email account admin@warrgames.net

I'm not sure which service you were using to obtain your certificate, but I'd recommend using Let's Encrypt moving forward, if possible. In testing this out, I was able to input my personal email address when prompted, which is unassociated with my registered domain.

You can follow along with our guide, Install Let's Encrypt to Create SSL Certificates, for step-by-step instructions on how to complete this process.

I purchased an ssl certificate from ssls and used their script letsencrypt certonly. Your link says "deprecated". I click for the updated and it says "deprecated" again. Click that and I get a page with a Certbot link. What will that do to the purchased ssl certificate? What I need to do is have access to emails sent to admin@warrgames.net. warrgames.net is hosted on LInode.

In reading through SSLs site, it sounds like they're unable to send emails unassociated to your domain for security purposes, as unassociated emails are not permitted by the Certificate Authority. You can read more about this on their help page. This page also offers a solution to specifying another email address, but that, too, has to be linked to your domain.

So, unless you have already set up admin@warrgames.net, you will not have access to that email, since it doesn't exist. You have a few options, here:

1. Eat the cost of your purchased SSL certificate, and get a free certificate through Certbot following instructions directly from their page.
2. Set up email for your domain, and use your purchased certificate. This could mean additional costs, depending on which service you use. You'd have to search around to figure out what's best for you.
   For example:

• You can use paid services, like Gmail
• You can try free services, like migadu
• You could set up a mail server on Linode (involved, and would cost $5/month for a Nanode): Create an Email Server with Mail-in-a-Box

Neither option is ideal, so I'd recommend choosing whichever option would benefit you most in the long-run in terms of time and cost investment.

I purchased an ssl certificate from ssls and used their script letsencrypt certonly.

I’m confused.

Let’s Encrypt issues free certificates, so why is SSLs charging you to use a free certificate authority? I couldn’t find anything in their site that suggests they use Let’s Encrypt for paid certs, though.

If warrgames.com is hosted on Linode, it’s likely they’ve looked up the IP for the domain, then done a reverse IP on that and maybe found an old record for that IP. If you let me know the domain name you requested the cert to be issued for, Ill happily do some digging.

I would certainly contact SSLs though - if the request to that email hasn’t been acknowledged, no cert will have been issued so they should be able to give you a refund.

Then we can either try and find why it’s no linking to your correct email address, or you just get your money back and get a free Let’s Encrypt one.

@swarr22 --

I agree with @andysh, Lets Encrypt certs are totally free. You can set one up yourself and you can use an email address you already have for the admin contact.

Tell SSLs you want your money back. They're ripping you off…

-- sw

The email problem is no longer a problem, but I have two others. I went to ssls.com because my trial with the free Let's Encrypt reached a stone wall and I reasoned that I would get more support from a paid service. I think that was right because I got what I believe is reasonable advice. It doesn't work yet, but I'll talk about that problem after I deal with the more pressing issue. In the process of configuring the ssl certificate neither www.warrgames.net nor warrgames.net open the website. It displays:

warrgames.net
refused to connect
ERROR_CONNECTION_REFUSED

var/www/html/index.html is the presumed location of the start point.
Until I began with the ssl there was no problem index.html opened its page smoothly.

Entering
ls -l

-rw-r--r-- 1 root root 2660 Aug 20 16:27 error.log
-rw-r--r-- 1 root root 6277 Aug 19 14:05 index.html
-rw-r--r-- 1 root root 612 Jul 27 11:48 index.nginx-debian.html

In var/www
ls -l

drwxrwxrwx 3 root root 4096 Aug 21 09:07 html

The servers and the subdomains still execute:

198.58.115.171:2000

and

198.58.115.171:50001

work fine.

Any ideas you have will be appreciated.

The email problem is no longer a problem, but I have two others. I went to ssls.com because my trial with the free Let's Encrypt reached a stone wall and I reasoned that I would get more support from a paid service. I think that was right because I got what I believe is reasonable advice. It doesn't work yet, but I'll talk about that problem after I deal with the more pressing issue. In the process of configuring the ssl certificate neither www.warrgames.net nor warrgames.net open the website. It displays:

warrgames.net
refused to connect
ERROR_CONNECTION_REFUSED

var/www/html/index.html is the presumed location of the start point.
Until I began with the ssl there was no problem index.html opened its page smoothly.

