Install fails on fresh Debian 12 installation

Hello,

This is from an attempt to install on a freshly installed (or at least unused) Debian 12. Python has been upgraded, but as far as I remember nothing else has been touched.

Here are the errors I’m struggling with:

137:M 17 Mar 2024 16:21:01.235 # Warning: Could not create server TCP listening socket *:6379: bind: Address already in use
137:M 17 Mar 2024 16:21:01.235 # Failed listening on port 6379 (TCP), aborting.

2024/03/17 16:20:43 socat[18] E connect(6, AF=1 “/shared/postgres_run/.s.PGSQL.5432”, 36): No such file or directory

#<Thread:0x00007f2b43a68d60 /var/www/discourse/lib/tasks/maxminddb.rake:62 run> terminated with exception (report_on_exception is true):
/var/www/discourse/lib/discourse_ip_info.rb:48:in mmdb_download': undefined method path’ for nil:NilClass (NoMethodError)

filename = File.basename(gz_file.path)
                                ^^^^^
    from /var/www/discourse/lib/tasks/maxminddb.rake:67:in `block (3 levels) in <main>'
    from /var/www/discourse/lib/tasks/maxminddb.rake:65:in `each'
    from /var/www/discourse/lib/tasks/maxminddb.rake:65:in `block (2 levels) in <main>'
FAILED
--------------------
Pups::ExecError: cd /var/www/discourse && su discourse -c 'bundle exec rake themes:update assets:precompile' failed with return #<Process::Status: pid 3336 exit 1>
Location of failure: /usr/local/lib/ruby/gems/3.2.0/gems/pups-1.2.1/lib/pups/exec_command.rb:132:in `spawn'
exec failed with the params {"cd"=>"$home", "hook"=>"assets_precompile", "cmd"=>["su discourse -c 'bundle exec rake themes:update assets:precompile'"]}
bootstrap failed with exit code 1
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.
619974b6c74197dbc9967aeaba0a6f730518b76df52b706b769a4a7a6b1dad97
root@vpsd:/var/discourse#

Full debug: Pastebin Online - AppDevTools

The ports are available:

root@vpsd:~# lsof -i:6379
root@vpsd:~# lsof -i:443
root@vpsd:~# lsof -i:80

ipchains table:
(no modifications have been done there)

iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

Hello, I am having the same issue with Debian 12.

Sharing full install logs in case it helps: Untitled (7mjaes0e) - PasteCode.io

Fixed it by installing Ubuntu 22 instead and then removing the MaxMind API key. You can try removing the API key and see if that solves it.

I removed the MaxMind API key and was able to get it to finish install. However, on startup, I keep getting an error related to letsencrypt being throttled and then missing files related to ssl.

[Mon 18 Mar 2024 05:50:19 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 18 Mar 2024 05:50:19 AM UTC] Single domain='forums.alliedadmins.com'
[Mon 18 Mar 2024 05:50:19 AM UTC] Getting domain auth token for each domain
[Mon 18 Mar 2024 05:50:20 AM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/",
  "status": 429
}
[Mon 18 Mar 2024 05:50:20 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Can't open ca.cer for reading, No such file or directory
139915733439808:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('ca.cer','r')
139915733439808:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
Error loading file /dev/fd/63

Edit: I should add that I also waited an hour for the throttling to stop but it still must’ve looped erroneously because it still throws that error after a minute or two.

You’ll need to wait a week or try a different subdomain.

2 Likes

Oh wow, had no idea it put a cooldown of a week. I’ll give it a go in 7 days from now. Thanks for letting me know.

1 Like

Hello, so I waited much longer than a week and I’m still getting this error after the first attempt.
Here’s the error message in the logs:

run-parts: executing /etc/runit/1.d/letsencrypt
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
[Sun 12 May 2024 08:58:48 PM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun 12 May 2024 08:58:48 PM UTC] Create account key ok.
[Sun 12 May 2024 08:58:48 PM UTC] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Sun 12 May 2024 08:58:49 PM UTC] Registered
[Sun 12 May 2024 08:58:49 PM UTC] ACCOUNT_THUMBPRINT='[REDACTED]'
[Sun 12 May 2024 08:58:49 PM UTC] Creating domain key
[Sun 12 May 2024 08:58:49 PM UTC] The domain key is here: /shared/letsencrypt/[REDACTED]/[REDACTED].key
[Sun 12 May 2024 08:58:49 PM UTC] Single domain='[REDACTED]'
[Sun 12 May 2024 08:58:49 PM UTC] Getting domain auth token for each domain
[Sun 12 May 2024 08:58:50 PM UTC] Getting webroot for domain='[REDACTED]'
[Sun 12 May 2024 08:58:50 PM UTC] Verifying: [REDACTED]
[Sun 12 May 2024 08:58:50 PM UTC] Pending, The CA is processing your order, please just wait. (1/30)
[Sun 12 May 2024 08:58:53 PM UTC] forums.alliedadmins.com:Verify error:[REDACTED]: Fetching http://[REDACTED]/.well-known/acme-challenge/[REDACTED]: Connection refused
[Sun 12 May 2024 08:58:53 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Can't open ca.cer for reading, No such file or directory
140138822399296:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('ca.cer','r')
140138822399296:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
unable to load certificate
Error loading file /dev/fd/63

Any advice/suggestions would be appreciated.

This is your problem.

it appears that something is keeping let’s encrypt from vising the URL that you have changed. Is something blocking port 80? Do you have cloudflare with orange cloud?

Nothing blocking it, firewall allows port 80, it’s on a public-facing vhost. Not using Cloudflare. :frowning:

[Sun 12 May 2024 08:58:50 PM UTC] Pending, The CA is processing your order, please just wait. (1/30)
[Sun 12 May 2024 08:58:53 PM UTC] forums.alliedadmins.com:Verify error:74.91.113.188: Fetching http://forums.alliedadmins.com/.well-known/acme-challenge/[REDACTED]: Connection refused

Did you run discourse-setup? And it passed the test there?

Where did you get those logs?

Yes, I ran discourse-setup and followed the prompts, leaving the maxmind field empty. I obtained the logs by running: /var/discourse/launcher logs app

My best guess would be that dns hadn’t propagated, but if you still have the error I don’t have any good ideas

DNS was set weeks ago so that’s not it, either. :frowning:
I’m not sure, either. It’s a shame you can’t configure certbot on the host server and have discourse point to the location of the certificate files. After a week has passed, I’ll try certbot --standalone and see how that goes on the local box.

You can Set up Let’s Encrypt with multiple domains / redirects; you can add another subdomain and get a fresh cert, if that’s the problem. and you can also use your own cert