certificates.

Other users have had issues getting mumble-server with LetsEncrypt certificates
but eventually got it working after discussing it in the #mumble IRC channel on
irc.freenode.net.  If you get the chance to ask there I think they can help
debug the issue further.

  -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#940270: mumble-server: Server fails to start with valid SSL Certs enabled.

2019-09-14 Thread Andrew Lawrence DeMarsh

Package: mumble-server
Version: 1.3.0~git20190125.440b173+dfsg-2
Severity: important

Dear Maintainer,

When adding SSL Certs from LetsEncrypt to the mumble server that was
operating with self signed certs it was found that the Server would
fail to start up with the following error:

root@mumble:/# murmurd -ini /etc/mumble-server.ini -v
2019-09-14 23:40:58.428 SSL: OpenSSL version is 'OpenSSL 1.1.1c  28 May 2019'
2019-09-14 23:40:58.428 Initializing settings from /etc/mumble-ff-server.ini 
(basepath /etc) 
 
2019-09-14 23:40:58.430 MetaParams: Failed to find certificate matching 
private key.
2019-09-14 23:40:58.430 MetaParams: Failed to load SSL settings. See 
previous errors.

This is not a permissions issue as the certificates are in roots home folder 
and it is running as root.
These are standard SSL Cert from letsencrypt recieved using acme.sh.

despite every action I have taken until this point I cannot seem to get the 
server to start with these ssl
certs enabled. commenting the ssl section out the server starts up fine.

Please note that we use a systemd unit file not the standard startup provided 
because
of Systemd not respecting Sysv init script dependancies. this is not the 
problem.  
 
*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-cloud-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mumble-server depends on:
ii  adduser3.118
ii  debconf [debconf-2.0]  1.5.71
ii  libavahi-client3   0.7-4+b1
ii  libavahi-common3   0.7-4+b1
ii  libavahi-compat-libdnssd1  0.7-4+b1
ii  libc6  2.28-10
ii  libcap21:2.25-2
ii  libgcc11:8.3.0-6
ii  libprotobuf17  3.6.1.3-2
ii  libqt5core5a   5.11.3+dfsg1-1
ii  libqt5dbus55.11.3+dfsg1-1
ii  libqt5network5 5.11.3+dfsg1-1
ii  libqt5sql5 5.11.3+dfsg1-1
ii  libqt5sql5-sqlite  5.11.3+dfsg1-1
ii  libqt5xml5 5.11.3+dfsg1-1
ii  libssl1.1  1.1.1c-1
ii  libstdc++6 8.3.0-6
ii  libzeroc-ice3.73.7.2-4
ii  lsb-base   10.2019051400

mumble-server recommends no packages.

mumble-server suggests no packages.

-- Configuration Files:
/etc/default/mumble-server changed:
MURMUR_USE_CAPABILITIES=1

/etc/init.d/mumble-server [Errno 2] No such file or directory: 
'/etc/init.d/mumble-server'
/etc/mumble-server.ini [Errno 13] Permission denied: '/etc/mumble-server.ini'

-- debconf information:
* mumble-server/use_capabilities: true
* mumble-server/start_daemon: true

Bug#940270: mumble-server: Server fails to start with valid SSL Certs enabled.

Bug#940270: mumble-server: Server fails to start with valid SSL Certs enabled.

2 matches

Site Navigation

Mail list logo

Footer information