Entering
ls -l

-rw-r--r-- 1 root root 2660 Aug 20 16:27 error.log
-rw-r--r-- 1 root root 6277 Aug 19 14:05 index.html
-rw-r--r-- 1 root root 612 Jul 27 11:48 index.nginx-debian.html

In var/www
ls -l

drwxrwxrwx 3 root root 4096 Aug 21 09:07 html

The servers and the subdomains still execute:

198.58.115.171:2000

and

198.58.115.171:50001

work fine.

Any ideas you have will be appreciated.

@swarr22 - It looks like you've created a new post for these questions. We've responded with an answer on your new question.

More on the failure of entering the URL warrgames.net to open the website:

Based on this community post: https://www.linode.com/community/questions/323/my-linode-is-unreachable-after-maintenance
I did the following:

systemctl list-units --type=service

UNIT LOAD ACTIVE SUB DESCRIPTION
accounts-daemon.service loaded active running Accounts Service
● apache2.service loaded failed failed The Apache HTTP Server

(the above was in red. everything else seemed fine)

sudo service apache2 restart

Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

systemctl status apache2.service

● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Mon 2020-08-24 09:15:49 CDT; 2min 16s ago
Process: 16035 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

journalctl -xe

Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal' can see all messages.

Pass -q to turn off this notice.

-- The start-up result is RESULT.
Aug 22 12:09:41 warrgames systemd[890]: Reached target Default.
-- Subject: Unit UNIT has finished start-up
-- Defined-By: systemd

-- Support: http://www.ubuntu.com/support

-- Unit UNIT has finished starting up.

-- The start-up result is RESULT.
Aug 22 12:09:41 warrgames systemd[890]: Startup finished in 57ms.
-- Subject: User manager start-up is now complete
-- Defined-By: systemd

-- Support: http://www.ubuntu.com/support

-- The user manager instance for user 1000 has been started. All services queued
-- for starting have been started. Note that other services might still be starting

-- up or be started at any later time.

-- Startup of the manager took 57672 microseconds.
Aug 22 12:57:41 warrgames sudo[2032]: pam_unix(sudo:auth): authentication failure; logname=swarr22 uid
Aug 22 17:38:07 warrgames sudo[8564]: pam_unix(sudo:auth): authentication failure; logname=swarr22 uid
Aug 23 13:45:36 warrgames sudo[28830]: pam_unix(sudo:auth): authentication failure; logname=swarr22 ui

I DON'T KNOW HOW TO PROCEED FROM HERE

@swarr22 --

The correct way to start/stop apache2 is as follows:

sudo systemctl <operation> apache2

Where <operation> is one of start, stop, status or restart.

Since you say that:

198.58.115.171:2000
 
and
 
198.58.115.171:50001

still work, I'm assuming these are some kind of REST services that don't need a general-purpose web-server. I'm still puzzled as to what you're trying to do…

When systemctl fails to start apache2, it usually means that your Apache configuration is faulty (I'd say 99.9% of the time). You can check the validity of your Apache configuration with:

sudo /usr/sbin/apache2 -t

The results will be fairly explicit in describing errors. DANGER WILL ROBINSON some of what it says may be innocuous (undefined environment variables, directories that you don't use that don't exist, timeouts you don't use that aren't defined, etc). You'll have to investigate on your own.

For less annoying output, you can use

sudo apachectl configtest

FWIW, this is what I usually use.

-- sw

@swarr22 - The error apache2.service loaded failed failed The Apache HTTP Server indicates that your web server is not running. You will need to start your web server using sudo systemctl restart apache2. If it doesn't start successfully, you'll need to check your web server logs in /var/log/ to determine why the web server isn't able to start. This Serverfault post has more information about how you can investigate the cause of Apache not starting.

Here is what I'm trying to do: This is an online card games program. port 2000 allows players to enter a game ID, name and choose which of three different games. port 50001 is Thunderbolt, one of the games. The index.html is executed by the URL and has some choices, but mainly executes URL:2000. I appreciate your input and I'll work on your advice.

Thank you again stevewi. That did it, the URL works!

….
Now back to another problem, securing it all with ssl.

50001 and 2000 http ports. I tried to open port 443 with the script added to a test server that also opens port 2001 (a game to be secured). It works without the code below, but when I include this code in the same file that opens 2001, it fails with the specified error: (see below for the code and more error details.)
events.js:183
throw er; // Unhandled 'error' event
^

//===============================================================
const https = require ('https');
const fs = require('fs');
var sslPort = 443;
var hostName = "warrgames.net";
const cert= fs.readFileSync('/etc/ssl/certs/warrgames_net.crt');
const ca= fs.readFileSync('/etc/ssl/certs/warrgames_net.ca-bundle');
const key= fs.readFileSync('/etc/ssl/certs/warrgames_net_key.txt');

const httpsServer = https.createServer({cert,ca,key},(req,res) =>
{
res.statusCode = 200;
console.log("res.statusCode "+res.statusCode)
res.setHeader('content-Type', 'text/html')
res.end('HTTPS Server 443')
});
httpsServer.listen(sslPort,hostName);
//==========================================================

The path to the certs are relative to the directory in which the server is executed.
server path /home//swarr22/tbolttest
certs path /etc/ssl/certs
The cert files have the following permissions:
-rw-r--r-- 1 root root 4135 Aug 20 20:58 warrgames_net.ca-bundle
-rwxr-xr-x 1 root root 2049 Aug 19 18:41 warrgames_net.crt
-rw-r--r-- 1 root root 1732 Aug 23 15:00 warrgames_net_key.txt

Execution of the server:
node server 2001

Listening started on Tbolt 2001
heap size = 1.38 GB Tbolt 2001
The process halts with error message:

events.js:183
throw er; // Unhandled 'error' event
^
Error: listen EACCES 198.58.115.171:443
at Object._errnoException (util.js:1022:11)
at _exceptionWithHostPort (util.js:1044:20)
at Server.setupListenHandle as _listen2
at listenInCluster (net.js:1408:12)
at GetAddrInfoReqWrap.doListen as callback
at GetAddrInfoReqWrap.onlookup as oncomplete

This server without the added code for ssl works fine with http.

What?

@swarr22 --

You write:

The path to the certs are relative to the directory in which the server is executed.
 
server path /home//swarr22/tbolttest
 
certs path /etc/ssl/certs

Do you know this for a fact? How? Chances are the server is being executed in some other account and the $HOME directory for that account is not yours. This will absolutely be true if your service(s) are started with systemd (unless you modified the systemd service specification file to reflect what you want)!

I would try not using a relative path here (or anywhere) & see if that helps. Just FYI, if this is how you are reading your cert files:

const cert= fs.readFileSync('/etc/ssl/certs/warrgames_net.crt');
const ca= fs.readFileSync('/etc/ssl/certs/warrgames_net.ca-bundle');
const key= fs.readFileSync('/etc/ssl/certs/warrgames_net_key.txt');

These are all absolute paths (relative to /). If your cert files are located in /home/swarr22/tbolttest/etc/ssl/certs, then your server process(es) are not finding them.

-- sw

These paths are relative to the root (/)

server test path: /home/swarr22/tbolttest

certs path: /etc/ssl/certs

They are NOT in /home/swarr22/tbolttest/etc/ssl/certs

OK after searching for the answer for

events.js:183
throw er; // Unhandled 'error' event

EADDRINUSE 198.58.115.171:443

I discovered that the error means that port 443 is already in use so I changed the port to 8443 and it worked. However, the page is still not secure. Compounding that, I need to run many servers which would probably bring back the same error (with listen 443 in all of them). Should the the call to port 443 be one time in a separate file, while all the other servers (in separate files) connect to it? How would I do that?

In addition to the apache2 path and certs path here is my site structure:

root: /var/www/html/index.html -------------this is warrgames.net
/home/swarr22/Warrgames/node server2000 -----(port 2000)
/home/swarr22/Thunderbolt/node serverTbolt --(ports 50001-50099)
/home/swarr22/Desperation/node server -------(ports 51001-51099)
/home/swarr22/Hearts/node server ------------(ports 52001-52099)
/home/swarr22/tbolttest/node serverTbolt 2001 --test folder

How do I secure all these instances?

The reason port 443 is in use is because Apache is using it. These

/home/swarr22/Warrgames/node server2000 -----(port 2000)
/home/swarr22/Thunderbolt/node serverTbolt --(ports 50001-50099)
/home/swarr22/Desperation/node server -------(ports 51001-51099)
/home/swarr22/Hearts/node server ------------(ports 52001-52099)
/home/swarr22/tbolttest/node serverTbolt 2001 --test folder

are different (since they don't run under the control of the web server). If these ports are only accessible from localhost (using some web server "dispatch" or "forwarding" mechanism), they don't need to be "secured". If these ports are accessible from the open internet, you'll have to modify the coding of the internals of your servers to use SSL/TLS. That's about the best I can do…

— sw